diff --git a/go.mod b/go.mod
index 7811236da52a1ea2869571da81a267bf38a5be03..226b23372c93a67d36135133144f646884c47276 100644
--- a/go.mod
+++ b/go.mod
@@ -3,16 +3,18 @@ module git.autistici.org/pipelines/tools/urepo
go 1.19
require (
+ github.com/ProtonMail/go-crypto v1.1.5
github.com/gofrs/flock v0.8.1
- golang.org/x/crypto v0.15.0
gopkg.in/yaml.v3 v3.0.1
pault.ag/go/debian v0.16.0
)
require (
+ github.com/cloudflare/circl v1.3.7 // indirect
github.com/kjk/lzma v0.0.0-20161016003348-3fd93898850d // indirect
github.com/klauspost/compress v1.16.5 // indirect
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
- golang.org/x/sys v0.14.0 // indirect
+ golang.org/x/crypto v0.32.0 // indirect
+ golang.org/x/sys v0.29.0 // indirect
pault.ag/go/topsort v0.1.1 // indirect
)
diff --git a/go.sum b/go.sum
index 8db4b827b9703bb3fbcc506db0d514e6365706f4..e32f0f077a74c75d3170888cf38443ea0523b5df 100644
--- a/go.sum
+++ b/go.sum
@@ -1,3 +1,7 @@
+github.com/ProtonMail/go-crypto v1.1.5 h1:eoAQfK2dwL+tFSFpr7TbOaPNUbPiJj4fLYwwGE1FQO4=
+github.com/ProtonMail/go-crypto v1.1.5/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE=
+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
github.com/kjk/lzma v0.0.0-20161016003348-3fd93898850d h1:RnWZeH8N8KXfbwMTex/KKMYMj0FJRCF6tQubUuQ02GM=
@@ -6,28 +10,14 @@ github.com/klauspost/compress v1.16.5 h1:IFV2oUNUzZaz+XyusxpLzpzS8Pt5rh0Z16For/d
github.com/klauspost/compress v1.16.5/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE=
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 h1:nIPpBwaJSVYIxUFsDv3M8ofmx9yWTog9BfvIu0q41lo=
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos=
-golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g=
-golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0=
-golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
-golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/crypto v0.15.0 h1:frVn1TEaCEaZcn3Tmd7Y2b5KKPaZ+I32Q2OA3kYp5TA=
-golang.org/x/crypto v0.15.0/go.mod h1:4ChreQoLWfG3xLDer1WdlH5NdlQ3+mwnQq1YTKY+72g=
-golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
-golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
-golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.14.0 h1:Vz7Qs629MkJkGyHxUlRHizWJRG2j8fbQKjELVSNhy7Q=
-golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
+golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-pault.ag/go/debian v0.15.0 h1:x2VLkGx/nTvGdgW0+FzFSgQZKt7zo9zSVYkikRjNTns=
-pault.ag/go/debian v0.15.0/go.mod h1:JFl0XWRCv9hWBrB5MDDZjA5GSEs1X3zcFK/9kCNIUmE=
pault.ag/go/debian v0.16.0 h1:fivXn/IO9rn2nzTGndflDhOkNU703Axs/StWihOeU2g=
pault.ag/go/debian v0.16.0/go.mod h1:JFl0XWRCv9hWBrB5MDDZjA5GSEs1X3zcFK/9kCNIUmE=
pault.ag/go/topsort v0.1.1 h1:L0QnhUly6LmTv0e3DEzbN2q6/FGgAcQvaEw65S53Bg4=
diff --git a/io.go b/io.go
index a024860dc78371bd6f68b5187c1ea40120080b6c..36e7d2675a7b496a3ff52d25bdaec62602531dd4 100644
--- a/io.go
+++ b/io.go
@@ -12,9 +12,9 @@ import (
"os/exec"
"path/filepath"
- "golang.org/x/crypto/openpgp"
- "golang.org/x/crypto/openpgp/clearsign"
- "golang.org/x/crypto/openpgp/packet"
+ "github.com/ProtonMail/go-crypto/openpgp"
+ "github.com/ProtonMail/go-crypto/openpgp/clearsign"
+ "github.com/ProtonMail/go-crypto/openpgp/packet"
"pault.ag/go/debian/control"
"pault.ag/go/debian/deb"
"pault.ag/go/debian/hashio"
diff --git a/io_test.go b/io_test.go
index 3019d7608e4fc7512f30b46d2708ef5feec9d135..e5ba22b9001f52012e01dfd4f8a5b346398f6706 100644
--- a/io_test.go
+++ b/io_test.go
@@ -7,8 +7,8 @@ import (
"path/filepath"
"testing"
- "golang.org/x/crypto/openpgp"
- "golang.org/x/crypto/openpgp/clearsign"
+ "github.com/ProtonMail/go-crypto/openpgp"
+ "github.com/ProtonMail/go-crypto/openpgp/clearsign"
)
func checkDetachedSignature(t *testing.T, e *openpgp.Entity, path string) {
@@ -22,7 +22,7 @@ func checkDetachedSignature(t *testing.T, e *openpgp.Entity, path string) {
var keyring openpgp.EntityList
keyring = append(keyring, e)
- _, err := openpgp.CheckArmoredDetachedSignature(keyring, f, s)
+ _, err := openpgp.CheckArmoredDetachedSignature(keyring, f, s, nil)
if err != nil {
t.Fatalf("CheckArmoredDetachedSignature(%s): %v", path, err)
}
@@ -42,7 +42,8 @@ func checkInlineSignature(t *testing.T, e *openpgp.Entity, path string) {
}
_, err := openpgp.CheckDetachedSignature(keyring,
bytes.NewReader(block.Bytes),
- block.ArmoredSignature.Body)
+ block.ArmoredSignature.Body,
+ nil)
if err != nil {
t.Fatalf("block.VerifySignature(%s): %v", path, err)
}
diff --git a/urepo.go b/urepo.go
index 74424b04cc946d42ceddb4ef02487fedbae655f7..e8fc92630998b2b5c3efdff68588f976a92d096a 100644
--- a/urepo.go
+++ b/urepo.go
@@ -19,7 +19,7 @@ import (
"time"
"github.com/gofrs/flock"
- "golang.org/x/crypto/openpgp"
+ "github.com/ProtonMail/go-crypto/openpgp"
"gopkg.in/yaml.v3"
"pault.ag/go/debian/control"
"pault.ag/go/debian/dependency"
diff --git a/vendor/github.com/ProtonMail/go-crypto/AUTHORS b/vendor/github.com/ProtonMail/go-crypto/AUTHORS
new file mode 100644
index 0000000000000000000000000000000000000000..2b00ddba0dfee1022198444c16670d443840ef86
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/AUTHORS
@@ -0,0 +1,3 @@
+# This source code refers to The Go Authors for copyright purposes.
+# The master list of authors is in the main Go distribution,
+# visible at https://tip.golang.org/AUTHORS.
diff --git a/vendor/github.com/ProtonMail/go-crypto/CONTRIBUTORS b/vendor/github.com/ProtonMail/go-crypto/CONTRIBUTORS
new file mode 100644
index 0000000000000000000000000000000000000000..1fbd3e976faf5af5bbd1d8268a70399234969ae4
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/CONTRIBUTORS
@@ -0,0 +1,3 @@
+# This source code was written by the Go contributors.
+# The master list of contributors is in the main Go distribution,
+# visible at https://tip.golang.org/CONTRIBUTORS.
diff --git a/vendor/github.com/ProtonMail/go-crypto/LICENSE b/vendor/github.com/ProtonMail/go-crypto/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..6a66aea5eafe0ca6a688840c47219556c552488e
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+ * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/ProtonMail/go-crypto/PATENTS b/vendor/github.com/ProtonMail/go-crypto/PATENTS
new file mode 100644
index 0000000000000000000000000000000000000000..733099041f84fa1e58611ab2e11af51c1f26d1d2
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go. This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation. If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/vendor/github.com/ProtonMail/go-crypto/bitcurves/bitcurve.go b/vendor/github.com/ProtonMail/go-crypto/bitcurves/bitcurve.go
new file mode 100644
index 0000000000000000000000000000000000000000..c85e6befecabdc274141f1c330c3933abe0b4f38
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/bitcurves/bitcurve.go
@@ -0,0 +1,381 @@
+package bitcurves
+
+// Copyright 2010 The Go Authors. All rights reserved.
+// Copyright 2011 ThePiachu. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package bitelliptic implements several Koblitz elliptic curves over prime
+// fields.
+
+// This package operates, internally, on Jacobian coordinates. For a given
+// (x, y) position on the curve, the Jacobian coordinates are (x1, y1, z1)
+// where x = x1/z1² and y = y1/z1³. The greatest speedups come when the whole
+// calculation can be performed within the transform (as in ScalarMult and
+// ScalarBaseMult). But even for Add and Double, it's faster to apply and
+// reverse the transform than to operate in affine coordinates.
+
+import (
+ "crypto/elliptic"
+ "io"
+ "math/big"
+ "sync"
+)
+
+// A BitCurve represents a Koblitz Curve with a=0.
+// See http://www.hyperelliptic.org/EFD/g1p/auto-shortw.html
+type BitCurve struct {
+ Name string
+ P *big.Int // the order of the underlying field
+ N *big.Int // the order of the base point
+ B *big.Int // the constant of the BitCurve equation
+ Gx, Gy *big.Int // (x,y) of the base point
+ BitSize int // the size of the underlying field
+}
+
+// Params returns the parameters of the given BitCurve (see BitCurve struct)
+func (bitCurve *BitCurve) Params() (cp *elliptic.CurveParams) {
+ cp = new(elliptic.CurveParams)
+ cp.Name = bitCurve.Name
+ cp.P = bitCurve.P
+ cp.N = bitCurve.N
+ cp.Gx = bitCurve.Gx
+ cp.Gy = bitCurve.Gy
+ cp.BitSize = bitCurve.BitSize
+ return cp
+}
+
+// IsOnCurve returns true if the given (x,y) lies on the BitCurve.
+func (bitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool {
+ // y² = x³ + b
+ y2 := new(big.Int).Mul(y, y) //y²
+ y2.Mod(y2, bitCurve.P) //y²%P
+
+ x3 := new(big.Int).Mul(x, x) //x²
+ x3.Mul(x3, x) //x³
+
+ x3.Add(x3, bitCurve.B) //x³+B
+ x3.Mod(x3, bitCurve.P) //(x³+B)%P
+
+ return x3.Cmp(y2) == 0
+}
+
+// affineFromJacobian reverses the Jacobian transform. See the comment at the
+// top of the file.
+func (bitCurve *BitCurve) affineFromJacobian(x, y, z *big.Int) (xOut, yOut *big.Int) {
+ if z.Cmp(big.NewInt(0)) == 0 {
+ panic("bitcurve: Can't convert to affine with Jacobian Z = 0")
+ }
+ // x = YZ^2 mod P
+ zinv := new(big.Int).ModInverse(z, bitCurve.P)
+ zinvsq := new(big.Int).Mul(zinv, zinv)
+
+ xOut = new(big.Int).Mul(x, zinvsq)
+ xOut.Mod(xOut, bitCurve.P)
+ // y = YZ^3 mod P
+ zinvsq.Mul(zinvsq, zinv)
+ yOut = new(big.Int).Mul(y, zinvsq)
+ yOut.Mod(yOut, bitCurve.P)
+ return xOut, yOut
+}
+
+// Add returns the sum of (x1,y1) and (x2,y2)
+func (bitCurve *BitCurve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int) {
+ z := new(big.Int).SetInt64(1)
+ x, y, z := bitCurve.addJacobian(x1, y1, z, x2, y2, z)
+ return bitCurve.affineFromJacobian(x, y, z)
+}
+
+// addJacobian takes two points in Jacobian coordinates, (x1, y1, z1) and
+// (x2, y2, z2) and returns their sum, also in Jacobian form.
+func (bitCurve *BitCurve) addJacobian(x1, y1, z1, x2, y2, z2 *big.Int) (*big.Int, *big.Int, *big.Int) {
+ // See http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-add-2007-bl
+ z1z1 := new(big.Int).Mul(z1, z1)
+ z1z1.Mod(z1z1, bitCurve.P)
+ z2z2 := new(big.Int).Mul(z2, z2)
+ z2z2.Mod(z2z2, bitCurve.P)
+
+ u1 := new(big.Int).Mul(x1, z2z2)
+ u1.Mod(u1, bitCurve.P)
+ u2 := new(big.Int).Mul(x2, z1z1)
+ u2.Mod(u2, bitCurve.P)
+ h := new(big.Int).Sub(u2, u1)
+ if h.Sign() == -1 {
+ h.Add(h, bitCurve.P)
+ }
+ i := new(big.Int).Lsh(h, 1)
+ i.Mul(i, i)
+ j := new(big.Int).Mul(h, i)
+
+ s1 := new(big.Int).Mul(y1, z2)
+ s1.Mul(s1, z2z2)
+ s1.Mod(s1, bitCurve.P)
+ s2 := new(big.Int).Mul(y2, z1)
+ s2.Mul(s2, z1z1)
+ s2.Mod(s2, bitCurve.P)
+ r := new(big.Int).Sub(s2, s1)
+ if r.Sign() == -1 {
+ r.Add(r, bitCurve.P)
+ }
+ r.Lsh(r, 1)
+ v := new(big.Int).Mul(u1, i)
+
+ x3 := new(big.Int).Set(r)
+ x3.Mul(x3, x3)
+ x3.Sub(x3, j)
+ x3.Sub(x3, v)
+ x3.Sub(x3, v)
+ x3.Mod(x3, bitCurve.P)
+
+ y3 := new(big.Int).Set(r)
+ v.Sub(v, x3)
+ y3.Mul(y3, v)
+ s1.Mul(s1, j)
+ s1.Lsh(s1, 1)
+ y3.Sub(y3, s1)
+ y3.Mod(y3, bitCurve.P)
+
+ z3 := new(big.Int).Add(z1, z2)
+ z3.Mul(z3, z3)
+ z3.Sub(z3, z1z1)
+ if z3.Sign() == -1 {
+ z3.Add(z3, bitCurve.P)
+ }
+ z3.Sub(z3, z2z2)
+ if z3.Sign() == -1 {
+ z3.Add(z3, bitCurve.P)
+ }
+ z3.Mul(z3, h)
+ z3.Mod(z3, bitCurve.P)
+
+ return x3, y3, z3
+}
+
+// Double returns 2*(x,y)
+func (bitCurve *BitCurve) Double(x1, y1 *big.Int) (*big.Int, *big.Int) {
+ z1 := new(big.Int).SetInt64(1)
+ return bitCurve.affineFromJacobian(bitCurve.doubleJacobian(x1, y1, z1))
+}
+
+// doubleJacobian takes a point in Jacobian coordinates, (x, y, z), and
+// returns its double, also in Jacobian form.
+func (bitCurve *BitCurve) doubleJacobian(x, y, z *big.Int) (*big.Int, *big.Int, *big.Int) {
+ // See http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l
+
+ a := new(big.Int).Mul(x, x) //X1²
+ b := new(big.Int).Mul(y, y) //Y1²
+ c := new(big.Int).Mul(b, b) //B²
+
+ d := new(big.Int).Add(x, b) //X1+B
+ d.Mul(d, d) //(X1+B)²
+ d.Sub(d, a) //(X1+B)²-A
+ d.Sub(d, c) //(X1+B)²-A-C
+ d.Mul(d, big.NewInt(2)) //2*((X1+B)²-A-C)
+
+ e := new(big.Int).Mul(big.NewInt(3), a) //3*A
+ f := new(big.Int).Mul(e, e) //E²
+
+ x3 := new(big.Int).Mul(big.NewInt(2), d) //2*D
+ x3.Sub(f, x3) //F-2*D
+ x3.Mod(x3, bitCurve.P)
+
+ y3 := new(big.Int).Sub(d, x3) //D-X3
+ y3.Mul(e, y3) //E*(D-X3)
+ y3.Sub(y3, new(big.Int).Mul(big.NewInt(8), c)) //E*(D-X3)-8*C
+ y3.Mod(y3, bitCurve.P)
+
+ z3 := new(big.Int).Mul(y, z) //Y1*Z1
+ z3.Mul(big.NewInt(2), z3) //3*Y1*Z1
+ z3.Mod(z3, bitCurve.P)
+
+ return x3, y3, z3
+}
+
+// TODO: double check if it is okay
+// ScalarMult returns k*(Bx,By) where k is a number in big-endian form.
+func (bitCurve *BitCurve) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int) {
+ // We have a slight problem in that the identity of the group (the
+ // point at infinity) cannot be represented in (x, y) form on a finite
+ // machine. Thus the standard add/double algorithm has to be tweaked
+ // slightly: our initial state is not the identity, but x, and we
+ // ignore the first true bit in |k|. If we don't find any true bits in
+ // |k|, then we return nil, nil, because we cannot return the identity
+ // element.
+
+ Bz := new(big.Int).SetInt64(1)
+ x := Bx
+ y := By
+ z := Bz
+
+ seenFirstTrue := false
+ for _, byte := range k {
+ for bitNum := 0; bitNum < 8; bitNum++ {
+ if seenFirstTrue {
+ x, y, z = bitCurve.doubleJacobian(x, y, z)
+ }
+ if byte&0x80 == 0x80 {
+ if !seenFirstTrue {
+ seenFirstTrue = true
+ } else {
+ x, y, z = bitCurve.addJacobian(Bx, By, Bz, x, y, z)
+ }
+ }
+ byte <<= 1
+ }
+ }
+
+ if !seenFirstTrue {
+ return nil, nil
+ }
+
+ return bitCurve.affineFromJacobian(x, y, z)
+}
+
+// ScalarBaseMult returns k*G, where G is the base point of the group and k is
+// an integer in big-endian form.
+func (bitCurve *BitCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int) {
+ return bitCurve.ScalarMult(bitCurve.Gx, bitCurve.Gy, k)
+}
+
+var mask = []byte{0xff, 0x1, 0x3, 0x7, 0xf, 0x1f, 0x3f, 0x7f}
+
+// TODO: double check if it is okay
+// GenerateKey returns a public/private key pair. The private key is generated
+// using the given reader, which must return random data.
+func (bitCurve *BitCurve) GenerateKey(rand io.Reader) (priv []byte, x, y *big.Int, err error) {
+ byteLen := (bitCurve.BitSize + 7) >> 3
+ priv = make([]byte, byteLen)
+
+ for x == nil {
+ _, err = io.ReadFull(rand, priv)
+ if err != nil {
+ return
+ }
+ // We have to mask off any excess bits in the case that the size of the
+ // underlying field is not a whole number of bytes.
+ priv[0] &= mask[bitCurve.BitSize%8]
+ // This is because, in tests, rand will return all zeros and we don't
+ // want to get the point at infinity and loop forever.
+ priv[1] ^= 0x42
+ x, y = bitCurve.ScalarBaseMult(priv)
+ }
+ return
+}
+
+// Marshal converts a point into the form specified in section 4.3.6 of ANSI
+// X9.62.
+func (bitCurve *BitCurve) Marshal(x, y *big.Int) []byte {
+ byteLen := (bitCurve.BitSize + 7) >> 3
+
+ ret := make([]byte, 1+2*byteLen)
+ ret[0] = 4 // uncompressed point
+
+ xBytes := x.Bytes()
+ copy(ret[1+byteLen-len(xBytes):], xBytes)
+ yBytes := y.Bytes()
+ copy(ret[1+2*byteLen-len(yBytes):], yBytes)
+ return ret
+}
+
+// Unmarshal converts a point, serialised by Marshal, into an x, y pair. On
+// error, x = nil.
+func (bitCurve *BitCurve) Unmarshal(data []byte) (x, y *big.Int) {
+ byteLen := (bitCurve.BitSize + 7) >> 3
+ if len(data) != 1+2*byteLen {
+ return
+ }
+ if data[0] != 4 { // uncompressed form
+ return
+ }
+ x = new(big.Int).SetBytes(data[1 : 1+byteLen])
+ y = new(big.Int).SetBytes(data[1+byteLen:])
+ return
+}
+
+//curve parameters taken from:
+//http://www.secg.org/collateral/sec2_final.pdf
+
+var initonce sync.Once
+var secp160k1 *BitCurve
+var secp192k1 *BitCurve
+var secp224k1 *BitCurve
+var secp256k1 *BitCurve
+
+func initAll() {
+ initS160()
+ initS192()
+ initS224()
+ initS256()
+}
+
+func initS160() {
+ // See SEC 2 section 2.4.1
+ secp160k1 = new(BitCurve)
+ secp160k1.Name = "secp160k1"
+ secp160k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 16)
+ secp160k1.N, _ = new(big.Int).SetString("0100000000000000000001B8FA16DFAB9ACA16B6B3", 16)
+ secp160k1.B, _ = new(big.Int).SetString("0000000000000000000000000000000000000007", 16)
+ secp160k1.Gx, _ = new(big.Int).SetString("3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", 16)
+ secp160k1.Gy, _ = new(big.Int).SetString("938CF935318FDCED6BC28286531733C3F03C4FEE", 16)
+ secp160k1.BitSize = 160
+}
+
+func initS192() {
+ // See SEC 2 section 2.5.1
+ secp192k1 = new(BitCurve)
+ secp192k1.Name = "secp192k1"
+ secp192k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", 16)
+ secp192k1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 16)
+ secp192k1.B, _ = new(big.Int).SetString("000000000000000000000000000000000000000000000003", 16)
+ secp192k1.Gx, _ = new(big.Int).SetString("DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", 16)
+ secp192k1.Gy, _ = new(big.Int).SetString("9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", 16)
+ secp192k1.BitSize = 192
+}
+
+func initS224() {
+ // See SEC 2 section 2.6.1
+ secp224k1 = new(BitCurve)
+ secp224k1.Name = "secp224k1"
+ secp224k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", 16)
+ secp224k1.N, _ = new(big.Int).SetString("010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 16)
+ secp224k1.B, _ = new(big.Int).SetString("00000000000000000000000000000000000000000000000000000005", 16)
+ secp224k1.Gx, _ = new(big.Int).SetString("A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", 16)
+ secp224k1.Gy, _ = new(big.Int).SetString("7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", 16)
+ secp224k1.BitSize = 224
+}
+
+func initS256() {
+ // See SEC 2 section 2.7.1
+ secp256k1 = new(BitCurve)
+ secp256k1.Name = "secp256k1"
+ secp256k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", 16)
+ secp256k1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 16)
+ secp256k1.B, _ = new(big.Int).SetString("0000000000000000000000000000000000000000000000000000000000000007", 16)
+ secp256k1.Gx, _ = new(big.Int).SetString("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", 16)
+ secp256k1.Gy, _ = new(big.Int).SetString("483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", 16)
+ secp256k1.BitSize = 256
+}
+
+// S160 returns a BitCurve which implements secp160k1 (see SEC 2 section 2.4.1)
+func S160() *BitCurve {
+ initonce.Do(initAll)
+ return secp160k1
+}
+
+// S192 returns a BitCurve which implements secp192k1 (see SEC 2 section 2.5.1)
+func S192() *BitCurve {
+ initonce.Do(initAll)
+ return secp192k1
+}
+
+// S224 returns a BitCurve which implements secp224k1 (see SEC 2 section 2.6.1)
+func S224() *BitCurve {
+ initonce.Do(initAll)
+ return secp224k1
+}
+
+// S256 returns a BitCurve which implements bitcurves (see SEC 2 section 2.7.1)
+func S256() *BitCurve {
+ initonce.Do(initAll)
+ return secp256k1
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/brainpool/brainpool.go b/vendor/github.com/ProtonMail/go-crypto/brainpool/brainpool.go
new file mode 100644
index 0000000000000000000000000000000000000000..cb6676de24b1c276429ae2c828f8e0130b61524d
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/brainpool/brainpool.go
@@ -0,0 +1,134 @@
+// Package brainpool implements Brainpool elliptic curves.
+// Implementation of rcurves is from github.com/ebfe/brainpool
+// Note that these curves are implemented with naive, non-constant time operations
+// and are likely not suitable for environments where timing attacks are a concern.
+package brainpool
+
+import (
+ "crypto/elliptic"
+ "math/big"
+ "sync"
+)
+
+var (
+ once sync.Once
+ p256t1, p384t1, p512t1 *elliptic.CurveParams
+ p256r1, p384r1, p512r1 *rcurve
+)
+
+func initAll() {
+ initP256t1()
+ initP384t1()
+ initP512t1()
+ initP256r1()
+ initP384r1()
+ initP512r1()
+}
+
+func initP256t1() {
+ p256t1 = &elliptic.CurveParams{Name: "brainpoolP256t1"}
+ p256t1.P, _ = new(big.Int).SetString("A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", 16)
+ p256t1.N, _ = new(big.Int).SetString("A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", 16)
+ p256t1.B, _ = new(big.Int).SetString("662C61C430D84EA4FE66A7733D0B76B7BF93EBC4AF2F49256AE58101FEE92B04", 16)
+ p256t1.Gx, _ = new(big.Int).SetString("A3E8EB3CC1CFE7B7732213B23A656149AFA142C47AAFBC2B79A191562E1305F4", 16)
+ p256t1.Gy, _ = new(big.Int).SetString("2D996C823439C56D7F7B22E14644417E69BCB6DE39D027001DABE8F35B25C9BE", 16)
+ p256t1.BitSize = 256
+}
+
+func initP256r1() {
+ twisted := p256t1
+ params := &elliptic.CurveParams{
+ Name: "brainpoolP256r1",
+ P: twisted.P,
+ N: twisted.N,
+ BitSize: twisted.BitSize,
+ }
+ params.Gx, _ = new(big.Int).SetString("8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", 16)
+ params.Gy, _ = new(big.Int).SetString("547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", 16)
+ z, _ := new(big.Int).SetString("3E2D4BD9597B58639AE7AA669CAB9837CF5CF20A2C852D10F655668DFC150EF0", 16)
+ p256r1 = newrcurve(twisted, params, z)
+}
+
+func initP384t1() {
+ p384t1 = &elliptic.CurveParams{Name: "brainpoolP384t1"}
+ p384t1.P, _ = new(big.Int).SetString("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123ACD3A729901D1A71874700133107EC53", 16)
+ p384t1.N, _ = new(big.Int).SetString("8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7CF3AB6AF6B7FC3103B883202E9046565", 16)
+ p384t1.B, _ = new(big.Int).SetString("7F519EADA7BDA81BD826DBA647910F8C4B9346ED8CCDC64E4B1ABD11756DCE1D2074AA263B88805CED70355A33B471EE", 16)
+ p384t1.Gx, _ = new(big.Int).SetString("18DE98B02DB9A306F2AFCD7235F72A819B80AB12EBD653172476FECD462AABFFC4FF191B946A5F54D8D0AA2F418808CC", 16)
+ p384t1.Gy, _ = new(big.Int).SetString("25AB056962D30651A114AFD2755AD336747F93475B7A1FCA3B88F2B6A208CCFE469408584DC2B2912675BF5B9E582928", 16)
+ p384t1.BitSize = 384
+}
+
+func initP384r1() {
+ twisted := p384t1
+ params := &elliptic.CurveParams{
+ Name: "brainpoolP384r1",
+ P: twisted.P,
+ N: twisted.N,
+ BitSize: twisted.BitSize,
+ }
+ params.Gx, _ = new(big.Int).SetString("1D1C64F068CF45FFA2A63A81B7C13F6B8847A3E77EF14FE3DB7FCAFE0CBD10E8E826E03436D646AAEF87B2E247D4AF1E", 16)
+ params.Gy, _ = new(big.Int).SetString("8ABE1D7520F9C2A45CB1EB8E95CFD55262B70B29FEEC5864E19C054FF99129280E4646217791811142820341263C5315", 16)
+ z, _ := new(big.Int).SetString("41DFE8DD399331F7166A66076734A89CD0D2BCDB7D068E44E1F378F41ECBAE97D2D63DBC87BCCDDCCC5DA39E8589291C", 16)
+ p384r1 = newrcurve(twisted, params, z)
+}
+
+func initP512t1() {
+ p512t1 = &elliptic.CurveParams{Name: "brainpoolP512t1"}
+ p512t1.P, _ = new(big.Int).SetString("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA703308717D4D9B009BC66842AECDA12AE6A380E62881FF2F2D82C68528AA6056583A48F3", 16)
+ p512t1.N, _ = new(big.Int).SetString("AADD9DB8DBE9C48B3FD4E6AE33C9FC07CB308DB3B3C9D20ED6639CCA70330870553E5C414CA92619418661197FAC10471DB1D381085DDADDB58796829CA90069", 16)
+ p512t1.B, _ = new(big.Int).SetString("7CBBBCF9441CFAB76E1890E46884EAE321F70C0BCB4981527897504BEC3E36A62BCDFA2304976540F6450085F2DAE145C22553B465763689180EA2571867423E", 16)
+ p512t1.Gx, _ = new(big.Int).SetString("640ECE5C12788717B9C1BA06CBC2A6FEBA85842458C56DDE9DB1758D39C0313D82BA51735CDB3EA499AA77A7D6943A64F7A3F25FE26F06B51BAA2696FA9035DA", 16)
+ p512t1.Gy, _ = new(big.Int).SetString("5B534BD595F5AF0FA2C892376C84ACE1BB4E3019B71634C01131159CAE03CEE9D9932184BEEF216BD71DF2DADF86A627306ECFF96DBB8BACE198B61E00F8B332", 16)
+ p512t1.BitSize = 512
+}
+
+func initP512r1() {
+ twisted := p512t1
+ params := &elliptic.CurveParams{
+ Name: "brainpoolP512r1",
+ P: twisted.P,
+ N: twisted.N,
+ BitSize: twisted.BitSize,
+ }
+ params.Gx, _ = new(big.Int).SetString("81AEE4BDD82ED9645A21322E9C4C6A9385ED9F70B5D916C1B43B62EEF4D0098EFF3B1F78E2D0D48D50D1687B93B97D5F7C6D5047406A5E688B352209BCB9F822", 16)
+ params.Gy, _ = new(big.Int).SetString("7DDE385D566332ECC0EABFA9CF7822FDF209F70024A57B1AA000C55B881F8111B2DCDE494A5F485E5BCA4BD88A2763AED1CA2B2FA8F0540678CD1E0F3AD80892", 16)
+ z, _ := new(big.Int).SetString("12EE58E6764838B69782136F0F2D3BA06E27695716054092E60A80BEDB212B64E585D90BCE13761F85C3F1D2A64E3BE8FEA2220F01EBA5EEB0F35DBD29D922AB", 16)
+ p512r1 = newrcurve(twisted, params, z)
+}
+
+// P256t1 returns a Curve which implements Brainpool P256t1 (see RFC 5639, section 3.4)
+func P256t1() elliptic.Curve {
+ once.Do(initAll)
+ return p256t1
+}
+
+// P256r1 returns a Curve which implements Brainpool P256r1 (see RFC 5639, section 3.4)
+func P256r1() elliptic.Curve {
+ once.Do(initAll)
+ return p256r1
+}
+
+// P384t1 returns a Curve which implements Brainpool P384t1 (see RFC 5639, section 3.6)
+func P384t1() elliptic.Curve {
+ once.Do(initAll)
+ return p384t1
+}
+
+// P384r1 returns a Curve which implements Brainpool P384r1 (see RFC 5639, section 3.6)
+func P384r1() elliptic.Curve {
+ once.Do(initAll)
+ return p384r1
+}
+
+// P512t1 returns a Curve which implements Brainpool P512t1 (see RFC 5639, section 3.7)
+func P512t1() elliptic.Curve {
+ once.Do(initAll)
+ return p512t1
+}
+
+// P512r1 returns a Curve which implements Brainpool P512r1 (see RFC 5639, section 3.7)
+func P512r1() elliptic.Curve {
+ once.Do(initAll)
+ return p512r1
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/brainpool/rcurve.go b/vendor/github.com/ProtonMail/go-crypto/brainpool/rcurve.go
new file mode 100644
index 0000000000000000000000000000000000000000..7e291d6aa4e3d6d591e31245461fa3a91594f3be
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/brainpool/rcurve.go
@@ -0,0 +1,83 @@
+package brainpool
+
+import (
+ "crypto/elliptic"
+ "math/big"
+)
+
+var _ elliptic.Curve = (*rcurve)(nil)
+
+type rcurve struct {
+ twisted elliptic.Curve
+ params *elliptic.CurveParams
+ z *big.Int
+ zinv *big.Int
+ z2 *big.Int
+ z3 *big.Int
+ zinv2 *big.Int
+ zinv3 *big.Int
+}
+
+var (
+ two = big.NewInt(2)
+ three = big.NewInt(3)
+)
+
+func newrcurve(twisted elliptic.Curve, params *elliptic.CurveParams, z *big.Int) *rcurve {
+ zinv := new(big.Int).ModInverse(z, params.P)
+ return &rcurve{
+ twisted: twisted,
+ params: params,
+ z: z,
+ zinv: zinv,
+ z2: new(big.Int).Exp(z, two, params.P),
+ z3: new(big.Int).Exp(z, three, params.P),
+ zinv2: new(big.Int).Exp(zinv, two, params.P),
+ zinv3: new(big.Int).Exp(zinv, three, params.P),
+ }
+}
+
+func (curve *rcurve) toTwisted(x, y *big.Int) (*big.Int, *big.Int) {
+ var tx, ty big.Int
+ tx.Mul(x, curve.z2)
+ tx.Mod(&tx, curve.params.P)
+ ty.Mul(y, curve.z3)
+ ty.Mod(&ty, curve.params.P)
+ return &tx, &ty
+}
+
+func (curve *rcurve) fromTwisted(tx, ty *big.Int) (*big.Int, *big.Int) {
+ var x, y big.Int
+ x.Mul(tx, curve.zinv2)
+ x.Mod(&x, curve.params.P)
+ y.Mul(ty, curve.zinv3)
+ y.Mod(&y, curve.params.P)
+ return &x, &y
+}
+
+func (curve *rcurve) Params() *elliptic.CurveParams {
+ return curve.params
+}
+
+func (curve *rcurve) IsOnCurve(x, y *big.Int) bool {
+ return curve.twisted.IsOnCurve(curve.toTwisted(x, y))
+}
+
+func (curve *rcurve) Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int) {
+ tx1, ty1 := curve.toTwisted(x1, y1)
+ tx2, ty2 := curve.toTwisted(x2, y2)
+ return curve.fromTwisted(curve.twisted.Add(tx1, ty1, tx2, ty2))
+}
+
+func (curve *rcurve) Double(x1, y1 *big.Int) (x, y *big.Int) {
+ return curve.fromTwisted(curve.twisted.Double(curve.toTwisted(x1, y1)))
+}
+
+func (curve *rcurve) ScalarMult(x1, y1 *big.Int, scalar []byte) (x, y *big.Int) {
+ tx1, ty1 := curve.toTwisted(x1, y1)
+ return curve.fromTwisted(curve.twisted.ScalarMult(tx1, ty1, scalar))
+}
+
+func (curve *rcurve) ScalarBaseMult(scalar []byte) (x, y *big.Int) {
+ return curve.fromTwisted(curve.twisted.ScalarBaseMult(scalar))
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/eax/eax.go b/vendor/github.com/ProtonMail/go-crypto/eax/eax.go
new file mode 100644
index 0000000000000000000000000000000000000000..3ae91d594cd7eb28b6301ca4fb62b58c5b75a979
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/eax/eax.go
@@ -0,0 +1,162 @@
+// Copyright (C) 2019 ProtonTech AG
+
+// Package eax provides an implementation of the EAX
+// (encrypt-authenticate-translate) mode of operation, as described in
+// Bellare, Rogaway, and Wagner "THE EAX MODE OF OPERATION: A TWO-PASS
+// AUTHENTICATED-ENCRYPTION SCHEME OPTIMIZED FOR SIMPLICITY AND EFFICIENCY."
+// In FSE'04, volume 3017 of LNCS, 2004
+package eax
+
+import (
+ "crypto/cipher"
+ "crypto/subtle"
+ "errors"
+ "github.com/ProtonMail/go-crypto/internal/byteutil"
+)
+
+const (
+ defaultTagSize = 16
+ defaultNonceSize = 16
+)
+
+type eax struct {
+ block cipher.Block // Only AES-{128, 192, 256} supported
+ tagSize int // At least 12 bytes recommended
+ nonceSize int
+}
+
+func (e *eax) NonceSize() int {
+ return e.nonceSize
+}
+
+func (e *eax) Overhead() int {
+ return e.tagSize
+}
+
+// NewEAX returns an EAX instance with AES-{KEYLENGTH} and default nonce and
+// tag lengths. Supports {128, 192, 256}- bit key length.
+func NewEAX(block cipher.Block) (cipher.AEAD, error) {
+ return NewEAXWithNonceAndTagSize(block, defaultNonceSize, defaultTagSize)
+}
+
+// NewEAXWithNonceAndTagSize returns an EAX instance with AES-{keyLength} and
+// given nonce and tag lengths in bytes. Panics on zero nonceSize and
+// exceedingly long tags.
+//
+// It is recommended to use at least 12 bytes as tag length (see, for instance,
+// NIST SP 800-38D).
+//
+// Only to be used for compatibility with existing cryptosystems with
+// non-standard parameters. For all other cases, prefer NewEAX.
+func NewEAXWithNonceAndTagSize(
+ block cipher.Block, nonceSize, tagSize int) (cipher.AEAD, error) {
+ if nonceSize < 1 {
+ return nil, eaxError("Cannot initialize EAX with nonceSize = 0")
+ }
+ if tagSize > block.BlockSize() {
+ return nil, eaxError("Custom tag length exceeds blocksize")
+ }
+ return &eax{
+ block: block,
+ tagSize: tagSize,
+ nonceSize: nonceSize,
+ }, nil
+}
+
+func (e *eax) Seal(dst, nonce, plaintext, adata []byte) []byte {
+ if len(nonce) > e.nonceSize {
+ panic("crypto/eax: Nonce too long for this instance")
+ }
+ ret, out := byteutil.SliceForAppend(dst, len(plaintext)+e.tagSize)
+ omacNonce := e.omacT(0, nonce)
+ omacAdata := e.omacT(1, adata)
+
+ // Encrypt message using CTR mode and omacNonce as IV
+ ctr := cipher.NewCTR(e.block, omacNonce)
+ ciphertextData := out[:len(plaintext)]
+ ctr.XORKeyStream(ciphertextData, plaintext)
+
+ omacCiphertext := e.omacT(2, ciphertextData)
+
+ tag := out[len(plaintext):]
+ for i := 0; i < e.tagSize; i++ {
+ tag[i] = omacCiphertext[i] ^ omacNonce[i] ^ omacAdata[i]
+ }
+ return ret
+}
+
+func (e *eax) Open(dst, nonce, ciphertext, adata []byte) ([]byte, error) {
+ if len(nonce) > e.nonceSize {
+ panic("crypto/eax: Nonce too long for this instance")
+ }
+ if len(ciphertext) < e.tagSize {
+ return nil, eaxError("Ciphertext shorter than tag length")
+ }
+ sep := len(ciphertext) - e.tagSize
+
+ // Compute tag
+ omacNonce := e.omacT(0, nonce)
+ omacAdata := e.omacT(1, adata)
+ omacCiphertext := e.omacT(2, ciphertext[:sep])
+
+ tag := make([]byte, e.tagSize)
+ for i := 0; i < e.tagSize; i++ {
+ tag[i] = omacCiphertext[i] ^ omacNonce[i] ^ omacAdata[i]
+ }
+
+ // Compare tags
+ if subtle.ConstantTimeCompare(ciphertext[sep:], tag) != 1 {
+ return nil, eaxError("Tag authentication failed")
+ }
+
+ // Decrypt ciphertext
+ ret, out := byteutil.SliceForAppend(dst, len(ciphertext))
+ ctr := cipher.NewCTR(e.block, omacNonce)
+ ctr.XORKeyStream(out, ciphertext[:sep])
+
+ return ret[:sep], nil
+}
+
+// Tweakable OMAC - Calls OMAC_K([t]_n || plaintext)
+func (e *eax) omacT(t byte, plaintext []byte) []byte {
+ blockSize := e.block.BlockSize()
+ byteT := make([]byte, blockSize)
+ byteT[blockSize-1] = t
+ concat := append(byteT, plaintext...)
+ return e.omac(concat)
+}
+
+func (e *eax) omac(plaintext []byte) []byte {
+ blockSize := e.block.BlockSize()
+ // L ← E_K(0^n); B ← 2L; P ← 4L
+ L := make([]byte, blockSize)
+ e.block.Encrypt(L, L)
+ B := byteutil.GfnDouble(L)
+ P := byteutil.GfnDouble(B)
+
+ // CBC with IV = 0
+ cbc := cipher.NewCBCEncrypter(e.block, make([]byte, blockSize))
+ padded := e.pad(plaintext, B, P)
+ cbcCiphertext := make([]byte, len(padded))
+ cbc.CryptBlocks(cbcCiphertext, padded)
+
+ return cbcCiphertext[len(cbcCiphertext)-blockSize:]
+}
+
+func (e *eax) pad(plaintext, B, P []byte) []byte {
+ // if |M| in {n, 2n, 3n, ...}
+ blockSize := e.block.BlockSize()
+ if len(plaintext) != 0 && len(plaintext)%blockSize == 0 {
+ return byteutil.RightXor(plaintext, B)
+ }
+
+ // else return (M || 1 || 0^(n−1−(|M| % n))) xor→ P
+ ending := make([]byte, blockSize-len(plaintext)%blockSize)
+ ending[0] = 0x80
+ padded := append(plaintext, ending...)
+ return byteutil.RightXor(padded, P)
+}
+
+func eaxError(err string) error {
+ return errors.New("crypto/eax: " + err)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/eax/eax_test_vectors.go b/vendor/github.com/ProtonMail/go-crypto/eax/eax_test_vectors.go
new file mode 100644
index 0000000000000000000000000000000000000000..ddb53d07905cfca51977ff6cd5f467b9ffb32f70
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/eax/eax_test_vectors.go
@@ -0,0 +1,58 @@
+package eax
+
+// Test vectors from
+// https://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf
+var testVectors = []struct {
+ msg, key, nonce, header, ciphertext string
+}{
+ {"",
+ "233952DEE4D5ED5F9B9C6D6FF80FF478",
+ "62EC67F9C3A4A407FCB2A8C49031A8B3",
+ "6BFB914FD07EAE6B",
+ "E037830E8389F27B025A2D6527E79D01"},
+ {"F7FB",
+ "91945D3F4DCBEE0BF45EF52255F095A4",
+ "BECAF043B0A23D843194BA972C66DEBD",
+ "FA3BFD4806EB53FA",
+ "19DD5C4C9331049D0BDAB0277408F67967E5"},
+ {"1A47CB4933",
+ "01F74AD64077F2E704C0F60ADA3DD523",
+ "70C3DB4F0D26368400A10ED05D2BFF5E",
+ "234A3463C1264AC6",
+ "D851D5BAE03A59F238A23E39199DC9266626C40F80"},
+ {"481C9E39B1",
+ "D07CF6CBB7F313BDDE66B727AFD3C5E8",
+ "8408DFFF3C1A2B1292DC199E46B7D617",
+ "33CCE2EABFF5A79D",
+ "632A9D131AD4C168A4225D8E1FF755939974A7BEDE"},
+ {"40D0C07DA5E4",
+ "35B6D0580005BBC12B0587124557D2C2",
+ "FDB6B06676EEDC5C61D74276E1F8E816",
+ "AEB96EAEBE2970E9",
+ "071DFE16C675CB0677E536F73AFE6A14B74EE49844DD"},
+ {"4DE3B35C3FC039245BD1FB7D",
+ "BD8E6E11475E60B268784C38C62FEB22",
+ "6EAC5C93072D8E8513F750935E46DA1B",
+ "D4482D1CA78DCE0F",
+ "835BB4F15D743E350E728414ABB8644FD6CCB86947C5E10590210A4F"},
+ {"8B0A79306C9CE7ED99DAE4F87F8DD61636",
+ "7C77D6E813BED5AC98BAA417477A2E7D",
+ "1A8C98DCD73D38393B2BF1569DEEFC19",
+ "65D2017990D62528",
+ "02083E3979DA014812F59F11D52630DA30137327D10649B0AA6E1C181DB617D7F2"},
+ {"1BDA122BCE8A8DBAF1877D962B8592DD2D56",
+ "5FFF20CAFAB119CA2FC73549E20F5B0D",
+ "DDE59B97D722156D4D9AFF2BC7559826",
+ "54B9F04E6A09189A",
+ "2EC47B2C4954A489AFC7BA4897EDCDAE8CC33B60450599BD02C96382902AEF7F832A"},
+ {"6CF36720872B8513F6EAB1A8A44438D5EF11",
+ "A4A4782BCFFD3EC5E7EF6D8C34A56123",
+ "B781FCF2F75FA5A8DE97A9CA48E522EC",
+ "899A175897561D7E",
+ "0DE18FD0FDD91E7AF19F1D8EE8733938B1E8E7F6D2231618102FDB7FE55FF1991700"},
+ {"CA40D7446E545FFAED3BD12A740A659FFBBB3CEAB7",
+ "8395FCF1E95BEBD697BD010BC766AAC3",
+ "22E7ADD93CFC6393C57EC0B3C17D6B44",
+ "126735FCC320D25A",
+ "CB8920F87A6C75CFF39627B56E3ED197C552D295A7CFC46AFC253B4652B1AF3795B124AB6E"},
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/eax/random_vectors.go b/vendor/github.com/ProtonMail/go-crypto/eax/random_vectors.go
new file mode 100644
index 0000000000000000000000000000000000000000..4eb19f28d9c44be15cb373c7af9abdea1a18486f
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/eax/random_vectors.go
@@ -0,0 +1,131 @@
+// These vectors include key length in {128, 192, 256}, tag size 128, and
+// random nonce, header, and plaintext lengths.
+
+// This file was automatically generated.
+
+package eax
+
+var randomVectors = []struct {
+ key, nonce, header, plaintext, ciphertext string
+}{
+ {"DFDE093F36B0356E5A81F609786982E3",
+ "1D8AC604419001816905BA72B14CED7E",
+ "152A1517A998D7A24163FCDD146DE81AC347C8B97088F502093C1ABB8F6E33D9A219C34D7603A18B1F5ABE02E56661B7D7F67E81EC08C1302EF38D80A859486D450E94A4F26AD9E68EEBBC0C857A0FC5CF9E641D63D565A7E361BC8908F5A8DC8FD6",
+ "1C8EAAB71077FE18B39730A3156ADE29C5EE824C7EE86ED2A253B775603FB237116E654F6FEC588DD27F523A0E01246FE73FE348491F2A8E9ABC6CA58D663F71CDBCF4AD798BE46C42AE6EE8B599DB44A1A48D7BBBBA0F7D2750181E1C5E66967F7D57CBD30AFBDA5727",
+ "79E7E150934BBEBF7013F61C60462A14D8B15AF7A248AFB8A344EF021C1500E16666891D6E973D8BB56B71A371F12CA34660C4410C016982B20F547E3762A58B7BF4F20236CADCF559E2BE7D783B13723B2741FC7CDC8997D839E39A3DDD2BADB96743DD7049F1BDB0516A262869915B3F70498AFB7B191BF960"},
+ {"F10619EF02E5D94D7550EB84ED364A21",
+ "8DC0D4F2F745BBAE835CC5574B942D20",
+ "FE561358F2E8DF7E1024FF1AE9A8D36EBD01352214505CB99D644777A8A1F6027FA2BDBFC529A9B91136D5F2416CFC5F0F4EC3A1AFD32BDDA23CA504C5A5CB451785FABF4DFE4CD50D817491991A60615B30286361C100A95D1712F2A45F8E374461F4CA2B",
+ "D7B5A971FC219631D30EFC3664AE3127D9CF3097DAD9C24AC7905D15E8D9B25B026B31D68CAE00975CDB81EB1FD96FD5E1A12E2BB83FA25F1B1D91363457657FC03875C27F2946C5",
+ "2F336ED42D3CC38FC61660C4CD60BA4BD438B05F5965D8B7B399D2E7167F5D34F792D318F94DB15D67463AC449E13D568CC09BFCE32A35EE3EE96A041927680AE329811811E27F2D1E8E657707AF99BA96D13A478D695D59"},
+ {"429F514EFC64D98A698A9247274CFF45",
+ "976AA5EB072F912D126ACEBC954FEC38",
+ "A71D89DC5B6CEDBB7451A27C3C2CAE09126DB4C421",
+ "5632FE62AB1DC549D54D3BC3FC868ACCEDEFD9ECF5E9F8",
+ "848AE4306CA8C7F416F8707625B7F55881C0AB430353A5C967CDA2DA787F581A70E34DBEBB2385"},
+ {"398138F309085F47F8457CDF53895A63",
+ "F8A8A7F2D28E5FFF7BBC2F24353F7A36",
+ "5D633C21BA7764B8855CAB586F3746E236AD486039C83C6B56EFA9C651D38A41D6B20DAEE3418BFEA44B8BD6",
+ "A3BBAA91920AF5E10659818B1B3B300AC79BFC129C8329E75251F73A66D3AE0128EB91D5031E0A65C329DB7D1E9C0493E268",
+ "D078097267606E5FB07CFB7E2B4B718172A82C6A4CEE65D549A4DFB9838003BD2FBF64A7A66988AC1A632FD88F9E9FBB57C5A78AD2E086EACBA3DB68511D81C2970A"},
+ {"7A4151EBD3901B42CBA45DAFB2E931BA",
+ "0FC88ACEE74DD538040321C330974EB8",
+ "250464FB04733BAB934C59E6AD2D6AE8D662CBCFEFBE61E5A308D4211E58C4C25935B72C69107722E946BFCBF416796600542D76AEB73F2B25BF53BAF97BDEB36ED3A7A51C31E7F170EB897457E7C17571D1BA0A908954E9",
+ "88C41F3EBEC23FAB8A362D969CAC810FAD4F7CA6A7F7D0D44F060F92E37E1183768DD4A8C733F71C96058D362A39876D183B86C103DE",
+ "74A25B2182C51096D48A870D80F18E1CE15867778E34FCBA6BD7BFB3739FDCD42AD0F2D9F4EBA29085285C6048C15BCE5E5166F1F962D3337AA88E6062F05523029D0A7F0BF9"},
+ {"BFB147E1CD5459424F8C0271FC0E0DC5",
+ "EABCC126442BF373969EA3015988CC45",
+ "4C0880E1D71AA2C7",
+ "BE1B5EC78FBF73E7A6682B21BA7E0E5D2D1C7ABE",
+ "5660D7C1380E2F306895B1402CB2D6C37876504276B414D120F4CF92FDDDBB293A238EA0"},
+ {"595DD6F52D18BC2CA8EB4EDAA18D9FA3",
+ "0F84B5D36CF4BC3B863313AF3B4D2E97",
+ "30AE6CC5F99580F12A779D98BD379A60948020C0B6FBD5746B30BA3A15C6CD33DAF376C70A9F15B6C0EB410A93161F7958AE23",
+ "8EF3687A1642B070970B0B91462229D1D76ABC154D18211F7152AA9FF368",
+ "317C1DDB11417E5A9CC4DDE7FDFF6659A5AC4B31DE025212580A05CDAC6024D3E4AE7C2966E52B9129E9ECDBED86"},
+ {"44E6F2DC8FDC778AD007137D11410F50",
+ "270A237AD977F7187AA6C158A0BAB24F",
+ "509B0F0EB12E2AA5C5BA2DE553C07FAF4CE0C9E926531AA709A3D6224FCB783ACCF1559E10B1123EBB7D52E8AB54E6B5352A9ED0D04124BF0E9D9BACFD7E32B817B2E625F5EE94A64EDE9E470DE7FE6886C19B294F9F828209FE257A78",
+ "8B3D7815DF25618A5D0C55A601711881483878F113A12EC36CF64900549A3199555528559DC118F789788A55FAFD944E6E99A9CA3F72F238CD3F4D88223F7A745992B3FAED1848",
+ "1CC00D79F7AD82FDA71B58D286E5F34D0CC4CEF30704E771CC1E50746BDF83E182B078DB27149A42BAE619DF0F85B0B1090AD55D3B4471B0D6F6ECCD09C8F876B30081F0E7537A9624F8AAF29DA85E324122EFB4D68A56"},
+ {"BB7BC352A03044B4428D8DBB4B0701FDEC4649FD17B81452",
+ "8B4BBE26CCD9859DCD84884159D6B0A4",
+ "2212BEB0E78E0F044A86944CF33C8D5C80D9DBE1034BF3BCF73611835C7D3A52F5BD2D81B68FD681B68540A496EE5DA16FD8AC8824E60E1EC2042BE28FB0BFAD4E4B03596446BDD8C37D936D9B3D5295BE19F19CF5ACE1D33A46C952CE4DE5C12F92C1DD051E04AEED",
+ "9037234CC44FFF828FABED3A7084AF40FA7ABFF8E0C0EFB57A1CC361E18FC4FAC1AB54F3ABFE9FF77263ACE16C3A",
+ "A9391B805CCD956081E0B63D282BEA46E7025126F1C1631239C33E92AA6F92CD56E5A4C56F00FF9658E93D48AF4EF0EF81628E34AD4DB0CDAEDCD2A17EE7"},
+ {"99C0AD703196D2F60A74E6B378B838B31F82EA861F06FC4E",
+ "92745C018AA708ECFEB1667E9F3F1B01",
+ "828C69F376C0C0EC651C67749C69577D589EE39E51404D80EBF70C8660A8F5FD375473F4A7C611D59CB546A605D67446CE2AA844135FCD78BB5FBC90222A00D42920BB1D7EEDFB0C4672554F583EF23184F89063CDECBE482367B5F9AF3ACBC3AF61392BD94CBCD9B64677",
+ "A879214658FD0A5B0E09836639BF82E05EC7A5EF71D4701934BDA228435C68AC3D5CEB54997878B06A655EEACEFB1345C15867E7FE6C6423660C8B88DF128EBD6BCD85118DBAE16E9252FFB204324E5C8F38CA97759BDBF3CB0083",
+ "51FE87996F194A2585E438B023B345439EA60D1AEBED4650CDAF48A4D4EEC4FC77DC71CC4B09D3BEEF8B7B7AF716CE2B4EFFB3AC9E6323C18AC35E0AA6E2BBBC8889490EB6226C896B0D105EAB42BFE7053CCF00ED66BA94C1BA09A792AA873F0C3B26C5C5F9A936E57B25"},
+ {"7086816D00D648FB8304AA8C9E552E1B69A9955FB59B25D1",
+ "0F45CF7F0BF31CCEB85D9DA10F4D749F",
+ "93F27C60A417D9F0669E86ACC784FC8917B502DAF30A6338F11B30B94D74FEFE2F8BE1BBE2EAD10FAB7EED3C6F72B7C3ECEE1937C32ED4970A6404E139209C05",
+ "877F046601F3CBE4FB1491943FA29487E738F94B99AF206262A1D6FF856C9AA0B8D4D08A54370C98F8E88FA3DCC2B14C1F76D71B2A4C7963AEE8AF960464C5BEC8357AD00DC8",
+ "FE96906B895CE6A8E72BC72344E2C8BB3C63113D70EAFA26C299BAFE77A8A6568172EB447FB3E86648A0AF3512DEB1AAC0819F3EC553903BF28A9FB0F43411237A774BF9EE03E445D280FBB9CD12B9BAAB6EF5E52691"},
+ {"062F65A896D5BF1401BADFF70E91B458E1F9BD4888CB2E4D",
+ "5B11EA1D6008EBB41CF892FCA5B943D1",
+ "BAF4FF5C8242",
+ "A8870E091238355984EB2F7D61A865B9170F440BFF999A5993DD41A10F4440D21FF948DDA2BF663B2E03AC3324492DC5E40262ECC6A65C07672353BE23E7FB3A9D79FF6AA38D97960905A38DECC312CB6A59E5467ECF06C311CD43ADC0B543EDF34FE8BE611F176460D5627CA51F8F8D9FED71F55C",
+ "B10E127A632172CF8AA7539B140D2C9C2590E6F28C3CB892FC498FCE56A34F732FBFF32E79C7B9747D9094E8635A0C084D6F0247F9768FB5FF83493799A9BEC6C39572120C40E9292C8C947AE8573462A9108C36D9D7112E6995AE5867E6C8BB387D1C5D4BEF524F391B9FD9F0A3B4BFA079E915BCD920185CFD38D114C558928BD7D47877"},
+ {"38A8E45D6D705A11AF58AED5A1344896998EACF359F2E26A",
+ "FD82B5B31804FF47D44199B533D0CF84",
+ "DE454D4E62FE879F2050EE3E25853623D3E9AC52EEC1A1779A48CFAF5ECA0BFDE44749391866D1",
+ "B804",
+ "164BB965C05EBE0931A1A63293EDF9C38C27"},
+ {"34C33C97C6D7A0850DA94D78A58DC61EC717CD7574833068",
+ "343BE00DA9483F05C14F2E9EB8EA6AE8",
+ "78312A43EFDE3CAE34A65796FF059A3FE15304EEA5CF1D9306949FE5BF3349D4977D4EBE76C040FE894C5949E4E4D6681153DA87FB9AC5062063CA2EA183566343362370944CE0362D25FC195E124FD60E8682E665D13F2229DDA3E4B2CB1DCA",
+ "CC11BB284B1153578E4A5ED9D937B869DAF00F5B1960C23455CA9CC43F486A3BE0B66254F1041F04FDF459C8640465B6E1D2CF899A381451E8E7FCB50CF87823BE77E24B132BBEEDC72E53369B275E1D8F49ECE59F4F215230AC4FE133FC80E4F634EE80BA4682B62C86",
+ "E7F703DC31A95E3A4919FF957836CB76C063D81702AEA4703E1C2BF30831E58C4609D626EC6810E12EAA5B930F049FF9EFC22C3E3F1EBD4A1FB285CB02A1AC5AD46B425199FC0A85670A5C4E3DAA9636C8F64C199F42F18AAC8EA7457FD377F322DD7752D7D01B946C8F0A97E6113F0D50106F319AFD291AAACE"},
+ {"C6ECF7F053573E403E61B83052A343D93CBCC179D1E835BE",
+ "E280E13D7367042E3AA09A80111B6184",
+ "21486C9D7A9647",
+ "5F2639AFA6F17931853791CD8C92382BBB677FD72D0AB1A080D0E49BFAA21810E963E4FACD422E92F65CBFAD5884A60CD94740DF31AF02F95AA57DA0C4401B0ED906",
+ "5C51DB20755302070C45F52E50128A67C8B2E4ED0EACB7E29998CCE2E8C289DD5655913EC1A51CC3AABE5CDC2402B2BE7D6D4BF6945F266FBD70BA9F37109067157AE7530678B45F64475D4EBFCB5FFF46A5"},
+ {"5EC6CF7401BC57B18EF154E8C38ACCA8959E57D2F3975FF5",
+ "656B41CB3F9CF8C08BAD7EBFC80BD225",
+ "6B817C2906E2AF425861A7EF59BA5801F143EE2A139EE72697CDE168B4",
+ "2C0E1DDC9B1E5389BA63845B18B1F8A1DB062037151BCC56EF7C21C0BB4DAE366636BBA975685D7CC5A94AFBE89C769016388C56FB7B57CE750A12B718A8BDCF70E80E8659A8330EFC8F86640F21735E8C80E23FE43ABF23507CE3F964AE4EC99D",
+ "ED780CF911E6D1AA8C979B889B0B9DC1ABE261832980BDBFB576901D9EF5AB8048998E31A15BE54B3E5845A4D136AD24D0BDA1C3006168DF2F8AC06729CB0818867398150020131D8F04EDF1923758C9EABB5F735DE5EA1758D4BC0ACFCA98AFD202E9839B8720253693B874C65586C6F0"},
+ {"C92F678EB2208662F5BCF3403EC05F5961E957908A3E79421E1D25FC19054153",
+ "DA0F3A40983D92F2D4C01FED33C7A192",
+ "2B6E9D26DB406A0FAB47608657AA10EFC2B4AA5F459B29FF85AC9A40BFFE7AEB04F77E9A11FAAA116D7F6D4DA417671A9AB02C588E0EF59CB1BFB4B1CC931B63A3B3A159FCEC97A04D1E6F0C7E6A9CEF6B0ABB04758A69F1FE754DF4C2610E8C46B6CF413BDB31351D55BEDCB7B4A13A1C98E10984475E0F2F957853",
+ "F37326A80E08",
+ "83519E53E321D334F7C10B568183775C0E9AAE55F806"},
+ {"6847E0491BE57E72995D186D50094B0B3593957A5146798FCE68B287B2FB37B5",
+ "3EE1182AEBB19A02B128F28E1D5F7F99",
+ "D9F35ABB16D776CE",
+ "DB7566ED8EA95BDF837F23DB277BAFBC5E70D1105ADFD0D9EF15475051B1EF94709C67DCA9F8D5",
+ "2CDCED0C9EBD6E2A508822A685F7DCD1CDD99E7A5FCA786C234E7F7F1D27EC49751AD5DCFA30C5EDA87C43CAE3B919B6BBCFE34C8EDA59"},
+ {"82B019673642C08388D3E42075A4D5D587558C229E4AB8F660E37650C4C41A0A",
+ "336F5D681E0410FAE7B607246092C6DC",
+ "D430CBD8FE435B64214E9E9CDC5DE99D31CFCFB8C10AA0587A49DF276611",
+ "998404153AD77003E1737EDE93ED79859EE6DCCA93CB40C4363AA817ABF2DBBD46E42A14A7183B6CC01E12A577888141363D0AE011EB6E8D28C0B235",
+ "9BEF69EEB60BD3D6065707B7557F25292A8872857CFBD24F2F3C088E4450995333088DA50FD9121221C504DF1D0CD5EFE6A12666C5D5BB12282CF4C19906E9CFAB97E9BDF7F49DC17CFC384B"},
+ {"747B2E269B1859F0622C15C8BAD6A725028B1F94B8DB7326948D1E6ED663A8BC",
+ "AB91F7245DDCE3F1C747872D47BE0A8A",
+ "3B03F786EF1DDD76E1D42646DA4CD2A5165DC5383CE86D1A0B5F13F910DC278A4E451EE0192CBA178E13B3BA27FDC7840DF73D2E104B",
+ "6B803F4701114F3E5FE21718845F8416F70F626303F545BE197189E0A2BA396F37CE06D389EB2658BC7D56D67868708F6D0D32",
+ "1570DDB0BCE75AA25D1957A287A2C36B1A5F2270186DA81BA6112B7F43B0F3D1D0ED072591DCF1F1C99BBB25621FC39B896FF9BD9413A2845363A9DCD310C32CF98E57"},
+ {"02E59853FB29AEDA0FE1C5F19180AD99A12FF2F144670BB2B8BADF09AD812E0A",
+ "C691294EF67CD04D1B9242AF83DD1421",
+ "879334DAE3",
+ "1E17F46A98FEF5CBB40759D95354",
+ "FED8C3FF27DDF6313AED444A2985B36CBA268AAD6AAC563C0BA28F6DB5DB"},
+ {"F6C1FB9B4188F2288FF03BD716023198C3582CF2A037FC2F29760916C2B7FCDB",
+ "4228DA0678CA3534588859E77DFF014C",
+ "D8153CAF35539A61DD8D05B3C9B44F01E564FB9348BCD09A1C23B84195171308861058F0A3CD2A55B912A3AAEE06FF4D356C77275828F2157C2FC7C115DA39E443210CCC56BEDB0CC99BBFB227ABD5CC454F4E7F547C7378A659EEB6A7E809101A84F866503CB18D4484E1FA09B3EC7FC75EB2E35270800AA7",
+ "23B660A779AD285704B12EC1C580387A47BEC7B00D452C6570",
+ "5AA642BBABA8E49849002A2FAF31DB8FC7773EFDD656E469CEC19B3206D4174C9A263D0A05484261F6"},
+ {"8FF6086F1FADB9A3FBE245EAC52640C43B39D43F89526BB5A6EBA47710931446",
+ "943188480C99437495958B0AE4831AA9",
+ "AD5CD0BDA426F6EBA23C8EB23DC73FF9FEC173355EDBD6C9344C4C4383F211888F7CE6B29899A6801DF6B38651A7C77150941A",
+ "80CD5EA8D7F81DDF5070B934937912E8F541A5301877528EB41AB60C020968D459960ED8FB73083329841A",
+ "ABAE8EB7F36FCA2362551E72DAC890BA1BB6794797E0FC3B67426EC9372726ED4725D379EA0AC9147E48DCD0005C502863C2C5358A38817C8264B5"},
+ {"A083B54E6B1FE01B65D42FCD248F97BB477A41462BBFE6FD591006C022C8FD84",
+ "B0490F5BD68A52459556B3749ACDF40E",
+ "8892E047DA5CFBBDF7F3CFCBD1BD21C6D4C80774B1826999234394BD3E513CC7C222BB40E1E3140A152F19B3802F0D036C24A590512AD0E8",
+ "D7B15752789DC94ED0F36778A5C7BBB207BEC32BAC66E702B39966F06E381E090C6757653C3D26A81EC6AD6C364D66867A334C91BB0B8A8A4B6EACDF0783D09010AEBA2DD2062308FE99CC1F",
+ "C071280A732ADC93DF272BF1E613B2BB7D46FC6665EF2DC1671F3E211D6BDE1D6ADDD28DF3AA2E47053FC8BB8AE9271EC8BC8B2CFFA320D225B451685B6D23ACEFDD241FE284F8ADC8DB07F456985B14330BBB66E0FB212213E05B3E"},
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/internal/byteutil/byteutil.go b/vendor/github.com/ProtonMail/go-crypto/internal/byteutil/byteutil.go
new file mode 100644
index 0000000000000000000000000000000000000000..d558b9bd82ee773c999912eda4aca6c0ae1d7a73
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/internal/byteutil/byteutil.go
@@ -0,0 +1,90 @@
+// Copyright (C) 2019 ProtonTech AG
+// This file contains necessary tools for the aex and ocb packages.
+//
+// These functions SHOULD NOT be used elsewhere, since they are optimized for
+// specific input nature in the EAX and OCB modes of operation.
+
+package byteutil
+
+// GfnDouble computes 2 * input in the field of 2^n elements.
+// The irreducible polynomial in the finite field for n=128 is
+// x^128 + x^7 + x^2 + x + 1 (equals 0x87)
+// Constant-time execution in order to avoid side-channel attacks
+func GfnDouble(input []byte) []byte {
+ if len(input) != 16 {
+ panic("Doubling in GFn only implemented for n = 128")
+ }
+ // If the first bit is zero, return 2L = L << 1
+ // Else return (L << 1) xor 0^120 10000111
+ shifted := ShiftBytesLeft(input)
+ shifted[15] ^= ((input[0] >> 7) * 0x87)
+ return shifted
+}
+
+// ShiftBytesLeft outputs the byte array corresponding to x << 1 in binary.
+func ShiftBytesLeft(x []byte) []byte {
+ l := len(x)
+ dst := make([]byte, l)
+ for i := 0; i < l-1; i++ {
+ dst[i] = (x[i] << 1) | (x[i+1] >> 7)
+ }
+ dst[l-1] = x[l-1] << 1
+ return dst
+}
+
+// ShiftNBytesLeft puts in dst the byte array corresponding to x << n in binary.
+func ShiftNBytesLeft(dst, x []byte, n int) {
+ // Erase first n / 8 bytes
+ copy(dst, x[n/8:])
+
+ // Shift the remaining n % 8 bits
+ bits := uint(n % 8)
+ l := len(dst)
+ for i := 0; i < l-1; i++ {
+ dst[i] = (dst[i] << bits) | (dst[i+1] >> uint(8-bits))
+ }
+ dst[l-1] = dst[l-1] << bits
+
+ // Append trailing zeroes
+ dst = append(dst, make([]byte, n/8)...)
+}
+
+// XorBytesMut replaces X with X XOR Y. len(X) must be >= len(Y).
+func XorBytesMut(X, Y []byte) {
+ for i := 0; i < len(Y); i++ {
+ X[i] ^= Y[i]
+ }
+}
+
+// XorBytes puts X XOR Y into Z. len(Z) and len(X) must be >= len(Y).
+func XorBytes(Z, X, Y []byte) {
+ for i := 0; i < len(Y); i++ {
+ Z[i] = X[i] ^ Y[i]
+ }
+}
+
+// RightXor XORs smaller input (assumed Y) at the right of the larger input (assumed X)
+func RightXor(X, Y []byte) []byte {
+ offset := len(X) - len(Y)
+ xored := make([]byte, len(X))
+ copy(xored, X)
+ for i := 0; i < len(Y); i++ {
+ xored[offset+i] ^= Y[i]
+ }
+ return xored
+}
+
+// SliceForAppend takes a slice and a requested number of bytes. It returns a
+// slice with the contents of the given slice followed by that many bytes and a
+// second slice that aliases into it and contains only the extra bytes. If the
+// original slice has sufficient capacity then no allocation is performed.
+func SliceForAppend(in []byte, n int) (head, tail []byte) {
+ if total := len(in) + n; cap(in) >= total {
+ head = in[:total]
+ } else {
+ head = make([]byte, total)
+ copy(head, in)
+ }
+ tail = head[len(in):]
+ return
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/ocb/ocb.go b/vendor/github.com/ProtonMail/go-crypto/ocb/ocb.go
new file mode 100644
index 0000000000000000000000000000000000000000..24f893017b36f7e37cc424cc260c10d65aa7b0e6
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/ocb/ocb.go
@@ -0,0 +1,313 @@
+// Copyright (C) 2019 ProtonTech AG
+
+// Package ocb provides an implementation of the OCB (offset codebook) mode of
+// operation, as described in RFC-7253 of the IRTF and in Rogaway, Bellare,
+// Black and Krovetz - OCB: A BLOCK-CIPHER MODE OF OPERATION FOR EFFICIENT
+// AUTHENTICATED ENCRYPTION (2003).
+// Security considerations (from RFC-7253): A private key MUST NOT be used to
+// encrypt more than 2^48 blocks. Tag length should be at least 12 bytes (a
+// brute-force forging adversary succeeds after 2^{tag length} attempts). A
+// single key SHOULD NOT be used to decrypt ciphertext with different tag
+// lengths. Nonces need not be secret, but MUST NOT be reused.
+// This package only supports underlying block ciphers with 128-bit blocks,
+// such as AES-{128, 192, 256}, but may be extended to other sizes.
+package ocb
+
+import (
+ "bytes"
+ "crypto/cipher"
+ "crypto/subtle"
+ "errors"
+ "math/bits"
+
+ "github.com/ProtonMail/go-crypto/internal/byteutil"
+)
+
+type ocb struct {
+ block cipher.Block
+ tagSize int
+ nonceSize int
+ mask mask
+ // Optimized en/decrypt: For each nonce N used to en/decrypt, the 'Ktop'
+ // internal variable can be reused for en/decrypting with nonces sharing
+ // all but the last 6 bits with N. The prefix of the first nonce used to
+ // compute the new Ktop, and the Ktop value itself, are stored in
+ // reusableKtop. If using incremental nonces, this saves one block cipher
+ // call every 63 out of 64 OCB encryptions, and stores one nonce and one
+ // output of the block cipher in memory only.
+ reusableKtop reusableKtop
+}
+
+type mask struct {
+ // L_*, L_$, (L_i)_{i ∈ N}
+ lAst []byte
+ lDol []byte
+ L [][]byte
+}
+
+type reusableKtop struct {
+ noncePrefix []byte
+ Ktop []byte
+}
+
+const (
+ defaultTagSize = 16
+ defaultNonceSize = 15
+)
+
+const (
+ enc = iota
+ dec
+)
+
+func (o *ocb) NonceSize() int {
+ return o.nonceSize
+}
+
+func (o *ocb) Overhead() int {
+ return o.tagSize
+}
+
+// NewOCB returns an OCB instance with the given block cipher and default
+// tag and nonce sizes.
+func NewOCB(block cipher.Block) (cipher.AEAD, error) {
+ return NewOCBWithNonceAndTagSize(block, defaultNonceSize, defaultTagSize)
+}
+
+// NewOCBWithNonceAndTagSize returns an OCB instance with the given block
+// cipher, nonce length, and tag length. Panics on zero nonceSize and
+// exceedingly long tag size.
+//
+// It is recommended to use at least 12 bytes as tag length.
+func NewOCBWithNonceAndTagSize(
+ block cipher.Block, nonceSize, tagSize int) (cipher.AEAD, error) {
+ if block.BlockSize() != 16 {
+ return nil, ocbError("Block cipher must have 128-bit blocks")
+ }
+ if nonceSize < 1 {
+ return nil, ocbError("Incorrect nonce length")
+ }
+ if nonceSize >= block.BlockSize() {
+ return nil, ocbError("Nonce length exceeds blocksize - 1")
+ }
+ if tagSize > block.BlockSize() {
+ return nil, ocbError("Custom tag length exceeds blocksize")
+ }
+ return &ocb{
+ block: block,
+ tagSize: tagSize,
+ nonceSize: nonceSize,
+ mask: initializeMaskTable(block),
+ reusableKtop: reusableKtop{
+ noncePrefix: nil,
+ Ktop: nil,
+ },
+ }, nil
+}
+
+func (o *ocb) Seal(dst, nonce, plaintext, adata []byte) []byte {
+ if len(nonce) > o.nonceSize {
+ panic("crypto/ocb: Incorrect nonce length given to OCB")
+ }
+ sep := len(plaintext)
+ ret, out := byteutil.SliceForAppend(dst, sep+o.tagSize)
+ tag := o.crypt(enc, out[:sep], nonce, adata, plaintext)
+ copy(out[sep:], tag)
+ return ret
+}
+
+func (o *ocb) Open(dst, nonce, ciphertext, adata []byte) ([]byte, error) {
+ if len(nonce) > o.nonceSize {
+ panic("Nonce too long for this instance")
+ }
+ if len(ciphertext) < o.tagSize {
+ return nil, ocbError("Ciphertext shorter than tag length")
+ }
+ sep := len(ciphertext) - o.tagSize
+ ret, out := byteutil.SliceForAppend(dst, sep)
+ ciphertextData := ciphertext[:sep]
+ tag := o.crypt(dec, out, nonce, adata, ciphertextData)
+ if subtle.ConstantTimeCompare(tag, ciphertext[sep:]) == 1 {
+ return ret, nil
+ }
+ for i := range out {
+ out[i] = 0
+ }
+ return nil, ocbError("Tag authentication failed")
+}
+
+// On instruction enc (resp. dec), crypt is the encrypt (resp. decrypt)
+// function. It writes the resulting plain/ciphertext into Y and returns
+// the tag.
+func (o *ocb) crypt(instruction int, Y, nonce, adata, X []byte) []byte {
+ //
+ // Consider X as a sequence of 128-bit blocks
+ //
+ // Note: For encryption (resp. decryption), X is the plaintext (resp., the
+ // ciphertext without the tag).
+ blockSize := o.block.BlockSize()
+
+ //
+ // Nonce-dependent and per-encryption variables
+ //
+ // Zero out the last 6 bits of the nonce into truncatedNonce to see if Ktop
+ // is already computed.
+ truncatedNonce := make([]byte, len(nonce))
+ copy(truncatedNonce, nonce)
+ truncatedNonce[len(truncatedNonce)-1] &= 192
+ var Ktop []byte
+ if bytes.Equal(truncatedNonce, o.reusableKtop.noncePrefix) {
+ Ktop = o.reusableKtop.Ktop
+ } else {
+ // Nonce = num2str(TAGLEN mod 128, 7) || zeros(120 - bitlen(N)) || 1 || N
+ paddedNonce := append(make([]byte, blockSize-1-len(nonce)), 1)
+ paddedNonce = append(paddedNonce, truncatedNonce...)
+ paddedNonce[0] |= byte(((8 * o.tagSize) % (8 * blockSize)) << 1)
+ // Last 6 bits of paddedNonce are already zero. Encrypt into Ktop
+ paddedNonce[blockSize-1] &= 192
+ Ktop = paddedNonce
+ o.block.Encrypt(Ktop, Ktop)
+ o.reusableKtop.noncePrefix = truncatedNonce
+ o.reusableKtop.Ktop = Ktop
+ }
+
+ // Stretch = Ktop || ((lower half of Ktop) XOR (lower half of Ktop << 8))
+ xorHalves := make([]byte, blockSize/2)
+ byteutil.XorBytes(xorHalves, Ktop[:blockSize/2], Ktop[1:1+blockSize/2])
+ stretch := append(Ktop, xorHalves...)
+ bottom := int(nonce[len(nonce)-1] & 63)
+ offset := make([]byte, len(stretch))
+ byteutil.ShiftNBytesLeft(offset, stretch, bottom)
+ offset = offset[:blockSize]
+
+ //
+ // Process any whole blocks
+ //
+ // Note: For encryption Y is ciphertext || tag, for decryption Y is
+ // plaintext || tag.
+ checksum := make([]byte, blockSize)
+ m := len(X) / blockSize
+ for i := 0; i < m; i++ {
+ index := bits.TrailingZeros(uint(i + 1))
+ if len(o.mask.L)-1 < index {
+ o.mask.extendTable(index)
+ }
+ byteutil.XorBytesMut(offset, o.mask.L[bits.TrailingZeros(uint(i+1))])
+ blockX := X[i*blockSize : (i+1)*blockSize]
+ blockY := Y[i*blockSize : (i+1)*blockSize]
+ switch instruction {
+ case enc:
+ byteutil.XorBytesMut(checksum, blockX)
+ byteutil.XorBytes(blockY, blockX, offset)
+ o.block.Encrypt(blockY, blockY)
+ byteutil.XorBytesMut(blockY, offset)
+ case dec:
+ byteutil.XorBytes(blockY, blockX, offset)
+ o.block.Decrypt(blockY, blockY)
+ byteutil.XorBytesMut(blockY, offset)
+ byteutil.XorBytesMut(checksum, blockY)
+ }
+ }
+ //
+ // Process any final partial block and compute raw tag
+ //
+ tag := make([]byte, blockSize)
+ if len(X)%blockSize != 0 {
+ byteutil.XorBytesMut(offset, o.mask.lAst)
+ pad := make([]byte, blockSize)
+ o.block.Encrypt(pad, offset)
+ chunkX := X[blockSize*m:]
+ chunkY := Y[blockSize*m : len(X)]
+ switch instruction {
+ case enc:
+ byteutil.XorBytesMut(checksum, chunkX)
+ checksum[len(chunkX)] ^= 128
+ byteutil.XorBytes(chunkY, chunkX, pad[:len(chunkX)])
+ // P_* || bit(1) || zeroes(127) - len(P_*)
+ case dec:
+ byteutil.XorBytes(chunkY, chunkX, pad[:len(chunkX)])
+ // P_* || bit(1) || zeroes(127) - len(P_*)
+ byteutil.XorBytesMut(checksum, chunkY)
+ checksum[len(chunkY)] ^= 128
+ }
+ }
+ byteutil.XorBytes(tag, checksum, offset)
+ byteutil.XorBytesMut(tag, o.mask.lDol)
+ o.block.Encrypt(tag, tag)
+ byteutil.XorBytesMut(tag, o.hash(adata))
+ return tag[:o.tagSize]
+}
+
+// This hash function is used to compute the tag. Per design, on empty input it
+// returns a slice of zeros, of the same length as the underlying block cipher
+// block size.
+func (o *ocb) hash(adata []byte) []byte {
+ //
+ // Consider A as a sequence of 128-bit blocks
+ //
+ A := make([]byte, len(adata))
+ copy(A, adata)
+ blockSize := o.block.BlockSize()
+
+ //
+ // Process any whole blocks
+ //
+ sum := make([]byte, blockSize)
+ offset := make([]byte, blockSize)
+ m := len(A) / blockSize
+ for i := 0; i < m; i++ {
+ chunk := A[blockSize*i : blockSize*(i+1)]
+ index := bits.TrailingZeros(uint(i + 1))
+ // If the mask table is too short
+ if len(o.mask.L)-1 < index {
+ o.mask.extendTable(index)
+ }
+ byteutil.XorBytesMut(offset, o.mask.L[index])
+ byteutil.XorBytesMut(chunk, offset)
+ o.block.Encrypt(chunk, chunk)
+ byteutil.XorBytesMut(sum, chunk)
+ }
+
+ //
+ // Process any final partial block; compute final hash value
+ //
+ if len(A)%blockSize != 0 {
+ byteutil.XorBytesMut(offset, o.mask.lAst)
+ // Pad block with 1 || 0 ^ 127 - bitlength(a)
+ ending := make([]byte, blockSize-len(A)%blockSize)
+ ending[0] = 0x80
+ encrypted := append(A[blockSize*m:], ending...)
+ byteutil.XorBytesMut(encrypted, offset)
+ o.block.Encrypt(encrypted, encrypted)
+ byteutil.XorBytesMut(sum, encrypted)
+ }
+ return sum
+}
+
+func initializeMaskTable(block cipher.Block) mask {
+ //
+ // Key-dependent variables
+ //
+ lAst := make([]byte, block.BlockSize())
+ block.Encrypt(lAst, lAst)
+ lDol := byteutil.GfnDouble(lAst)
+ L := make([][]byte, 1)
+ L[0] = byteutil.GfnDouble(lDol)
+
+ return mask{
+ lAst: lAst,
+ lDol: lDol,
+ L: L,
+ }
+}
+
+// Extends the L array of mask m up to L[limit], with L[i] = GfnDouble(L[i-1])
+func (m *mask) extendTable(limit int) {
+ for i := len(m.L); i <= limit; i++ {
+ m.L = append(m.L, byteutil.GfnDouble(m.L[i-1]))
+ }
+}
+
+func ocbError(err string) error {
+ return errors.New("crypto/ocb: " + err)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/ocb/random_vectors.go b/vendor/github.com/ProtonMail/go-crypto/ocb/random_vectors.go
new file mode 100644
index 0000000000000000000000000000000000000000..0efaf344fd592896012f79ce0427e8b6ff99052b
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/ocb/random_vectors.go
@@ -0,0 +1,136 @@
+// In the test vectors provided by RFC 7253, the "bottom"
+// internal variable, which defines "offset" for the first time, does not
+// exceed 15. However, it can attain values up to 63.
+
+// These vectors include key length in {128, 192, 256}, tag size 128, and
+// random nonce, header, and plaintext lengths.
+
+// This file was automatically generated.
+
+package ocb
+
+var randomVectors = []struct {
+ key, nonce, header, plaintext, ciphertext string
+}{
+
+ {"9438C5D599308EAF13F800D2D31EA7F0",
+ "C38EE4801BEBFFA1CD8635BE",
+ "0E507B7DADD8A98CDFE272D3CB6B3E8332B56AE583FB049C0874D4200BED16BD1A044182434E9DA0E841F182DFD5B3016B34641CED0784F1745F63AB3D0DA22D3351C9EF9A658B8081E24498EBF61FCE40DA6D8E184536",
+ "962D227786FB8913A8BAD5DC3250",
+ "EEDEF5FFA5986D1E3BF86DDD33EF9ADC79DCA06E215FA772CCBA814F63AD"},
+ {"BA7DE631C7D6712167C6724F5B9A2B1D",
+ "35263EBDA05765DC0E71F1F5",
+ "0103257B4224507C0242FEFE821EA7FA42E0A82863E5F8B68F7D881B4B44FA428A2B6B21D2F591260802D8AB6D83",
+ "9D6D1FC93AE8A64E7889B7B2E3521EFA9B920A8DDB692E6F833DDC4A38AFA535E5E2A3ED82CB7E26404AB86C54D01C4668F28398C2DF33D5D561CBA1C8DCFA7A912F5048E545B59483C0E3221F54B14DAA2E4EB657B3BEF9554F34CAD69B2724AE962D3D8A",
+ "E93852D1985C5E775655E937FA79CE5BF28A585F2AF53A5018853B9634BE3C84499AC0081918FDCE0624494D60E25F76ACD6853AC7576E3C350F332249BFCABD4E73CEABC36BE4EDDA40914E598AE74174A0D7442149B26990899491BDDFE8FC54D6C18E83AE9E9A6FFBF5D376565633862EEAD88D"},
+ {"2E74B25289F6FD3E578C24866E9C72A5",
+ "FD912F15025AF8414642BA1D1D",
+ "FB5FB8C26F365EEDAB5FE260C6E3CCD27806729C8335F146063A7F9EA93290E56CF84576EB446350D22AD730547C267B1F0BBB97EB34E1E2C41A",
+ "6C092EBF78F76EE8C1C6E592277D9545BA16EDB67BC7D8480B9827702DC2F8A129E2B08A2CE710CA7E1DA45CE162BB6CD4B512E632116E2211D3C90871EFB06B8D4B902681C7FB",
+ "6AC0A77F26531BF4F354A1737F99E49BE32ECD909A7A71AD69352906F54B08A9CE9B8CA5D724CBFFC5673437F23F630697F3B84117A1431D6FA8CC13A974FB4AD360300522E09511B99E71065D5AC4BBCB1D791E864EF4"},
+ {"E7EC507C802528F790AFF5303A017B17",
+ "4B97A7A568940A9E3CE7A99E93031E",
+ "28349BDC5A09390C480F9B8AA3EDEA3DDB8B9D64BCA322C570B8225DF0E31190DAB25A4014BA39519E02ABFB12B89AA28BBFD29E486E7FB28734258C817B63CED9912DBAFEBB93E2798AB2890DE3B0ACFCFF906AB15563EF7823CE83D27CDB251195E22BD1337BCBDE65E7C2C427321C463C2777BFE5AEAA",
+ "9455B3EA706B74",
+ "7F33BA3EA848D48A96B9530E26888F43EBD4463C9399B6"},
+ {"6C928AA3224736F28EE7378DE0090191",
+ "8936138E2E4C6A13280017A1622D",
+ "6202717F2631565BDCDC57C6584543E72A7C8BD444D0D108ED35069819633C",
+ "DA0691439E5F035F3E455269D14FE5C201C8C9B0A3FE2D3F86BCC59387C868FE65733D388360B31E3CE28B4BF6A8BE636706B536D5720DB66B47CF1C7A5AFD6F61E0EF90F1726D6B0E169F9A768B2B7AE4EE00A17F630AC905FCAAA1B707FFF25B3A1AAE83B504837C64A5639B2A34002B300EC035C9B43654DA55",
+ "B8804D182AB0F0EEB464FA7BD1329AD6154F982013F3765FEDFE09E26DAC078C9C1439BFC1159D6C02A25E3FF83EF852570117B315852AD5EE20E0FA3AA0A626B0E43BC0CEA38B44579DD36803455FB46989B90E6D229F513FD727AF8372517E9488384C515D6067704119C931299A0982EDDFB9C2E86A90C450C077EB222511EC9CCABC9FCFDB19F70088"},
+ {"ECEA315CA4B3F425B0C9957A17805EA4",
+ "664CDAE18403F4F9BA13015A44FC",
+ "642AFB090D6C6DB46783F08B01A3EF2A8FEB5736B531EAC226E7888FCC8505F396818F83105065FACB3267485B9E5E4A0261F621041C08FCCB2A809A49AB5252A91D0971BCC620B9D614BD77E57A0EED2FA5",
+ "6852C31F8083E20E364CEA21BB7854D67CEE812FE1C9ED2425C0932A90D3780728D1BB",
+ "2ECEF962A9695A463ADABB275BDA9FF8B2BA57AEC2F52EFFB700CD9271A74D2A011C24AEA946051BD6291776429B7E681BA33E"},
+ {"4EE616C4A58AAA380878F71A373461F6",
+ "91B8C9C176D9C385E9C47E52",
+ "CDA440B7F9762C572A718AC754EDEECC119E5EE0CCB9FEA4FFB22EEE75087C032EBF3DA9CDD8A28CC010B99ED45143B41A4BA50EA2A005473F89639237838867A57F23B0F0ED3BF22490E4501DAC9C658A9B9F",
+ "D6E645FA9AE410D15B8123FD757FA356A8DBE9258DDB5BE88832E615910993F497EC",
+ "B70ED7BF959FB2AAED4F36174A2A99BFB16992C8CDF369C782C4DB9C73DE78C5DB8E0615F647243B97ACDB24503BC9CADC48"},
+ {"DCD475773136C830D5E3D0C5FE05B7FF",
+ "BB8E1FBB483BE7616A922C4A",
+ "36FEF2E1CB29E76A6EA663FC3AF66ECD7404F466382F7B040AABED62293302B56E8783EF7EBC21B4A16C3E78A7483A0A403F253A2CDC5BBF79DC3DAE6C73F39A961D8FBBE8D41B",
+ "441E886EA38322B2437ECA7DEB5282518865A66780A454E510878E61BFEC3106A3CD93D2A02052E6F9E1832F9791053E3B76BF4C07EFDD6D4106E3027FABB752E60C1AA425416A87D53938163817A1051EBA1D1DEEB4B9B25C7E97368B52E5911A31810B0EC5AF547559B6142D9F4C4A6EF24A4CF75271BF9D48F62B",
+ "1BE4DD2F4E25A6512C2CC71D24BBB07368589A94C2714962CD0ACE5605688F06342587521E75F0ACAFFD86212FB5C34327D238DB36CF2B787794B9A4412E7CD1410EA5DDD2450C265F29CF96013CD213FD2880657694D718558964BC189B4A84AFCF47EB012935483052399DBA5B088B0A0477F20DFE0E85DCB735E21F22A439FB837DD365A93116D063E607"},
+ {"3FBA2B3D30177FFE15C1C59ED2148BB2C091F5615FBA7C07",
+ "FACF804A4BEBF998505FF9DE",
+ "8213B9263B2971A5BDA18DBD02208EE1",
+ "15B323926993B326EA19F892D704439FC478828322AF72118748284A1FD8A6D814E641F70512FD706980337379F31DC63355974738D7FEA87AD2858C0C2EBBFBE74371C21450072373C7B651B334D7C4D43260B9D7CCD3AF9EDB",
+ "6D35DC1469B26E6AAB26272A41B46916397C24C485B61162E640A062D9275BC33DDCFD3D9E1A53B6C8F51AC89B66A41D59B3574197A40D9B6DCF8A4E2A001409C8112F16B9C389E0096179DB914E05D6D11ED0005AD17E1CE105A2F0BAB8F6B1540DEB968B7A5428FF44"},
+ {"53B52B8D4D748BCDF1DDE68857832FA46227FA6E2F32EFA1",
+ "0B0EF53D4606B28D1398355F",
+ "F23882436349094AF98BCACA8218E81581A043B19009E28EFBF2DE37883E04864148CC01D240552CA8844EC1456F42034653067DA67E80F87105FD06E14FF771246C9612867BE4D215F6D761",
+ "F15030679BD4088D42CAC9BF2E9606EAD4798782FA3ED8C57EBE7F84A53236F51B25967C6489D0CD20C9EEA752F9BC",
+ "67B96E2D67C3729C96DAEAEDF821D61C17E648643A2134C5621FEC621186915AD80864BFD1EB5B238BF526A679385E012A457F583AFA78134242E9D9C1B4E4"},
+ {"0272DD80F23399F49BFC320381A5CD8225867245A49A7D41",
+ "5C83F4896D0738E1366B1836",
+ "69B0337289B19F73A12BAEEA857CCAF396C11113715D9500CCCF48BA08CFF12BC8B4BADB3084E63B85719DB5058FA7C2C11DEB096D7943CFA7CAF5",
+ "C01AD10FC8B562CD17C7BC2FAB3E26CBDFF8D7F4DEA816794BBCC12336991712972F52816AABAB244EB43B0137E2BAC1DD413CE79531E78BEF782E6B439612BB3AEF154DE3502784F287958EBC159419F9EBA27916A28D6307324129F506B1DE80C1755A929F87",
+ "FEFE52DD7159C8DD6E8EC2D3D3C0F37AB6CB471A75A071D17EC4ACDD8F3AA4D7D4F7BB559F3C09099E3D9003E5E8AA1F556B79CECDE66F85B08FA5955E6976BF2695EA076388A62D2AD5BAB7CBF1A7F3F4C8D5CDF37CDE99BD3E30B685D9E5EEE48C7C89118EF4878EB89747F28271FA2CC45F8E9E7601"},
+ {"3EEAED04A455D6E5E5AB53CFD5AFD2F2BC625C7BF4BE49A5",
+ "36B88F63ADBB5668588181D774",
+ "D367E3CB3703E762D23C6533188EF7028EFF9D935A3977150361997EC9DEAF1E4794BDE26AA8B53C124980B1362EC86FCDDFC7A90073171C1BAEE351A53234B86C66E8AB92FAE99EC6967A6D3428892D80",
+ "573454C719A9A55E04437BF7CBAAF27563CCCD92ADD5E515CD63305DFF0687E5EEF790C5DCA5C0033E9AB129505E2775438D92B38F08F3B0356BA142C6F694",
+ "E9F79A5B432D9E682C9AAA5661CFC2E49A0FCB81A431E54B42EB73DD3BED3F377FEC556ABA81624BA64A5D739AD41467460088F8D4F442180A9382CA635745473794C382FCDDC49BA4EB6D8A44AE3C"},
+ {"B695C691538F8CBD60F039D0E28894E3693CC7C36D92D79D",
+ "BC099AEB637361BAC536B57618",
+ "BFFF1A65AE38D1DC142C71637319F5F6508E2CB33C9DCB94202B359ED5A5ED8042E7F4F09231D32A7242976677E6F4C549BF65FADC99E5AF43F7A46FD95E16C2",
+ "081DF3FD85B415D803F0BE5AC58CFF0023FDDED99788296C3731D8",
+ "E50C64E3614D94FE69C47092E46ACC9957C6FEA2CCBF96BC62FBABE7424753C75F9C147C42AE26FE171531"},
+ {"C9ACBD2718F0689A1BE9802A551B6B8D9CF5614DAF5E65ED",
+ "B1B0AAF373B8B026EB80422051D8",
+ "6648C0E61AC733C76119D23FB24548D637751387AA2EAE9D80E912B7BD486CAAD9EAF4D7A5FE2B54AAD481E8EC94BB4D558000896E2010462B70C9FED1E7273080D1",
+ "189F591F6CB6D59AFEDD14C341741A8F1037DC0DF00FC57CE65C30F49E860255CEA5DC6019380CC0FE8880BC1A9E685F41C239C38F36E3F2A1388865C5C311059C0A",
+ "922A5E949B61D03BE34AB5F4E58607D4504EA14017BB363DAE3C873059EA7A1C77A746FB78981671D26C2CF6D9F24952D510044CE02A10177E9DB42D0145211DFE6E84369C5E3BC2669EAB4147B2822895F9"},
+ {"7A832BD2CF5BF4919F353CE2A8C86A5E406DA2D52BE16A72",
+ "2F2F17CECF7E5A756D10785A3CB9DB",
+ "61DA05E3788CC2D8405DBA70C7A28E5AF699863C9F72E6C6770126929F5D6FA267F005EBCF49495CB46400958A3AE80D1289D1C671",
+ "44E91121195A41AF14E8CFDBD39A4B517BE0DF1A72977ED8A3EEF8EEDA1166B2EB6DB2C4AE2E74FA0F0C74537F659BFBD141E5DDEC67E64EDA85AABD3F52C85A785B9FB3CECD70E7DF",
+ "BEDF596EA21288D2B84901E188F6EE1468B14D5161D3802DBFE00D60203A24E2AB62714BF272A45551489838C3A7FEAADC177B591836E73684867CCF4E12901DCF2064058726BBA554E84ADC5136F507E961188D4AF06943D3"},
+ {"1508E8AE9079AA15F1CEC4F776B4D11BCCB061B58AA56C18",
+ "BCA625674F41D1E3AB47672DC0C3",
+ "8B12CF84F16360F0EAD2A41BC021530FFCEC7F3579CAE658E10E2D3D81870F65AFCED0C77C6C4C6E6BA424FF23088C796BA6195ABA35094BF1829E089662E7A95FC90750AE16D0C8AFA55DAC789D7735B970B58D4BE7CEC7341DA82A0179A01929C27A59C5063215B859EA43",
+ "E525422519ECE070E82C",
+ "B47BC07C3ED1C0A43BA52C43CBACBCDBB29CAF1001E09FDF7107"},
+ {"7550C2761644E911FE9ADD119BAC07376BEA442845FEAD876D7E7AC1B713E464",
+ "36D2EC25ADD33CDEDF495205BBC923",
+ "7FCFE81A3790DE97FFC3DE160C470847EA7E841177C2F759571CBD837EA004A6CA8C6F4AEBFF2E9FD552D73EB8A30705D58D70C0B67AEEA280CBBF0A477358ACEF1E7508F2735CD9A0E4F9AC92B8C008F575D3B6278F1C18BD01227E3502E5255F3AB1893632AD00C717C588EF652A51A43209E7EE90",
+ "2B1A62F8FDFAA3C16470A21AD307C9A7D03ADE8EF72C69B06F8D738CDE578D7AEFD0D40BD9C022FB9F580DF5394C998ACCCEFC5471A3996FB8F1045A81FDC6F32D13502EA65A211390C8D882B8E0BEFD8DD8CBEF51D1597B124E9F7F",
+ "C873E02A22DB89EB0787DB6A60B99F7E4A0A085D5C4232A81ADCE2D60AA36F92DDC33F93DD8640AC0E08416B187FB382B3EC3EE85A64B0E6EE41C1366A5AD2A282F66605E87031CCBA2FA7B2DA201D975994AADE3DD1EE122AE09604AD489B84BF0C1AB7129EE16C6934850E"},
+ {"A51300285E554FDBDE7F771A9A9A80955639DD87129FAEF74987C91FB9687C71",
+ "81691D5D20EC818FCFF24B33DECC",
+ "C948093218AA9EB2A8E44A87EEA73FC8B6B75A196819A14BD83709EA323E8DF8B491045220E1D88729A38DBCFFB60D3056DAD4564498FD6574F74512945DEB34B69329ACED9FFC05D5D59DFCD5B973E2ACAFE6AD1EF8BBBC49351A2DD12508ED89ED",
+ "EB861165DAF7625F827C6B574ED703F03215",
+ "C6CD1CE76D2B3679C1B5AA1CFD67CCB55444B6BFD3E22C81CBC9BB738796B83E54E3"},
+ {"8CE0156D26FAEB7E0B9B800BBB2E9D4075B5EAC5C62358B0E7F6FCE610223282",
+ "D2A7B94DD12CDACA909D3AD7",
+ "E021A78F374FC271389AB9A3E97077D755",
+ "7C26000B58929F5095E1CEE154F76C2A299248E299F9B5ADE6C403AA1FD4A67FD4E0232F214CE7B919EE7A1027D2B76C57475715CD078461",
+ "C556FB38DF069B56F337B5FF5775CE6EAA16824DFA754F20B78819028EA635C3BB7AA731DE8776B2DCB67DCA2D33EEDF3C7E52EA450013722A41755A0752433ED17BDD5991AAE77A"},
+ {"1E8000A2CE00A561C9920A30BF0D7B983FEF8A1014C8F04C35CA6970E6BA02BD",
+ "65ED3D63F79F90BBFD19775E",
+ "336A8C0B7243582A46B221AA677647FCAE91",
+ "134A8B34824A290E7B",
+ "914FBEF80D0E6E17F8BDBB6097EBF5FBB0554952DC2B9E5151"},
+ {"53D5607BBE690B6E8D8F6D97F3DF2BA853B682597A214B8AA0EA6E598650AF15",
+ "C391A856B9FE234E14BA1AC7BB40FF",
+ "479682BC21349C4BE1641D5E78FE2C79EC1B9CF5470936DCAD9967A4DCD7C4EFADA593BC9EDE71E6A08829B8580901B61E274227E9D918502DE3",
+ "EAD154DC09C5E26C5D26FF33ED148B27120C7F2C23225CC0D0631B03E1F6C6D96FEB88C1A4052ACB4CE746B884B6502931F407021126C6AAB8C514C077A5A38438AE88EE",
+ "938821286EBB671D999B87C032E1D6055392EB564E57970D55E545FC5E8BAB90E6E3E3C0913F6320995FC636D72CD9919657CC38BD51552F4A502D8D1FE56DB33EBAC5092630E69EBB986F0E15CEE9FC8C052501"},
+ {"294362FCC984F440CEA3E9F7D2C06AF20C53AAC1B3738CA2186C914A6E193ABB",
+ "B15B61C8BB39261A8F55AB178EC3",
+ "D0729B6B75BB",
+ "2BD089ADCE9F334BAE3B065996C7D616DD0C27DF4218DCEEA0FBCA0F968837CE26B0876083327E25681FDDD620A32EC0DA12F73FAE826CC94BFF2B90A54D2651",
+ "AC94B25E4E21DE2437B806966CCD5D9385EF0CD4A51AB9FA6DE675C7B8952D67802E9FEC1FDE9F5D1EAB06057498BC0EEA454804FC9D2068982A3E24182D9AC2E7AB9994DDC899A604264583F63D066B"},
+ {"959DBFEB039B1A5B8CE6A44649B602AAA5F98A906DB96143D202CD2024F749D9",
+ "01D7BDB1133E9C347486C1EFA6",
+ "F3843955BD741F379DD750585EDC55E2CDA05CCBA8C1F4622AC2FE35214BC3A019B8BD12C4CC42D9213D1E1556941E8D8450830287FFB3B763A13722DD4140ED9846FB5FFF745D7B0B967D810A068222E10B259AF1D392035B0D83DC1498A6830B11B2418A840212599171E0258A1C203B05362978",
+ "A21811232C950FA8B12237C2EBD6A7CD2C3A155905E9E0C7C120",
+ "63C1CE397B22F1A03F1FA549B43178BC405B152D3C95E977426D519B3DFCA28498823240592B6EEE7A14"},
+ {"096AE499F5294173F34FF2B375F0E5D5AB79D0D03B33B1A74D7D576826345DF4",
+ "0C52B3D11D636E5910A4DD76D32C",
+ "229E9ECA3053789E937447BC719467075B6138A142DA528DA8F0CF8DDF022FD9AF8E74779BA3AC306609",
+ "8B7A00038783E8BAF6EDEAE0C4EAB48FC8FD501A588C7E4A4DB71E3604F2155A97687D3D2FFF8569261375A513CF4398CE0F87CA1658A1050F6EF6C4EA3E25",
+ "C20B6CF8D3C8241825FD90B2EDAC7593600646E579A8D8DAAE9E2E40C3835FE801B2BE4379131452BC5182C90307B176DFBE2049544222FE7783147B690774F6D9D7CEF52A91E61E298E9AA15464AC"},
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_a.go b/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_a.go
new file mode 100644
index 0000000000000000000000000000000000000000..330309ff5f8ee04c00cbf61239e971b95e76f95e
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_a.go
@@ -0,0 +1,78 @@
+package ocb
+
+import (
+ "encoding/hex"
+)
+
+// Test vectors from https://tools.ietf.org/html/rfc7253. Note that key is
+// shared across tests.
+var testKey, _ = hex.DecodeString("000102030405060708090A0B0C0D0E0F")
+
+var rfc7253testVectors = []struct {
+ nonce, header, plaintext, ciphertext string
+}{
+ {"BBAA99887766554433221100",
+ "",
+ "",
+ "785407BFFFC8AD9EDCC5520AC9111EE6"},
+ {"BBAA99887766554433221101",
+ "0001020304050607",
+ "0001020304050607",
+ "6820B3657B6F615A5725BDA0D3B4EB3A257C9AF1F8F03009"},
+ {"BBAA99887766554433221102",
+ "0001020304050607",
+ "",
+ "81017F8203F081277152FADE694A0A00"},
+ {"BBAA99887766554433221103",
+ "",
+ "0001020304050607",
+ "45DD69F8F5AAE72414054CD1F35D82760B2CD00D2F99BFA9"},
+ {"BBAA99887766554433221104",
+ "000102030405060708090A0B0C0D0E0F",
+ "000102030405060708090A0B0C0D0E0F",
+ "571D535B60B277188BE5147170A9A22C3AD7A4FF3835B8C5701C1CCEC8FC3358"},
+ {"BBAA99887766554433221105",
+ "000102030405060708090A0B0C0D0E0F",
+ "",
+ "8CF761B6902EF764462AD86498CA6B97"},
+ {"BBAA99887766554433221106",
+ "",
+ "000102030405060708090A0B0C0D0E0F",
+ "5CE88EC2E0692706A915C00AEB8B2396F40E1C743F52436BDF06D8FA1ECA343D"},
+ {"BBAA99887766554433221107",
+ "000102030405060708090A0B0C0D0E0F1011121314151617",
+ "000102030405060708090A0B0C0D0E0F1011121314151617",
+ "1CA2207308C87C010756104D8840CE1952F09673A448A122C92C62241051F57356D7F3C90BB0E07F"},
+ {"BBAA99887766554433221108",
+ "000102030405060708090A0B0C0D0E0F1011121314151617",
+ "",
+ "6DC225A071FC1B9F7C69F93B0F1E10DE"},
+ {"BBAA99887766554433221109",
+ "",
+ "000102030405060708090A0B0C0D0E0F1011121314151617",
+ "221BD0DE7FA6FE993ECCD769460A0AF2D6CDED0C395B1C3CE725F32494B9F914D85C0B1EB38357FF"},
+ {"BBAA9988776655443322110A",
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+ "BD6F6C496201C69296C11EFD138A467ABD3C707924B964DEAFFC40319AF5A48540FBBA186C5553C68AD9F592A79A4240"},
+ {"BBAA9988776655443322110B",
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+ "",
+ "FE80690BEE8A485D11F32965BC9D2A32"},
+ {"BBAA9988776655443322110C",
+ "",
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+ "2942BFC773BDA23CABC6ACFD9BFD5835BD300F0973792EF46040C53F1432BCDFB5E1DDE3BC18A5F840B52E653444D5DF"},
+ {"BBAA9988776655443322110D",
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
+ "D5CA91748410C1751FF8A2F618255B68A0A12E093FF454606E59F9C1D0DDC54B65E8628E568BAD7AED07BA06A4A69483A7035490C5769E60"},
+ {"BBAA9988776655443322110E",
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
+ "",
+ "C5CD9D1850C141E358649994EE701B68"},
+ {"BBAA9988776655443322110F",
+ "",
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
+ "4412923493C57D5DE0D700F753CCE0D1D2D95060122E9F15A5DDBFC5787E50B5CC55EE507BCB084E479AD363AC366B95A98CA5F3000B1479"},
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_b.go b/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_b.go
new file mode 100644
index 0000000000000000000000000000000000000000..14a3c336fbc2d9952f681a958167435f03893642
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/ocb/rfc7253_test_vectors_suite_b.go
@@ -0,0 +1,25 @@
+package ocb
+
+// Second set of test vectors from https://tools.ietf.org/html/rfc7253
+var rfc7253TestVectorTaglen96 = struct {
+ key, nonce, header, plaintext, ciphertext string
+}{"0F0E0D0C0B0A09080706050403020100",
+ "BBAA9988776655443322110D",
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627",
+ "1792A4E31E0755FB03E31B22116E6C2DDF9EFD6E33D536F1A0124B0A55BAE884ED93481529C76B6AD0C515F4D1CDD4FDAC4F02AA"}
+
+var rfc7253AlgorithmTest = []struct {
+ KEYLEN, TAGLEN int
+ OUTPUT string
+}{
+ {128, 128, "67E944D23256C5E0B6C61FA22FDF1EA2"},
+ {192, 128, "F673F2C3E7174AAE7BAE986CA9F29E17"},
+ {256, 128, "D90EB8E9C977C88B79DD793D7FFA161C"},
+ {128, 96, "77A3D8E73589158D25D01209"},
+ {192, 96, "05D56EAD2752C86BE6932C5E"},
+ {256, 96, "5458359AC23B0CBA9E6330DD"},
+ {128, 64, "192C9B7BD90BA06A"},
+ {192, 64, "0066BC6E0EF34E24"},
+ {256, 64, "7D4EA5D445501CBE"},
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/aes/keywrap/keywrap.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/aes/keywrap/keywrap.go
new file mode 100644
index 0000000000000000000000000000000000000000..3c6251d1ce67a93dbb3798504e663897f220f54f
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/aes/keywrap/keywrap.go
@@ -0,0 +1,153 @@
+// Copyright 2014 Matthew Endsley
+// All rights reserved
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted providing that the following conditions
+// are met:
+// 1. Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// 2. Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in the
+// documentation and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+// IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+// WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+// DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
+// IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+// POSSIBILITY OF SUCH DAMAGE.
+
+// Package keywrap is an implementation of the RFC 3394 AES key wrapping
+// algorithm. This is used in OpenPGP with elliptic curve keys.
+package keywrap
+
+import (
+ "crypto/aes"
+ "encoding/binary"
+ "errors"
+)
+
+var (
+ // ErrWrapPlaintext is returned if the plaintext is not a multiple
+ // of 64 bits.
+ ErrWrapPlaintext = errors.New("keywrap: plainText must be a multiple of 64 bits")
+
+ // ErrUnwrapCiphertext is returned if the ciphertext is not a
+ // multiple of 64 bits.
+ ErrUnwrapCiphertext = errors.New("keywrap: cipherText must by a multiple of 64 bits")
+
+ // ErrUnwrapFailed is returned if unwrapping a key fails.
+ ErrUnwrapFailed = errors.New("keywrap: failed to unwrap key")
+
+ // NB: the AES NewCipher call only fails if the key is an invalid length.
+
+ // ErrInvalidKey is returned when the AES key is invalid.
+ ErrInvalidKey = errors.New("keywrap: invalid AES key")
+)
+
+// Wrap a key using the RFC 3394 AES Key Wrap Algorithm.
+func Wrap(key, plainText []byte) ([]byte, error) {
+ if len(plainText)%8 != 0 {
+ return nil, ErrWrapPlaintext
+ }
+
+ c, err := aes.NewCipher(key)
+ if err != nil {
+ return nil, ErrInvalidKey
+ }
+
+ nblocks := len(plainText) / 8
+
+ // 1) Initialize variables.
+ var block [aes.BlockSize]byte
+ // - Set A = IV, an initial value (see 2.2.3)
+ for ii := 0; ii < 8; ii++ {
+ block[ii] = 0xA6
+ }
+
+ // - For i = 1 to n
+ // - Set R[i] = P[i]
+ intermediate := make([]byte, len(plainText))
+ copy(intermediate, plainText)
+
+ // 2) Calculate intermediate values.
+ for ii := 0; ii < 6; ii++ {
+ for jj := 0; jj < nblocks; jj++ {
+ // - B = AES(K, A | R[i])
+ copy(block[8:], intermediate[jj*8:jj*8+8])
+ c.Encrypt(block[:], block[:])
+
+ // - A = MSB(64, B) ^ t where t = (n*j)+1
+ t := uint64(ii*nblocks + jj + 1)
+ val := binary.BigEndian.Uint64(block[:8]) ^ t
+ binary.BigEndian.PutUint64(block[:8], val)
+
+ // - R[i] = LSB(64, B)
+ copy(intermediate[jj*8:jj*8+8], block[8:])
+ }
+ }
+
+ // 3) Output results.
+ // - Set C[0] = A
+ // - For i = 1 to n
+ // - C[i] = R[i]
+ return append(block[:8], intermediate...), nil
+}
+
+// Unwrap a key using the RFC 3394 AES Key Wrap Algorithm.
+func Unwrap(key, cipherText []byte) ([]byte, error) {
+ if len(cipherText)%8 != 0 {
+ return nil, ErrUnwrapCiphertext
+ }
+
+ c, err := aes.NewCipher(key)
+ if err != nil {
+ return nil, ErrInvalidKey
+ }
+
+ nblocks := len(cipherText)/8 - 1
+
+ // 1) Initialize variables.
+ var block [aes.BlockSize]byte
+ // - Set A = C[0]
+ copy(block[:8], cipherText[:8])
+
+ // - For i = 1 to n
+ // - Set R[i] = C[i]
+ intermediate := make([]byte, len(cipherText)-8)
+ copy(intermediate, cipherText[8:])
+
+ // 2) Compute intermediate values.
+ for jj := 5; jj >= 0; jj-- {
+ for ii := nblocks - 1; ii >= 0; ii-- {
+ // - B = AES-1(K, (A ^ t) | R[i]) where t = n*j+1
+ // - A = MSB(64, B)
+ t := uint64(jj*nblocks + ii + 1)
+ val := binary.BigEndian.Uint64(block[:8]) ^ t
+ binary.BigEndian.PutUint64(block[:8], val)
+
+ copy(block[8:], intermediate[ii*8:ii*8+8])
+ c.Decrypt(block[:], block[:])
+
+ // - R[i] = LSB(B, 64)
+ copy(intermediate[ii*8:ii*8+8], block[8:])
+ }
+ }
+
+ // 3) Output results.
+ // - If A is an appropriate initial value (see 2.2.3),
+ for ii := 0; ii < 8; ii++ {
+ if block[ii] != 0xA6 {
+ return nil, ErrUnwrapFailed
+ }
+ }
+
+ // - For i = 1 to n
+ // - P[i] = R[i]
+ return intermediate, nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/armor.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/armor.go
new file mode 100644
index 0000000000000000000000000000000000000000..e0a677f28438c0fd4929dad0358916da5d0aa490
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/armor.go
@@ -0,0 +1,183 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package armor implements OpenPGP ASCII Armor, see RFC 4880. OpenPGP Armor is
+// very similar to PEM except that it has an additional CRC checksum.
+package armor // import "github.com/ProtonMail/go-crypto/openpgp/armor"
+
+import (
+ "bufio"
+ "bytes"
+ "encoding/base64"
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+)
+
+// A Block represents an OpenPGP armored structure.
+//
+// The encoded form is:
+//
+// -----BEGIN Type-----
+// Headers
+//
+// base64-encoded Bytes
+// '=' base64 encoded checksum (optional) not checked anymore
+// -----END Type-----
+//
+// where Headers is a possibly empty sequence of Key: Value lines.
+//
+// Since the armored data can be very large, this package presents a streaming
+// interface.
+type Block struct {
+ Type string // The type, taken from the preamble (i.e. "PGP SIGNATURE").
+ Header map[string]string // Optional headers.
+ Body io.Reader // A Reader from which the contents can be read
+ lReader lineReader
+ oReader openpgpReader
+}
+
+var ArmorCorrupt error = errors.StructuralError("armor invalid")
+
+var armorStart = []byte("-----BEGIN ")
+var armorEnd = []byte("-----END ")
+var armorEndOfLine = []byte("-----")
+
+// lineReader wraps a line based reader. It watches for the end of an armor block
+type lineReader struct {
+ in *bufio.Reader
+ buf []byte
+ eof bool
+}
+
+func (l *lineReader) Read(p []byte) (n int, err error) {
+ if l.eof {
+ return 0, io.EOF
+ }
+
+ if len(l.buf) > 0 {
+ n = copy(p, l.buf)
+ l.buf = l.buf[n:]
+ return
+ }
+
+ line, isPrefix, err := l.in.ReadLine()
+ if err != nil {
+ return
+ }
+ if isPrefix {
+ return 0, ArmorCorrupt
+ }
+
+ if bytes.HasPrefix(line, armorEnd) {
+ l.eof = true
+ return 0, io.EOF
+ }
+
+ if len(line) == 5 && line[0] == '=' {
+ // This is the checksum line
+ // Don't check the checksum
+
+ l.eof = true
+ return 0, io.EOF
+ }
+
+ if len(line) > 96 {
+ return 0, ArmorCorrupt
+ }
+
+ n = copy(p, line)
+ bytesToSave := len(line) - n
+ if bytesToSave > 0 {
+ if cap(l.buf) < bytesToSave {
+ l.buf = make([]byte, 0, bytesToSave)
+ }
+ l.buf = l.buf[0:bytesToSave]
+ copy(l.buf, line[n:])
+ }
+
+ return
+}
+
+// openpgpReader passes Read calls to the underlying base64 decoder.
+type openpgpReader struct {
+ lReader *lineReader
+ b64Reader io.Reader
+}
+
+func (r *openpgpReader) Read(p []byte) (n int, err error) {
+ n, err = r.b64Reader.Read(p)
+ return
+}
+
+// Decode reads a PGP armored block from the given Reader. It will ignore
+// leading garbage. If it doesn't find a block, it will return nil, io.EOF. The
+// given Reader is not usable after calling this function: an arbitrary amount
+// of data may have been read past the end of the block.
+func Decode(in io.Reader) (p *Block, err error) {
+ r := bufio.NewReaderSize(in, 100)
+ var line []byte
+ ignoreNext := false
+
+TryNextBlock:
+ p = nil
+
+ // Skip leading garbage
+ for {
+ ignoreThis := ignoreNext
+ line, ignoreNext, err = r.ReadLine()
+ if err != nil {
+ return
+ }
+ if ignoreNext || ignoreThis {
+ continue
+ }
+ line = bytes.TrimSpace(line)
+ if len(line) > len(armorStart)+len(armorEndOfLine) && bytes.HasPrefix(line, armorStart) {
+ break
+ }
+ }
+
+ p = new(Block)
+ p.Type = string(line[len(armorStart) : len(line)-len(armorEndOfLine)])
+ p.Header = make(map[string]string)
+ nextIsContinuation := false
+ var lastKey string
+
+ // Read headers
+ for {
+ isContinuation := nextIsContinuation
+ line, nextIsContinuation, err = r.ReadLine()
+ if err != nil {
+ p = nil
+ return
+ }
+ if isContinuation {
+ p.Header[lastKey] += string(line)
+ continue
+ }
+ line = bytes.TrimSpace(line)
+ if len(line) == 0 {
+ break
+ }
+
+ i := bytes.Index(line, []byte(":"))
+ if i == -1 {
+ goto TryNextBlock
+ }
+ lastKey = string(line[:i])
+ var value string
+ if len(line) > i+2 {
+ value = string(line[i+2:])
+ }
+ p.Header[lastKey] = value
+ }
+
+ p.lReader.in = r
+ p.oReader.lReader = &p.lReader
+ p.oReader.b64Reader = base64.NewDecoder(base64.StdEncoding, &p.lReader)
+ p.Body = &p.oReader
+
+ return
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/encode.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/encode.go
new file mode 100644
index 0000000000000000000000000000000000000000..550efddf056baca6b95414fbd0eb7962025d7e9a
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/armor/encode.go
@@ -0,0 +1,206 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package armor
+
+import (
+ "encoding/base64"
+ "io"
+ "sort"
+)
+
+var armorHeaderSep = []byte(": ")
+var blockEnd = []byte("\n=")
+var newline = []byte("\n")
+var armorEndOfLineOut = []byte("-----\n")
+
+const crc24Init = 0xb704ce
+const crc24Poly = 0x1864cfb
+
+// crc24 calculates the OpenPGP checksum as specified in RFC 4880, section 6.1
+func crc24(crc uint32, d []byte) uint32 {
+ for _, b := range d {
+ crc ^= uint32(b) << 16
+ for i := 0; i < 8; i++ {
+ crc <<= 1
+ if crc&0x1000000 != 0 {
+ crc ^= crc24Poly
+ }
+ }
+ }
+ return crc
+}
+
+// writeSlices writes its arguments to the given Writer.
+func writeSlices(out io.Writer, slices ...[]byte) (err error) {
+ for _, s := range slices {
+ _, err = out.Write(s)
+ if err != nil {
+ return err
+ }
+ }
+ return
+}
+
+// lineBreaker breaks data across several lines, all of the same byte length
+// (except possibly the last). Lines are broken with a single '\n'.
+type lineBreaker struct {
+ lineLength int
+ line []byte
+ used int
+ out io.Writer
+ haveWritten bool
+}
+
+func newLineBreaker(out io.Writer, lineLength int) *lineBreaker {
+ return &lineBreaker{
+ lineLength: lineLength,
+ line: make([]byte, lineLength),
+ used: 0,
+ out: out,
+ }
+}
+
+func (l *lineBreaker) Write(b []byte) (n int, err error) {
+ n = len(b)
+
+ if n == 0 {
+ return
+ }
+
+ if l.used == 0 && l.haveWritten {
+ _, err = l.out.Write([]byte{'\n'})
+ if err != nil {
+ return
+ }
+ }
+
+ if l.used+len(b) < l.lineLength {
+ l.used += copy(l.line[l.used:], b)
+ return
+ }
+
+ l.haveWritten = true
+ _, err = l.out.Write(l.line[0:l.used])
+ if err != nil {
+ return
+ }
+ excess := l.lineLength - l.used
+ l.used = 0
+
+ _, err = l.out.Write(b[0:excess])
+ if err != nil {
+ return
+ }
+
+ _, err = l.Write(b[excess:])
+ return
+}
+
+func (l *lineBreaker) Close() (err error) {
+ if l.used > 0 {
+ _, err = l.out.Write(l.line[0:l.used])
+ if err != nil {
+ return
+ }
+ }
+
+ return
+}
+
+// encoding keeps track of a running CRC24 over the data which has been written
+// to it and outputs a OpenPGP checksum when closed, followed by an armor
+// trailer.
+//
+// It's built into a stack of io.Writers:
+//
+// encoding -> base64 encoder -> lineBreaker -> out
+type encoding struct {
+ out io.Writer
+ breaker *lineBreaker
+ b64 io.WriteCloser
+ crc uint32
+ crcEnabled bool
+ blockType []byte
+}
+
+func (e *encoding) Write(data []byte) (n int, err error) {
+ if e.crcEnabled {
+ e.crc = crc24(e.crc, data)
+ }
+ return e.b64.Write(data)
+}
+
+func (e *encoding) Close() (err error) {
+ err = e.b64.Close()
+ if err != nil {
+ return
+ }
+ e.breaker.Close()
+
+ if e.crcEnabled {
+ var checksumBytes [3]byte
+ checksumBytes[0] = byte(e.crc >> 16)
+ checksumBytes[1] = byte(e.crc >> 8)
+ checksumBytes[2] = byte(e.crc)
+
+ var b64ChecksumBytes [4]byte
+ base64.StdEncoding.Encode(b64ChecksumBytes[:], checksumBytes[:])
+
+ return writeSlices(e.out, blockEnd, b64ChecksumBytes[:], newline, armorEnd, e.blockType, armorEndOfLine)
+ }
+ return writeSlices(e.out, newline, armorEnd, e.blockType, armorEndOfLine)
+}
+
+func encode(out io.Writer, blockType string, headers map[string]string, checksum bool) (w io.WriteCloser, err error) {
+ bType := []byte(blockType)
+ err = writeSlices(out, armorStart, bType, armorEndOfLineOut)
+ if err != nil {
+ return
+ }
+
+ keys := make([]string, len(headers))
+ i := 0
+ for k := range headers {
+ keys[i] = k
+ i++
+ }
+ sort.Strings(keys)
+ for _, k := range keys {
+ err = writeSlices(out, []byte(k), armorHeaderSep, []byte(headers[k]), newline)
+ if err != nil {
+ return
+ }
+ }
+
+ _, err = out.Write(newline)
+ if err != nil {
+ return
+ }
+
+ e := &encoding{
+ out: out,
+ breaker: newLineBreaker(out, 64),
+ blockType: bType,
+ crc: crc24Init,
+ crcEnabled: checksum,
+ }
+ e.b64 = base64.NewEncoder(base64.StdEncoding, e.breaker)
+ return e, nil
+}
+
+// Encode returns a WriteCloser which will encode the data written to it in
+// OpenPGP armor.
+func Encode(out io.Writer, blockType string, headers map[string]string) (w io.WriteCloser, err error) {
+ return encode(out, blockType, headers, true)
+}
+
+// EncodeWithChecksumOption returns a WriteCloser which will encode the data written to it in
+// OpenPGP armor and provides the option to include a checksum.
+// When forming ASCII Armor, the CRC24 footer SHOULD NOT be generated,
+// unless interoperability with implementations that require the CRC24 footer
+// to be present is a concern.
+func EncodeWithChecksumOption(out io.Writer, blockType string, headers map[string]string, doChecksum bool) (w io.WriteCloser, err error) {
+ return encode(out, blockType, headers, doChecksum)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/canonical_text.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/canonical_text.go
new file mode 100644
index 0000000000000000000000000000000000000000..5b40e1375de5baa770d8debfea91c20a0ea8e5cb
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/canonical_text.go
@@ -0,0 +1,71 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package openpgp
+
+import (
+ "hash"
+ "io"
+)
+
+// NewCanonicalTextHash reformats text written to it into the canonical
+// form and then applies the hash h. See RFC 4880, section 5.2.1.
+func NewCanonicalTextHash(h hash.Hash) hash.Hash {
+ return &canonicalTextHash{h, 0}
+}
+
+type canonicalTextHash struct {
+ h hash.Hash
+ s int
+}
+
+var newline = []byte{'\r', '\n'}
+
+func writeCanonical(cw io.Writer, buf []byte, s *int) (int, error) {
+ start := 0
+ for i, c := range buf {
+ switch *s {
+ case 0:
+ if c == '\r' {
+ *s = 1
+ } else if c == '\n' {
+ if _, err := cw.Write(buf[start:i]); err != nil {
+ return 0, err
+ }
+ if _, err := cw.Write(newline); err != nil {
+ return 0, err
+ }
+ start = i + 1
+ }
+ case 1:
+ *s = 0
+ }
+ }
+
+ if _, err := cw.Write(buf[start:]); err != nil {
+ return 0, err
+ }
+ return len(buf), nil
+}
+
+func (cth *canonicalTextHash) Write(buf []byte) (int, error) {
+ return writeCanonical(cth.h, buf, &cth.s)
+}
+
+func (cth *canonicalTextHash) Sum(in []byte) []byte {
+ return cth.h.Sum(in)
+}
+
+func (cth *canonicalTextHash) Reset() {
+ cth.h.Reset()
+ cth.s = 0
+}
+
+func (cth *canonicalTextHash) Size() int {
+ return cth.h.Size()
+}
+
+func (cth *canonicalTextHash) BlockSize() int {
+ return cth.h.BlockSize()
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/clearsign/clearsign.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/clearsign/clearsign.go
new file mode 100644
index 0000000000000000000000000000000000000000..aea7f95b60d35ed4b837e3fc23e75006a6297f32
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/clearsign/clearsign.go
@@ -0,0 +1,491 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package clearsign generates and processes OpenPGP, clear-signed data. See
+// RFC 4880, section 7.
+//
+// Clearsigned messages are cryptographically signed, but the contents of the
+// message are kept in plaintext so that it can be read without special tools.
+package clearsign // import "github.com/ProtonMail/go-crypto/openpgp/clearsign"
+
+import (
+ "bufio"
+ "bytes"
+ "crypto"
+ "fmt"
+ "hash"
+ "io"
+ "net/textproto"
+ "strconv"
+ "strings"
+
+ "github.com/ProtonMail/go-crypto/openpgp"
+ "github.com/ProtonMail/go-crypto/openpgp/armor"
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "github.com/ProtonMail/go-crypto/openpgp/packet"
+)
+
+// A Block represents a clearsigned message. A signature on a Block can
+// be checked by calling Block.VerifySignature.
+type Block struct {
+ Headers textproto.MIMEHeader // Optional unverified Hash headers
+ Plaintext []byte // The original message text
+ Bytes []byte // The signed message
+ ArmoredSignature *armor.Block // The signature block
+}
+
+// start is the marker which denotes the beginning of a clearsigned message.
+var start = []byte("\n-----BEGIN PGP SIGNED MESSAGE-----")
+
+// dashEscape is prefixed to any lines that begin with a hyphen so that they
+// can't be confused with endText.
+var dashEscape = []byte("- ")
+
+// endText is a marker which denotes the end of the message and the start of
+// an armored signature.
+var endText = []byte("-----BEGIN PGP SIGNATURE-----")
+
+// end is a marker which denotes the end of the armored signature.
+var end = []byte("\n-----END PGP SIGNATURE-----")
+
+var crlf = []byte("\r\n")
+var lf = byte('\n')
+
+const hashHeader string = "Hash"
+
+// getLine returns the first \r\n or \n delineated line from the given byte
+// array. The line does not include the \r\n or \n. The remainder of the byte
+// array (also not including the new line bytes) is also returned and this will
+// always be smaller than the original argument.
+func getLine(data []byte) (line, rest []byte) {
+ i := bytes.Index(data, []byte{'\n'})
+ var j int
+ if i < 0 {
+ i = len(data)
+ j = i
+ } else {
+ j = i + 1
+ if i > 0 && data[i-1] == '\r' {
+ i--
+ }
+ }
+ return data[0:i], data[j:]
+}
+
+// Decode finds the first clearsigned message in data and returns it, as well as
+// the suffix of data which remains after the message. Any prefix data is
+// discarded.
+//
+// If no message is found, or if the message is invalid, Decode returns nil and
+// the whole data slice. The only allowed header type is Hash, and it is not
+// verified against the signature hash.
+func Decode(data []byte) (b *Block, rest []byte) {
+ // start begins with a newline. However, at the very beginning of
+ // the byte array, we'll accept the start string without it.
+ rest = data
+ if bytes.HasPrefix(data, start[1:]) {
+ rest = rest[len(start)-1:]
+ } else if i := bytes.Index(data, start); i >= 0 {
+ rest = rest[i+len(start):]
+ } else {
+ return nil, data
+ }
+
+ // Consume the start line and check it does not have a suffix.
+ suffix, rest := getLine(rest)
+ if len(suffix) != 0 {
+ return nil, data
+ }
+
+ var line []byte
+ b = &Block{
+ Headers: make(textproto.MIMEHeader),
+ }
+
+ // Next come a series of header lines.
+ for {
+ // This loop terminates because getLine's second result is
+ // always smaller than its argument.
+ if len(rest) == 0 {
+ return nil, data
+ }
+ // An empty line marks the end of the headers.
+ if line, rest = getLine(rest); len(strings.TrimSpace(string(line))) == 0 {
+ break
+ }
+
+ // Reject headers with control or Unicode characters.
+ if i := bytes.IndexFunc(line, func(r rune) bool {
+ return r < 0x20 || r > 0x7e
+ }); i != -1 {
+ return nil, data
+ }
+
+ i := bytes.Index(line, []byte{':'})
+ if i == -1 {
+ return nil, data
+ }
+
+ key, val := string(line[0:i]), string(line[i+1:])
+ key = strings.TrimSpace(key)
+ if key == hashHeader {
+ for _, val := range strings.Split(val, ",") {
+ val = strings.TrimSpace(val)
+ b.Headers.Add(key, val)
+ }
+ } else {
+ // Only "Hash" headers are allowed.
+ return nil, data
+ }
+ }
+
+ firstLine := true
+ for {
+ start := rest
+
+ line, rest = getLine(rest)
+ if len(line) == 0 && len(rest) == 0 {
+ // No armored data was found, so this isn't a complete message.
+ return nil, data
+ }
+ if bytes.Equal(line, endText) {
+ // Back up to the start of the line because armor expects to see the
+ // header line.
+ rest = start
+ break
+ }
+
+ // The final CRLF isn't included in the hash so we don't write it until
+ // we've seen the next line.
+ if firstLine {
+ firstLine = false
+ } else {
+ b.Bytes = append(b.Bytes, crlf...)
+ }
+
+ if bytes.HasPrefix(line, dashEscape) {
+ line = line[2:]
+ }
+ line = bytes.TrimRight(line, " \t")
+ b.Bytes = append(b.Bytes, line...)
+
+ b.Plaintext = append(b.Plaintext, line...)
+ b.Plaintext = append(b.Plaintext, lf)
+ }
+ b.Plaintext = b.Plaintext[:len(b.Plaintext)-1]
+
+ // We want to find the extent of the armored data (including any newlines at
+ // the end).
+ i := bytes.Index(rest, end)
+ if i == -1 {
+ return nil, data
+ }
+ i += len(end)
+ for i < len(rest) && (rest[i] == '\r' || rest[i] == '\n') {
+ i++
+ }
+ armored := rest[:i]
+ rest = rest[i:]
+
+ var err error
+ b.ArmoredSignature, err = armor.Decode(bytes.NewBuffer(armored))
+ if err != nil {
+ return nil, data
+ }
+
+ return b, rest
+}
+
+// A dashEscaper is an io.WriteCloser which processes the body of a clear-signed
+// message. The clear-signed message is written to buffered and a hash, suitable
+// for signing, is maintained in h.
+//
+// When closed, an armored signature is created and written to complete the
+// message.
+type dashEscaper struct {
+ buffered *bufio.Writer
+ hashers []hash.Hash // one per key in privateKeys
+ hashType crypto.Hash
+ toHash io.Writer // writes to all the hashes in hashers
+ salts [][]byte // salts for the signatures if v6
+ armorHeader map[string]string // Armor headers
+
+ atBeginningOfLine bool
+ isFirstLine bool
+
+ whitespace []byte
+ byteBuf []byte // a one byte buffer to save allocations
+
+ privateKeys []*packet.PrivateKey
+ config *packet.Config
+}
+
+func (d *dashEscaper) Write(data []byte) (n int, err error) {
+ for _, b := range data {
+ d.byteBuf[0] = b
+
+ if d.atBeginningOfLine {
+ // The final CRLF isn't included in the hash so we have to wait
+ // until this point (the start of the next line) before writing it.
+ if !d.isFirstLine {
+ if _, err = d.toHash.Write(crlf); err != nil {
+ return
+ }
+ }
+ d.isFirstLine = false
+ }
+
+ // Any whitespace at the end of the line has to be removed so we
+ // buffer it until we find out whether there's more on this line.
+ if b == ' ' || b == '\t' || b == '\r' {
+ d.whitespace = append(d.whitespace, b)
+ d.atBeginningOfLine = false
+ continue
+ }
+
+ if d.atBeginningOfLine {
+ // At the beginning of a line, hyphens have to be escaped.
+ if b == '-' {
+ // The signature isn't calculated over the dash-escaped text so
+ // the escape is only written to buffered.
+ if _, err = d.buffered.Write(dashEscape); err != nil {
+ return
+ }
+ if _, err = d.toHash.Write(d.byteBuf); err != nil {
+ return
+ }
+ d.atBeginningOfLine = false
+ } else if b == '\n' {
+ // Nothing to do because we delay writing CRLF to the hash.
+ } else {
+ if _, err = d.toHash.Write(d.byteBuf); err != nil {
+ return
+ }
+ d.atBeginningOfLine = false
+ }
+ if err = d.buffered.WriteByte(b); err != nil {
+ return
+ }
+ } else {
+ if b == '\n' {
+ // We got a raw \n. Drop any trailing whitespace and write a
+ // CRLF.
+ d.whitespace = d.whitespace[:0]
+ // We delay writing CRLF to the hash until the start of the
+ // next line.
+ if err = d.buffered.WriteByte(b); err != nil {
+ return
+ }
+ d.atBeginningOfLine = true
+ } else {
+ // Any buffered whitespace wasn't at the end of the line so
+ // we need to write it out.
+ if len(d.whitespace) > 0 {
+ if _, err = d.toHash.Write(d.whitespace); err != nil {
+ return
+ }
+ if _, err = d.buffered.Write(d.whitespace); err != nil {
+ return
+ }
+ d.whitespace = d.whitespace[:0]
+ }
+ if _, err = d.toHash.Write(d.byteBuf); err != nil {
+ return
+ }
+ if err = d.buffered.WriteByte(b); err != nil {
+ return
+ }
+ }
+ }
+ }
+
+ n = len(data)
+ return
+}
+
+func (d *dashEscaper) Close() (err error) {
+ if d.atBeginningOfLine {
+ if !d.isFirstLine {
+ if _, err := d.toHash.Write(crlf); err != nil {
+ return err
+ }
+ }
+ }
+ if err = d.buffered.WriteByte(lf); err != nil {
+ return
+ }
+
+ out, err := armor.EncodeWithChecksumOption(d.buffered, "PGP SIGNATURE", d.armorHeader, false)
+ if err != nil {
+ return
+ }
+
+ t := d.config.Now()
+ indexSalt := 0
+ for i, k := range d.privateKeys {
+ sig := new(packet.Signature)
+ sig.Version = k.Version
+ sig.SigType = packet.SigTypeText
+ sig.PubKeyAlgo = k.PubKeyAlgo
+ sig.Hash = d.hashType
+ sig.CreationTime = t
+ sig.IssuerKeyId = &k.KeyId
+ sig.IssuerFingerprint = k.Fingerprint
+ sig.Notations = d.config.Notations()
+ sigLifetimeSecs := d.config.SigLifetime()
+ sig.SigLifetimeSecs = &sigLifetimeSecs
+ if k.Version == 6 {
+ if err = sig.SetSalt(d.salts[indexSalt]); err != nil {
+ return
+ }
+ indexSalt++
+ }
+ if err = sig.Sign(d.hashers[i], k, d.config); err != nil {
+ return
+ }
+ if err = sig.Serialize(out); err != nil {
+ return
+ }
+ }
+
+ if err = out.Close(); err != nil {
+ return
+ }
+ if err = d.buffered.Flush(); err != nil {
+ return
+ }
+ return
+}
+
+// Encode returns a WriteCloser which will clear-sign a message with privateKey
+// and write it to w. If config is nil, sensible defaults are used.
+func Encode(w io.Writer, privateKey *packet.PrivateKey, config *packet.Config) (plaintext io.WriteCloser, err error) {
+ return EncodeMulti(w, []*packet.PrivateKey{privateKey}, config)
+}
+
+// EncodeWithHeader returns a WriteCloser which will clear-sign a message with privateKey
+// and write it to w. If config is nil, sensible defaults are used.
+// Additionally provides a headers argument for custom headers.
+func EncodeWithHeader(w io.Writer, privateKey *packet.PrivateKey, config *packet.Config, headers map[string]string) (plaintext io.WriteCloser, err error) {
+ return EncodeMultiWithHeader(w, []*packet.PrivateKey{privateKey}, config, headers)
+}
+
+// EncodeMulti returns a WriteCloser which will clear-sign a message with all the
+// private keys indicated and write it to w. If config is nil, sensible defaults
+// are used.
+func EncodeMulti(w io.Writer, privateKeys []*packet.PrivateKey, config *packet.Config) (plaintext io.WriteCloser, err error) {
+ return EncodeMultiWithHeader(w, privateKeys, config, nil)
+}
+
+// EncodeMultiWithHeader returns a WriteCloser which will clear-sign a message with all the
+// private keys indicated and write it to w. If config is nil, sensible defaults
+// are used.
+// Additionally provides a headers argument for custom headers.
+func EncodeMultiWithHeader(w io.Writer, privateKeys []*packet.PrivateKey, config *packet.Config, headers map[string]string) (plaintext io.WriteCloser, err error) {
+ for _, k := range privateKeys {
+ if k.Encrypted {
+ return nil, errors.InvalidArgumentError(fmt.Sprintf("signing key %s is encrypted", k.KeyIdString()))
+ }
+ }
+
+ hashType := config.Hash()
+ name := nameOfHash(hashType)
+ if len(name) == 0 {
+ return nil, errors.UnsupportedError("unknown hash type: " + strconv.Itoa(int(hashType)))
+ }
+
+ if !hashType.Available() {
+ return nil, errors.UnsupportedError("unsupported hash type: " + strconv.Itoa(int(hashType)))
+ }
+ var hashers []hash.Hash
+ var ws []io.Writer
+ var salts [][]byte
+ for _, sk := range privateKeys {
+ h := hashType.New()
+ if sk.Version == 6 {
+ // generate salt
+ var salt []byte
+ salt, err = packet.SignatureSaltForHash(hashType, config.Random())
+ if err != nil {
+ return
+ }
+ if _, err = h.Write(salt); err != nil {
+ return
+ }
+ salts = append(salts, salt)
+ }
+ hashers = append(hashers, h)
+ ws = append(ws, h)
+ }
+ toHash := io.MultiWriter(ws...)
+
+ buffered := bufio.NewWriter(w)
+ // start has a \n at the beginning that we don't want here.
+ if _, err = buffered.Write(start[1:]); err != nil {
+ return
+ }
+ if err = buffered.WriteByte(lf); err != nil {
+ return
+ }
+ // write headers
+ nonV6 := len(salts) < len(hashers)
+ // Crypto refresh: Headers SHOULD NOT be emitted
+ if nonV6 { // Emit header if non v6 signatures are present for compatibility
+ if _, err = buffered.WriteString(fmt.Sprintf("%s: %s", hashHeader, name)); err != nil {
+ return
+ }
+ if err = buffered.WriteByte(lf); err != nil {
+ return
+ }
+ }
+ if err = buffered.WriteByte(lf); err != nil {
+ return
+ }
+
+ plaintext = &dashEscaper{
+ buffered: buffered,
+ hashers: hashers,
+ hashType: hashType,
+ toHash: toHash,
+ salts: salts,
+ armorHeader: headers,
+
+ atBeginningOfLine: true,
+ isFirstLine: true,
+
+ byteBuf: make([]byte, 1),
+
+ privateKeys: privateKeys,
+ config: config,
+ }
+
+ return
+}
+
+// VerifySignature checks a clearsigned message signature, and checks that the
+// hash algorithm in the header matches the hash algorithm in the signature.
+func (b *Block) VerifySignature(keyring openpgp.KeyRing, config *packet.Config) (signer *openpgp.Entity, err error) {
+ _, signer, err = openpgp.VerifyDetachedSignature(keyring, bytes.NewBuffer(b.Bytes), b.ArmoredSignature.Body, config)
+ return
+}
+
+// nameOfHash returns the OpenPGP name for the given hash, or the empty string
+// if the name isn't known. See RFC 4880, section 9.4.
+func nameOfHash(h crypto.Hash) string {
+ switch h {
+ case crypto.SHA224:
+ return "SHA224"
+ case crypto.SHA256:
+ return "SHA256"
+ case crypto.SHA384:
+ return "SHA384"
+ case crypto.SHA512:
+ return "SHA512"
+ case crypto.SHA3_256:
+ return "SHA3-256"
+ case crypto.SHA3_512:
+ return "SHA3-512"
+ }
+ return ""
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdh/ecdh.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdh/ecdh.go
new file mode 100644
index 0000000000000000000000000000000000000000..db8fb163b61f7f8321208b8115bac30bf61c4cfe
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdh/ecdh.go
@@ -0,0 +1,206 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package ecdh implements ECDH encryption, suitable for OpenPGP,
+// as specified in RFC 6637, section 8.
+package ecdh
+
+import (
+ "bytes"
+ "errors"
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/aes/keywrap"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/ecc"
+)
+
+type KDF struct {
+ Hash algorithm.Hash
+ Cipher algorithm.Cipher
+}
+
+type PublicKey struct {
+ curve ecc.ECDHCurve
+ Point []byte
+ KDF
+}
+
+type PrivateKey struct {
+ PublicKey
+ D []byte
+}
+
+func NewPublicKey(curve ecc.ECDHCurve, kdfHash algorithm.Hash, kdfCipher algorithm.Cipher) *PublicKey {
+ return &PublicKey{
+ curve: curve,
+ KDF: KDF{
+ Hash: kdfHash,
+ Cipher: kdfCipher,
+ },
+ }
+}
+
+func NewPrivateKey(key PublicKey) *PrivateKey {
+ return &PrivateKey{
+ PublicKey: key,
+ }
+}
+
+func (pk *PublicKey) GetCurve() ecc.ECDHCurve {
+ return pk.curve
+}
+
+func (pk *PublicKey) MarshalPoint() []byte {
+ return pk.curve.MarshalBytePoint(pk.Point)
+}
+
+func (pk *PublicKey) UnmarshalPoint(p []byte) error {
+ pk.Point = pk.curve.UnmarshalBytePoint(p)
+ if pk.Point == nil {
+ return errors.New("ecdh: failed to parse EC point")
+ }
+ return nil
+}
+
+func (sk *PrivateKey) MarshalByteSecret() []byte {
+ return sk.curve.MarshalByteSecret(sk.D)
+}
+
+func (sk *PrivateKey) UnmarshalByteSecret(d []byte) error {
+ sk.D = sk.curve.UnmarshalByteSecret(d)
+
+ if sk.D == nil {
+ return errors.New("ecdh: failed to parse scalar")
+ }
+ return nil
+}
+
+func GenerateKey(rand io.Reader, c ecc.ECDHCurve, kdf KDF) (priv *PrivateKey, err error) {
+ priv = new(PrivateKey)
+ priv.PublicKey.curve = c
+ priv.PublicKey.KDF = kdf
+ priv.PublicKey.Point, priv.D, err = c.GenerateECDH(rand)
+ return
+}
+
+func Encrypt(random io.Reader, pub *PublicKey, msg, curveOID, fingerprint []byte) (vsG, c []byte, err error) {
+ if len(msg) > 40 {
+ return nil, nil, errors.New("ecdh: message too long")
+ }
+ // the sender MAY use 21, 13, and 5 bytes of padding for AES-128,
+ // AES-192, and AES-256, respectively, to provide the same number of
+ // octets, 40 total, as an input to the key wrapping method.
+ padding := make([]byte, 40-len(msg))
+ for i := range padding {
+ padding[i] = byte(40 - len(msg))
+ }
+ m := append(msg, padding...)
+
+ ephemeral, zb, err := pub.curve.Encaps(random, pub.Point)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ vsG = pub.curve.MarshalBytePoint(ephemeral)
+
+ z, err := buildKey(pub, zb, curveOID, fingerprint, false, false)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ if c, err = keywrap.Wrap(z, m); err != nil {
+ return nil, nil, err
+ }
+
+ return vsG, c, nil
+
+}
+
+func Decrypt(priv *PrivateKey, vsG, c, curveOID, fingerprint []byte) (msg []byte, err error) {
+ var m []byte
+ zb, err := priv.PublicKey.curve.Decaps(priv.curve.UnmarshalBytePoint(vsG), priv.D)
+
+ // Try buildKey three times to workaround an old bug, see comments in buildKey.
+ for i := 0; i < 3; i++ {
+ var z []byte
+ // RFC6637 §8: "Compute Z = KDF( S, Z_len, Param );"
+ z, err = buildKey(&priv.PublicKey, zb, curveOID, fingerprint, i == 1, i == 2)
+ if err != nil {
+ return nil, err
+ }
+
+ // RFC6637 §8: "Compute C = AESKeyWrap( Z, c ) as per [RFC3394]"
+ m, err = keywrap.Unwrap(z, c)
+ if err == nil {
+ break
+ }
+ }
+
+ // Only return an error after we've tried all (required) variants of buildKey.
+ if err != nil {
+ return nil, err
+ }
+
+ // RFC6637 §8: "m = symm_alg_ID || session key || checksum || pkcs5_padding"
+ // The last byte should be the length of the padding, as per PKCS5; strip it off.
+ return m[:len(m)-int(m[len(m)-1])], nil
+}
+
+func buildKey(pub *PublicKey, zb []byte, curveOID, fingerprint []byte, stripLeading, stripTrailing bool) ([]byte, error) {
+ // Param = curve_OID_len || curve_OID || public_key_alg_ID || 03
+ // || 01 || KDF_hash_ID || KEK_alg_ID for AESKeyWrap
+ // || "Anonymous Sender " || recipient_fingerprint;
+ param := new(bytes.Buffer)
+ if _, err := param.Write(curveOID); err != nil {
+ return nil, err
+ }
+ algKDF := []byte{18, 3, 1, pub.KDF.Hash.Id(), pub.KDF.Cipher.Id()}
+ if _, err := param.Write(algKDF); err != nil {
+ return nil, err
+ }
+ if _, err := param.Write([]byte("Anonymous Sender ")); err != nil {
+ return nil, err
+ }
+ if _, err := param.Write(fingerprint[:]); err != nil {
+ return nil, err
+ }
+
+ // MB = Hash ( 00 || 00 || 00 || 01 || ZB || Param );
+ h := pub.KDF.Hash.New()
+ if _, err := h.Write([]byte{0x0, 0x0, 0x0, 0x1}); err != nil {
+ return nil, err
+ }
+ zbLen := len(zb)
+ i := 0
+ j := zbLen - 1
+ if stripLeading {
+ // Work around old go crypto bug where the leading zeros are missing.
+ for i < zbLen && zb[i] == 0 {
+ i++
+ }
+ }
+ if stripTrailing {
+ // Work around old OpenPGP.js bug where insignificant trailing zeros in
+ // this little-endian number are missing.
+ // (See https://github.com/openpgpjs/openpgpjs/pull/853.)
+ for j >= 0 && zb[j] == 0 {
+ j--
+ }
+ }
+ if _, err := h.Write(zb[i : j+1]); err != nil {
+ return nil, err
+ }
+ if _, err := h.Write(param.Bytes()); err != nil {
+ return nil, err
+ }
+ mb := h.Sum(nil)
+
+ return mb[:pub.KDF.Cipher.KeySize()], nil // return oBits leftmost bits of MB.
+
+}
+
+func Validate(priv *PrivateKey) error {
+ return priv.curve.ValidateECDH(priv.Point, priv.D)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdsa/ecdsa.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdsa/ecdsa.go
new file mode 100644
index 0000000000000000000000000000000000000000..f94ae1b2f5057d22fb702c62c28a3fbbe3567609
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/ecdsa/ecdsa.go
@@ -0,0 +1,80 @@
+// Package ecdsa implements ECDSA signature, suitable for OpenPGP,
+// as specified in RFC 6637, section 5.
+package ecdsa
+
+import (
+ "errors"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/ecc"
+ "io"
+ "math/big"
+)
+
+type PublicKey struct {
+ X, Y *big.Int
+ curve ecc.ECDSACurve
+}
+
+type PrivateKey struct {
+ PublicKey
+ D *big.Int
+}
+
+func NewPublicKey(curve ecc.ECDSACurve) *PublicKey {
+ return &PublicKey{
+ curve: curve,
+ }
+}
+
+func NewPrivateKey(key PublicKey) *PrivateKey {
+ return &PrivateKey{
+ PublicKey: key,
+ }
+}
+
+func (pk *PublicKey) GetCurve() ecc.ECDSACurve {
+ return pk.curve
+}
+
+func (pk *PublicKey) MarshalPoint() []byte {
+ return pk.curve.MarshalIntegerPoint(pk.X, pk.Y)
+}
+
+func (pk *PublicKey) UnmarshalPoint(p []byte) error {
+ pk.X, pk.Y = pk.curve.UnmarshalIntegerPoint(p)
+ if pk.X == nil {
+ return errors.New("ecdsa: failed to parse EC point")
+ }
+ return nil
+}
+
+func (sk *PrivateKey) MarshalIntegerSecret() []byte {
+ return sk.curve.MarshalIntegerSecret(sk.D)
+}
+
+func (sk *PrivateKey) UnmarshalIntegerSecret(d []byte) error {
+ sk.D = sk.curve.UnmarshalIntegerSecret(d)
+
+ if sk.D == nil {
+ return errors.New("ecdsa: failed to parse scalar")
+ }
+ return nil
+}
+
+func GenerateKey(rand io.Reader, c ecc.ECDSACurve) (priv *PrivateKey, err error) {
+ priv = new(PrivateKey)
+ priv.PublicKey.curve = c
+ priv.PublicKey.X, priv.PublicKey.Y, priv.D, err = c.GenerateECDSA(rand)
+ return
+}
+
+func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error) {
+ return priv.PublicKey.curve.Sign(rand, priv.X, priv.Y, priv.D, hash)
+}
+
+func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool {
+ return pub.curve.Verify(pub.X, pub.Y, hash, r, s)
+}
+
+func Validate(priv *PrivateKey) error {
+ return priv.curve.ValidateECDSA(priv.X, priv.Y, priv.D.Bytes())
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/ed25519/ed25519.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/ed25519/ed25519.go
new file mode 100644
index 0000000000000000000000000000000000000000..6abdf7c4466d3f83801d01f62d2edaa5b39164d2
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/ed25519/ed25519.go
@@ -0,0 +1,115 @@
+// Package ed25519 implements the ed25519 signature algorithm for OpenPGP
+// as defined in the Open PGP crypto refresh.
+package ed25519
+
+import (
+ "crypto/subtle"
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ ed25519lib "github.com/cloudflare/circl/sign/ed25519"
+)
+
+const (
+ // PublicKeySize is the size, in bytes, of public keys in this package.
+ PublicKeySize = ed25519lib.PublicKeySize
+ // SeedSize is the size, in bytes, of private key seeds.
+ // The private key representation used by RFC 8032.
+ SeedSize = ed25519lib.SeedSize
+ // SignatureSize is the size, in bytes, of signatures generated and verified by this package.
+ SignatureSize = ed25519lib.SignatureSize
+)
+
+type PublicKey struct {
+ // Point represents the elliptic curve point of the public key.
+ Point []byte
+}
+
+type PrivateKey struct {
+ PublicKey
+ // Key the private key representation by RFC 8032,
+ // encoded as seed | pub key point.
+ Key []byte
+}
+
+// NewPublicKey creates a new empty ed25519 public key.
+func NewPublicKey() *PublicKey {
+ return &PublicKey{}
+}
+
+// NewPrivateKey creates a new empty private key referencing the public key.
+func NewPrivateKey(key PublicKey) *PrivateKey {
+ return &PrivateKey{
+ PublicKey: key,
+ }
+}
+
+// Seed returns the ed25519 private key secret seed.
+// The private key representation by RFC 8032.
+func (pk *PrivateKey) Seed() []byte {
+ return pk.Key[:SeedSize]
+}
+
+// MarshalByteSecret returns the underlying 32 byte seed of the private key.
+func (pk *PrivateKey) MarshalByteSecret() []byte {
+ return pk.Seed()
+}
+
+// UnmarshalByteSecret computes the private key from the secret seed
+// and stores it in the private key object.
+func (sk *PrivateKey) UnmarshalByteSecret(seed []byte) error {
+ sk.Key = ed25519lib.NewKeyFromSeed(seed)
+ return nil
+}
+
+// GenerateKey generates a fresh private key with the provided randomness source.
+func GenerateKey(rand io.Reader) (*PrivateKey, error) {
+ publicKey, privateKey, err := ed25519lib.GenerateKey(rand)
+ if err != nil {
+ return nil, err
+ }
+ privateKeyOut := new(PrivateKey)
+ privateKeyOut.PublicKey.Point = publicKey[:]
+ privateKeyOut.Key = privateKey[:]
+ return privateKeyOut, nil
+}
+
+// Sign signs a message with the ed25519 algorithm.
+// priv MUST be a valid key! Check this with Validate() before use.
+func Sign(priv *PrivateKey, message []byte) ([]byte, error) {
+ return ed25519lib.Sign(priv.Key, message), nil
+}
+
+// Verify verifies an ed25519 signature.
+func Verify(pub *PublicKey, message []byte, signature []byte) bool {
+ return ed25519lib.Verify(pub.Point, message, signature)
+}
+
+// Validate checks if the ed25519 private key is valid.
+func Validate(priv *PrivateKey) error {
+ expectedPrivateKey := ed25519lib.NewKeyFromSeed(priv.Seed())
+ if subtle.ConstantTimeCompare(priv.Key, expectedPrivateKey) == 0 {
+ return errors.KeyInvalidError("ed25519: invalid ed25519 secret")
+ }
+ if subtle.ConstantTimeCompare(priv.PublicKey.Point, expectedPrivateKey[SeedSize:]) == 0 {
+ return errors.KeyInvalidError("ed25519: invalid ed25519 public key")
+ }
+ return nil
+}
+
+// ENCODING/DECODING signature:
+
+// WriteSignature encodes and writes an ed25519 signature to writer.
+func WriteSignature(writer io.Writer, signature []byte) error {
+ _, err := writer.Write(signature)
+ return err
+}
+
+// ReadSignature decodes an ed25519 signature from a reader.
+func ReadSignature(reader io.Reader) ([]byte, error) {
+ signature := make([]byte, SignatureSize)
+ if _, err := io.ReadFull(reader, signature); err != nil {
+ return nil, err
+ }
+ return signature, nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/ed448/ed448.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/ed448/ed448.go
new file mode 100644
index 0000000000000000000000000000000000000000..b11fb4fb17900f757448975d123b57a75cbc932c
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/ed448/ed448.go
@@ -0,0 +1,119 @@
+// Package ed448 implements the ed448 signature algorithm for OpenPGP
+// as defined in the Open PGP crypto refresh.
+package ed448
+
+import (
+ "crypto/subtle"
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ ed448lib "github.com/cloudflare/circl/sign/ed448"
+)
+
+const (
+ // PublicKeySize is the size, in bytes, of public keys in this package.
+ PublicKeySize = ed448lib.PublicKeySize
+ // SeedSize is the size, in bytes, of private key seeds.
+ // The private key representation used by RFC 8032.
+ SeedSize = ed448lib.SeedSize
+ // SignatureSize is the size, in bytes, of signatures generated and verified by this package.
+ SignatureSize = ed448lib.SignatureSize
+)
+
+type PublicKey struct {
+ // Point represents the elliptic curve point of the public key.
+ Point []byte
+}
+
+type PrivateKey struct {
+ PublicKey
+ // Key the private key representation by RFC 8032,
+ // encoded as seed | public key point.
+ Key []byte
+}
+
+// NewPublicKey creates a new empty ed448 public key.
+func NewPublicKey() *PublicKey {
+ return &PublicKey{}
+}
+
+// NewPrivateKey creates a new empty private key referencing the public key.
+func NewPrivateKey(key PublicKey) *PrivateKey {
+ return &PrivateKey{
+ PublicKey: key,
+ }
+}
+
+// Seed returns the ed448 private key secret seed.
+// The private key representation by RFC 8032.
+func (pk *PrivateKey) Seed() []byte {
+ return pk.Key[:SeedSize]
+}
+
+// MarshalByteSecret returns the underlying seed of the private key.
+func (pk *PrivateKey) MarshalByteSecret() []byte {
+ return pk.Seed()
+}
+
+// UnmarshalByteSecret computes the private key from the secret seed
+// and stores it in the private key object.
+func (sk *PrivateKey) UnmarshalByteSecret(seed []byte) error {
+ sk.Key = ed448lib.NewKeyFromSeed(seed)
+ return nil
+}
+
+// GenerateKey generates a fresh private key with the provided randomness source.
+func GenerateKey(rand io.Reader) (*PrivateKey, error) {
+ publicKey, privateKey, err := ed448lib.GenerateKey(rand)
+ if err != nil {
+ return nil, err
+ }
+ privateKeyOut := new(PrivateKey)
+ privateKeyOut.PublicKey.Point = publicKey[:]
+ privateKeyOut.Key = privateKey[:]
+ return privateKeyOut, nil
+}
+
+// Sign signs a message with the ed448 algorithm.
+// priv MUST be a valid key! Check this with Validate() before use.
+func Sign(priv *PrivateKey, message []byte) ([]byte, error) {
+ // Ed448 is used with the empty string as a context string.
+ // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-08#section-13.7
+ return ed448lib.Sign(priv.Key, message, ""), nil
+}
+
+// Verify verifies a ed448 signature
+func Verify(pub *PublicKey, message []byte, signature []byte) bool {
+ // Ed448 is used with the empty string as a context string.
+ // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-08#section-13.7
+ return ed448lib.Verify(pub.Point, message, signature, "")
+}
+
+// Validate checks if the ed448 private key is valid
+func Validate(priv *PrivateKey) error {
+ expectedPrivateKey := ed448lib.NewKeyFromSeed(priv.Seed())
+ if subtle.ConstantTimeCompare(priv.Key, expectedPrivateKey) == 0 {
+ return errors.KeyInvalidError("ed448: invalid ed448 secret")
+ }
+ if subtle.ConstantTimeCompare(priv.PublicKey.Point, expectedPrivateKey[SeedSize:]) == 0 {
+ return errors.KeyInvalidError("ed448: invalid ed448 public key")
+ }
+ return nil
+}
+
+// ENCODING/DECODING signature:
+
+// WriteSignature encodes and writes an ed448 signature to writer.
+func WriteSignature(writer io.Writer, signature []byte) error {
+ _, err := writer.Write(signature)
+ return err
+}
+
+// ReadSignature decodes an ed448 signature from a reader.
+func ReadSignature(reader io.Reader) ([]byte, error) {
+ signature := make([]byte, SignatureSize)
+ if _, err := io.ReadFull(reader, signature); err != nil {
+ return nil, err
+ }
+ return signature, nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/eddsa/eddsa.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/eddsa/eddsa.go
new file mode 100644
index 0000000000000000000000000000000000000000..99ecfc7f12d0b11b2dc1e40d774c56594eaeb79a
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/eddsa/eddsa.go
@@ -0,0 +1,91 @@
+// Package eddsa implements EdDSA signature, suitable for OpenPGP, as specified in
+// https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-13.7
+package eddsa
+
+import (
+ "errors"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/ecc"
+ "io"
+)
+
+type PublicKey struct {
+ X []byte
+ curve ecc.EdDSACurve
+}
+
+type PrivateKey struct {
+ PublicKey
+ D []byte
+}
+
+func NewPublicKey(curve ecc.EdDSACurve) *PublicKey {
+ return &PublicKey{
+ curve: curve,
+ }
+}
+
+func NewPrivateKey(key PublicKey) *PrivateKey {
+ return &PrivateKey{
+ PublicKey: key,
+ }
+}
+
+func (pk *PublicKey) GetCurve() ecc.EdDSACurve {
+ return pk.curve
+}
+
+func (pk *PublicKey) MarshalPoint() []byte {
+ return pk.curve.MarshalBytePoint(pk.X)
+}
+
+func (pk *PublicKey) UnmarshalPoint(x []byte) error {
+ pk.X = pk.curve.UnmarshalBytePoint(x)
+
+ if pk.X == nil {
+ return errors.New("eddsa: failed to parse EC point")
+ }
+ return nil
+}
+
+func (sk *PrivateKey) MarshalByteSecret() []byte {
+ return sk.curve.MarshalByteSecret(sk.D)
+}
+
+func (sk *PrivateKey) UnmarshalByteSecret(d []byte) error {
+ sk.D = sk.curve.UnmarshalByteSecret(d)
+
+ if sk.D == nil {
+ return errors.New("eddsa: failed to parse scalar")
+ }
+ return nil
+}
+
+func GenerateKey(rand io.Reader, c ecc.EdDSACurve) (priv *PrivateKey, err error) {
+ priv = new(PrivateKey)
+ priv.PublicKey.curve = c
+ priv.PublicKey.X, priv.D, err = c.GenerateEdDSA(rand)
+ return
+}
+
+func Sign(priv *PrivateKey, message []byte) (r, s []byte, err error) {
+ sig, err := priv.PublicKey.curve.Sign(priv.PublicKey.X, priv.D, message)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ r, s = priv.PublicKey.curve.MarshalSignature(sig)
+ return
+}
+
+func Verify(pub *PublicKey, message, r, s []byte) bool {
+ sig := pub.curve.UnmarshalSignature(r, s)
+ if sig == nil {
+ return false
+ }
+
+ return pub.curve.Verify(pub.X, message, sig)
+}
+
+func Validate(priv *PrivateKey) error {
+ return priv.curve.ValidateEdDSA(priv.PublicKey.X, priv.D)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/elgamal/elgamal.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/elgamal/elgamal.go
new file mode 100644
index 0000000000000000000000000000000000000000..bad27743445fde4a6fa1b79bd2cbe321c60b396b
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/elgamal/elgamal.go
@@ -0,0 +1,124 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package elgamal implements ElGamal encryption, suitable for OpenPGP,
+// as specified in "A Public-Key Cryptosystem and a Signature Scheme Based on
+// Discrete Logarithms," IEEE Transactions on Information Theory, v. IT-31,
+// n. 4, 1985, pp. 469-472.
+//
+// This form of ElGamal embeds PKCS#1 v1.5 padding, which may make it
+// unsuitable for other protocols. RSA should be used in preference in any
+// case.
+package elgamal // import "github.com/ProtonMail/go-crypto/openpgp/elgamal"
+
+import (
+ "crypto/rand"
+ "crypto/subtle"
+ "errors"
+ "io"
+ "math/big"
+)
+
+// PublicKey represents an ElGamal public key.
+type PublicKey struct {
+ G, P, Y *big.Int
+}
+
+// PrivateKey represents an ElGamal private key.
+type PrivateKey struct {
+ PublicKey
+ X *big.Int
+}
+
+// Encrypt encrypts the given message to the given public key. The result is a
+// pair of integers. Errors can result from reading random, or because msg is
+// too large to be encrypted to the public key.
+func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) {
+ pLen := (pub.P.BitLen() + 7) / 8
+ if len(msg) > pLen-11 {
+ err = errors.New("elgamal: message too long")
+ return
+ }
+
+ // EM = 0x02 || PS || 0x00 || M
+ em := make([]byte, pLen-1)
+ em[0] = 2
+ ps, mm := em[1:len(em)-len(msg)-1], em[len(em)-len(msg):]
+ err = nonZeroRandomBytes(ps, random)
+ if err != nil {
+ return
+ }
+ em[len(em)-len(msg)-1] = 0
+ copy(mm, msg)
+
+ m := new(big.Int).SetBytes(em)
+
+ k, err := rand.Int(random, pub.P)
+ if err != nil {
+ return
+ }
+
+ c1 = new(big.Int).Exp(pub.G, k, pub.P)
+ s := new(big.Int).Exp(pub.Y, k, pub.P)
+ c2 = s.Mul(s, m)
+ c2.Mod(c2, pub.P)
+
+ return
+}
+
+// Decrypt takes two integers, resulting from an ElGamal encryption, and
+// returns the plaintext of the message. An error can result only if the
+// ciphertext is invalid. Users should keep in mind that this is a padding
+// oracle and thus, if exposed to an adaptive chosen ciphertext attack, can
+// be used to break the cryptosystem. See “Chosen Ciphertext Attacks
+// Against Protocols Based on the RSA Encryption Standard PKCS #1”, Daniel
+// Bleichenbacher, Advances in Cryptology (Crypto '98),
+func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) {
+ s := new(big.Int).Exp(c1, priv.X, priv.P)
+ if s.ModInverse(s, priv.P) == nil {
+ return nil, errors.New("elgamal: invalid private key")
+ }
+ s.Mul(s, c2)
+ s.Mod(s, priv.P)
+ em := s.Bytes()
+
+ firstByteIsTwo := subtle.ConstantTimeByteEq(em[0], 2)
+
+ // The remainder of the plaintext must be a string of non-zero random
+ // octets, followed by a 0, followed by the message.
+ // lookingForIndex: 1 iff we are still looking for the zero.
+ // index: the offset of the first zero byte.
+ var lookingForIndex, index int
+ lookingForIndex = 1
+
+ for i := 1; i < len(em); i++ {
+ equals0 := subtle.ConstantTimeByteEq(em[i], 0)
+ index = subtle.ConstantTimeSelect(lookingForIndex&equals0, i, index)
+ lookingForIndex = subtle.ConstantTimeSelect(equals0, 0, lookingForIndex)
+ }
+
+ if firstByteIsTwo != 1 || lookingForIndex != 0 || index < 9 {
+ return nil, errors.New("elgamal: decryption error")
+ }
+ return em[index+1:], nil
+}
+
+// nonZeroRandomBytes fills the given slice with non-zero random octets.
+func nonZeroRandomBytes(s []byte, rand io.Reader) (err error) {
+ _, err = io.ReadFull(rand, s)
+ if err != nil {
+ return
+ }
+
+ for i := 0; i < len(s); i++ {
+ for s[i] == 0 {
+ _, err = io.ReadFull(rand, s[i:i+1])
+ if err != nil {
+ return
+ }
+ }
+ }
+
+ return
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go
new file mode 100644
index 0000000000000000000000000000000000000000..0eb3937b3954c315ff5f6997a4e9a95cd2b37aec
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/errors/errors.go
@@ -0,0 +1,180 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package errors contains common error types for the OpenPGP packages.
+package errors // import "github.com/ProtonMail/go-crypto/openpgp/errors"
+
+import (
+ "strconv"
+)
+
+var (
+ // ErrDecryptSessionKeyParsing is a generic error message for parsing errors in decrypted data
+ // to reduce the risk of oracle attacks.
+ ErrDecryptSessionKeyParsing = DecryptWithSessionKeyError("parsing error")
+ // ErrAEADTagVerification is returned if one of the tag verifications in SEIPDv2 fails
+ ErrAEADTagVerification error = DecryptWithSessionKeyError("AEAD tag verification failed")
+ // ErrMDCHashMismatch
+ ErrMDCHashMismatch error = SignatureError("MDC hash mismatch")
+ // ErrMDCMissing
+ ErrMDCMissing error = SignatureError("MDC packet not found")
+)
+
+// A StructuralError is returned when OpenPGP data is found to be syntactically
+// invalid.
+type StructuralError string
+
+func (s StructuralError) Error() string {
+ return "openpgp: invalid data: " + string(s)
+}
+
+// A DecryptWithSessionKeyError is returned when a failure occurs when reading from symmetrically decrypted data or
+// an authentication tag verification fails.
+// Such an error indicates that the supplied session key is likely wrong or the data got corrupted.
+type DecryptWithSessionKeyError string
+
+func (s DecryptWithSessionKeyError) Error() string {
+ return "openpgp: decryption with session key failed: " + string(s)
+}
+
+// HandleSensitiveParsingError handles parsing errors when reading data from potentially decrypted data.
+// The function makes parsing errors generic to reduce the risk of oracle attacks in SEIPDv1.
+func HandleSensitiveParsingError(err error, decrypted bool) error {
+ if !decrypted {
+ // Data was not encrypted so we return the inner error.
+ return err
+ }
+ // The data is read from a stream that decrypts using a session key;
+ // therefore, we need to handle parsing errors appropriately.
+ // This is essential to mitigate the risk of oracle attacks.
+ if decError, ok := err.(*DecryptWithSessionKeyError); ok {
+ return decError
+ }
+ if decError, ok := err.(DecryptWithSessionKeyError); ok {
+ return decError
+ }
+ return ErrDecryptSessionKeyParsing
+}
+
+// UnsupportedError indicates that, although the OpenPGP data is valid, it
+// makes use of currently unimplemented features.
+type UnsupportedError string
+
+func (s UnsupportedError) Error() string {
+ return "openpgp: unsupported feature: " + string(s)
+}
+
+// InvalidArgumentError indicates that the caller is in error and passed an
+// incorrect value.
+type InvalidArgumentError string
+
+func (i InvalidArgumentError) Error() string {
+ return "openpgp: invalid argument: " + string(i)
+}
+
+// SignatureError indicates that a syntactically valid signature failed to
+// validate.
+type SignatureError string
+
+func (b SignatureError) Error() string {
+ return "openpgp: invalid signature: " + string(b)
+}
+
+type signatureExpiredError int
+
+func (se signatureExpiredError) Error() string {
+ return "openpgp: signature expired"
+}
+
+var ErrSignatureExpired error = signatureExpiredError(0)
+
+type keyExpiredError int
+
+func (ke keyExpiredError) Error() string {
+ return "openpgp: key expired"
+}
+
+var ErrSignatureOlderThanKey error = signatureOlderThanKeyError(0)
+
+type signatureOlderThanKeyError int
+
+func (ske signatureOlderThanKeyError) Error() string {
+ return "openpgp: signature is older than the key"
+}
+
+var ErrKeyExpired error = keyExpiredError(0)
+
+type keyIncorrectError int
+
+func (ki keyIncorrectError) Error() string {
+ return "openpgp: incorrect key"
+}
+
+var ErrKeyIncorrect error = keyIncorrectError(0)
+
+// KeyInvalidError indicates that the public key parameters are invalid
+// as they do not match the private ones
+type KeyInvalidError string
+
+func (e KeyInvalidError) Error() string {
+ return "openpgp: invalid key: " + string(e)
+}
+
+type unknownIssuerError int
+
+func (unknownIssuerError) Error() string {
+ return "openpgp: signature made by unknown entity"
+}
+
+var ErrUnknownIssuer error = unknownIssuerError(0)
+
+type keyRevokedError int
+
+func (keyRevokedError) Error() string {
+ return "openpgp: signature made by revoked key"
+}
+
+var ErrKeyRevoked error = keyRevokedError(0)
+
+type WeakAlgorithmError string
+
+func (e WeakAlgorithmError) Error() string {
+ return "openpgp: weak algorithms are rejected: " + string(e)
+}
+
+type UnknownPacketTypeError uint8
+
+func (upte UnknownPacketTypeError) Error() string {
+ return "openpgp: unknown packet type: " + strconv.Itoa(int(upte))
+}
+
+type CriticalUnknownPacketTypeError uint8
+
+func (upte CriticalUnknownPacketTypeError) Error() string {
+ return "openpgp: unknown critical packet type: " + strconv.Itoa(int(upte))
+}
+
+// AEADError indicates that there is a problem when initializing or using a
+// AEAD instance, configuration struct, nonces or index values.
+type AEADError string
+
+func (ae AEADError) Error() string {
+ return "openpgp: aead error: " + string(ae)
+}
+
+// ErrDummyPrivateKey results when operations are attempted on a private key
+// that is just a dummy key. See
+// https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=fe55ae16ab4e26d8356dc574c9e8bc935e71aef1;hb=23191d7851eae2217ecdac6484349849a24fd94a#l1109
+type ErrDummyPrivateKey string
+
+func (dke ErrDummyPrivateKey) Error() string {
+ return "openpgp: s2k GNU dummy key: " + string(dke)
+}
+
+// ErrMalformedMessage results when the packet sequence is incorrect
+type ErrMalformedMessage string
+
+func (dke ErrMalformedMessage) Error() string {
+ return "openpgp: malformed message " + string(dke)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/hash.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/hash.go
new file mode 100644
index 0000000000000000000000000000000000000000..526bd7777f8680c7dad8ecca28a56aa17137b0df
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/hash.go
@@ -0,0 +1,24 @@
+package openpgp
+
+import (
+ "crypto"
+
+ "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
+)
+
+// HashIdToHash returns a crypto.Hash which corresponds to the given OpenPGP
+// hash id.
+func HashIdToHash(id byte) (h crypto.Hash, ok bool) {
+ return algorithm.HashIdToHash(id)
+}
+
+// HashIdToString returns the name of the hash function corresponding to the
+// given OpenPGP hash id.
+func HashIdToString(id byte) (name string, ok bool) {
+ return algorithm.HashIdToString(id)
+}
+
+// HashToHashId returns an OpenPGP hash id which corresponds the given Hash.
+func HashToHashId(h crypto.Hash) (id byte, ok bool) {
+ return algorithm.HashToHashId(h)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/aead.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/aead.go
new file mode 100644
index 0000000000000000000000000000000000000000..d067065186645c6eea72ab87345d37f1b641b2dc
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/aead.go
@@ -0,0 +1,65 @@
+// Copyright (C) 2019 ProtonTech AG
+
+package algorithm
+
+import (
+ "crypto/cipher"
+ "github.com/ProtonMail/go-crypto/eax"
+ "github.com/ProtonMail/go-crypto/ocb"
+)
+
+// AEADMode defines the Authenticated Encryption with Associated Data mode of
+// operation.
+type AEADMode uint8
+
+// Supported modes of operation (see RFC4880bis [EAX] and RFC7253)
+const (
+ AEADModeEAX = AEADMode(1)
+ AEADModeOCB = AEADMode(2)
+ AEADModeGCM = AEADMode(3)
+)
+
+// TagLength returns the length in bytes of authentication tags.
+func (mode AEADMode) TagLength() int {
+ switch mode {
+ case AEADModeEAX:
+ return 16
+ case AEADModeOCB:
+ return 16
+ case AEADModeGCM:
+ return 16
+ default:
+ return 0
+ }
+}
+
+// NonceLength returns the length in bytes of nonces.
+func (mode AEADMode) NonceLength() int {
+ switch mode {
+ case AEADModeEAX:
+ return 16
+ case AEADModeOCB:
+ return 15
+ case AEADModeGCM:
+ return 12
+ default:
+ return 0
+ }
+}
+
+// New returns a fresh instance of the given mode
+func (mode AEADMode) New(block cipher.Block) (alg cipher.AEAD) {
+ var err error
+ switch mode {
+ case AEADModeEAX:
+ alg, err = eax.NewEAX(block)
+ case AEADModeOCB:
+ alg, err = ocb.NewOCB(block)
+ case AEADModeGCM:
+ alg, err = cipher.NewGCM(block)
+ }
+ if err != nil {
+ panic(err.Error())
+ }
+ return alg
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go
new file mode 100644
index 0000000000000000000000000000000000000000..c76a75bcda525985eea9d5b33a6ab96aa6b73498
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/cipher.go
@@ -0,0 +1,97 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package algorithm
+
+import (
+ "crypto/aes"
+ "crypto/cipher"
+ "crypto/des"
+
+ "golang.org/x/crypto/cast5"
+)
+
+// Cipher is an official symmetric key cipher algorithm. See RFC 4880,
+// section 9.2.
+type Cipher interface {
+ // Id returns the algorithm ID, as a byte, of the cipher.
+ Id() uint8
+ // KeySize returns the key size, in bytes, of the cipher.
+ KeySize() int
+ // BlockSize returns the block size, in bytes, of the cipher.
+ BlockSize() int
+ // New returns a fresh instance of the given cipher.
+ New(key []byte) cipher.Block
+}
+
+// The following constants mirror the OpenPGP standard (RFC 4880).
+const (
+ TripleDES = CipherFunction(2)
+ CAST5 = CipherFunction(3)
+ AES128 = CipherFunction(7)
+ AES192 = CipherFunction(8)
+ AES256 = CipherFunction(9)
+)
+
+// CipherById represents the different block ciphers specified for OpenPGP. See
+// http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13
+var CipherById = map[uint8]Cipher{
+ TripleDES.Id(): TripleDES,
+ CAST5.Id(): CAST5,
+ AES128.Id(): AES128,
+ AES192.Id(): AES192,
+ AES256.Id(): AES256,
+}
+
+type CipherFunction uint8
+
+// ID returns the algorithm Id, as a byte, of cipher.
+func (sk CipherFunction) Id() uint8 {
+ return uint8(sk)
+}
+
+// KeySize returns the key size, in bytes, of cipher.
+func (cipher CipherFunction) KeySize() int {
+ switch cipher {
+ case CAST5:
+ return cast5.KeySize
+ case AES128:
+ return 16
+ case AES192, TripleDES:
+ return 24
+ case AES256:
+ return 32
+ }
+ return 0
+}
+
+// BlockSize returns the block size, in bytes, of cipher.
+func (cipher CipherFunction) BlockSize() int {
+ switch cipher {
+ case TripleDES:
+ return des.BlockSize
+ case CAST5:
+ return 8
+ case AES128, AES192, AES256:
+ return 16
+ }
+ return 0
+}
+
+// New returns a fresh instance of the given cipher.
+func (cipher CipherFunction) New(key []byte) (block cipher.Block) {
+ var err error
+ switch cipher {
+ case TripleDES:
+ block, err = des.NewTripleDESCipher(key)
+ case CAST5:
+ block, err = cast5.NewCipher(key)
+ case AES128, AES192, AES256:
+ block, err = aes.NewCipher(key)
+ }
+ if err != nil {
+ panic(err.Error())
+ }
+ return
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/hash.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/hash.go
new file mode 100644
index 0000000000000000000000000000000000000000..d1a00fc7495048576fe0d549c6978eb7afc86e37
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/algorithm/hash.go
@@ -0,0 +1,143 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package algorithm
+
+import (
+ "crypto"
+ "fmt"
+ "hash"
+)
+
+// Hash is an official hash function algorithm. See RFC 4880, section 9.4.
+type Hash interface {
+ // Id returns the algorithm ID, as a byte, of Hash.
+ Id() uint8
+ // Available reports whether the given hash function is linked into the binary.
+ Available() bool
+ // HashFunc simply returns the value of h so that Hash implements SignerOpts.
+ HashFunc() crypto.Hash
+ // New returns a new hash.Hash calculating the given hash function. New
+ // panics if the hash function is not linked into the binary.
+ New() hash.Hash
+ // Size returns the length, in bytes, of a digest resulting from the given
+ // hash function. It doesn't require that the hash function in question be
+ // linked into the program.
+ Size() int
+ // String is the name of the hash function corresponding to the given
+ // OpenPGP hash id.
+ String() string
+}
+
+// The following vars mirror the crypto/Hash supported hash functions.
+var (
+ SHA1 Hash = cryptoHash{2, crypto.SHA1}
+ SHA256 Hash = cryptoHash{8, crypto.SHA256}
+ SHA384 Hash = cryptoHash{9, crypto.SHA384}
+ SHA512 Hash = cryptoHash{10, crypto.SHA512}
+ SHA224 Hash = cryptoHash{11, crypto.SHA224}
+ SHA3_256 Hash = cryptoHash{12, crypto.SHA3_256}
+ SHA3_512 Hash = cryptoHash{14, crypto.SHA3_512}
+)
+
+// HashById represents the different hash functions specified for OpenPGP. See
+// http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-14
+var (
+ HashById = map[uint8]Hash{
+ SHA256.Id(): SHA256,
+ SHA384.Id(): SHA384,
+ SHA512.Id(): SHA512,
+ SHA224.Id(): SHA224,
+ SHA3_256.Id(): SHA3_256,
+ SHA3_512.Id(): SHA3_512,
+ }
+)
+
+// cryptoHash contains pairs relating OpenPGP's hash identifier with
+// Go's crypto.Hash type. See RFC 4880, section 9.4.
+type cryptoHash struct {
+ id uint8
+ crypto.Hash
+}
+
+// Id returns the algorithm ID, as a byte, of cryptoHash.
+func (h cryptoHash) Id() uint8 {
+ return h.id
+}
+
+var hashNames = map[uint8]string{
+ SHA256.Id(): "SHA256",
+ SHA384.Id(): "SHA384",
+ SHA512.Id(): "SHA512",
+ SHA224.Id(): "SHA224",
+ SHA3_256.Id(): "SHA3-256",
+ SHA3_512.Id(): "SHA3-512",
+}
+
+func (h cryptoHash) String() string {
+ s, ok := hashNames[h.id]
+ if !ok {
+ panic(fmt.Sprintf("Unsupported hash function %d", h.id))
+ }
+ return s
+}
+
+// HashIdToHash returns a crypto.Hash which corresponds to the given OpenPGP
+// hash id.
+func HashIdToHash(id byte) (h crypto.Hash, ok bool) {
+ if hash, ok := HashById[id]; ok {
+ return hash.HashFunc(), true
+ }
+ return 0, false
+}
+
+// HashIdToHashWithSha1 returns a crypto.Hash which corresponds to the given OpenPGP
+// hash id, allowing sha1.
+func HashIdToHashWithSha1(id byte) (h crypto.Hash, ok bool) {
+ if hash, ok := HashById[id]; ok {
+ return hash.HashFunc(), true
+ }
+
+ if id == SHA1.Id() {
+ return SHA1.HashFunc(), true
+ }
+
+ return 0, false
+}
+
+// HashIdToString returns the name of the hash function corresponding to the
+// given OpenPGP hash id.
+func HashIdToString(id byte) (name string, ok bool) {
+ if hash, ok := HashById[id]; ok {
+ return hash.String(), true
+ }
+ return "", false
+}
+
+// HashToHashId returns an OpenPGP hash id which corresponds the given Hash.
+func HashToHashId(h crypto.Hash) (id byte, ok bool) {
+ for id, hash := range HashById {
+ if hash.HashFunc() == h {
+ return id, true
+ }
+ }
+
+ return 0, false
+}
+
+// HashToHashIdWithSha1 returns an OpenPGP hash id which corresponds the given Hash,
+// allowing instances of SHA1
+func HashToHashIdWithSha1(h crypto.Hash) (id byte, ok bool) {
+ for id, hash := range HashById {
+ if hash.HashFunc() == h {
+ return id, true
+ }
+ }
+
+ if h == SHA1.HashFunc() {
+ return SHA1.Id(), true
+ }
+
+ return 0, false
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519.go
new file mode 100644
index 0000000000000000000000000000000000000000..888767c4e438331af11527c47cda7f88f862df70
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve25519.go
@@ -0,0 +1,171 @@
+// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
+package ecc
+
+import (
+ "crypto/subtle"
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ x25519lib "github.com/cloudflare/circl/dh/x25519"
+)
+
+type curve25519 struct{}
+
+func NewCurve25519() *curve25519 {
+ return &curve25519{}
+}
+
+func (c *curve25519) GetCurveName() string {
+ return "curve25519"
+}
+
+// MarshalBytePoint encodes the public point from native format, adding the prefix.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6
+func (c *curve25519) MarshalBytePoint(point []byte) []byte {
+ return append([]byte{0x40}, point...)
+}
+
+// UnmarshalBytePoint decodes the public point to native format, removing the prefix.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6
+func (c *curve25519) UnmarshalBytePoint(point []byte) []byte {
+ if len(point) != x25519lib.Size+1 {
+ return nil
+ }
+
+ // Remove prefix
+ return point[1:]
+}
+
+// MarshalByteSecret encodes the secret scalar from native format.
+// Note that the EC secret scalar differs from the definition of public keys in
+// [Curve25519] in two ways: (1) the byte-ordering is big-endian, which is
+// more uniform with how big integers are represented in OpenPGP, and (2) the
+// leading zeros are truncated.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6.1.1
+// Note that leading zero bytes are stripped later when encoding as an MPI.
+func (c *curve25519) MarshalByteSecret(secret []byte) []byte {
+ d := make([]byte, x25519lib.Size)
+ copyReversed(d, secret)
+
+ // The following ensures that the private key is a number of the form
+ // 2^{254} + 8 * [0, 2^{251}), in order to avoid the small subgroup of
+ // the curve.
+ //
+ // This masking is done internally in the underlying lib and so is unnecessary
+ // for security, but OpenPGP implementations require that private keys be
+ // pre-masked.
+ d[0] &= 127
+ d[0] |= 64
+ d[31] &= 248
+
+ return d
+}
+
+// UnmarshalByteSecret decodes the secret scalar from native format.
+// Note that the EC secret scalar differs from the definition of public keys in
+// [Curve25519] in two ways: (1) the byte-ordering is big-endian, which is
+// more uniform with how big integers are represented in OpenPGP, and (2) the
+// leading zeros are truncated.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6.1.1
+func (c *curve25519) UnmarshalByteSecret(d []byte) []byte {
+ if len(d) > x25519lib.Size {
+ return nil
+ }
+
+ // Ensure truncated leading bytes are re-added
+ secret := make([]byte, x25519lib.Size)
+ copyReversed(secret, d)
+
+ return secret
+}
+
+// generateKeyPairBytes Generates a private-public key-pair.
+// 'priv' is a private key; a little-endian scalar belonging to the set
+// 2^{254} + 8 * [0, 2^{251}), in order to avoid the small subgroup of the
+// curve. 'pub' is simply 'priv' * G where G is the base point.
+// See https://cr.yp.to/ecdh.html and RFC7748, sec 5.
+func (c *curve25519) generateKeyPairBytes(rand io.Reader) (priv, pub x25519lib.Key, err error) {
+ _, err = io.ReadFull(rand, priv[:])
+ if err != nil {
+ return
+ }
+
+ x25519lib.KeyGen(&pub, &priv)
+ return
+}
+
+func (c *curve25519) GenerateECDH(rand io.Reader) (point []byte, secret []byte, err error) {
+ priv, pub, err := c.generateKeyPairBytes(rand)
+ if err != nil {
+ return
+ }
+
+ return pub[:], priv[:], nil
+}
+
+func (c *genericCurve) MaskSecret(secret []byte) []byte {
+ return secret
+}
+
+func (c *curve25519) Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error) {
+ // RFC6637 §8: "Generate an ephemeral key pair {v, V=vG}"
+ // ephemeralPrivate corresponds to `v`.
+ // ephemeralPublic corresponds to `V`.
+ ephemeralPrivate, ephemeralPublic, err := c.generateKeyPairBytes(rand)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ // RFC6637 §8: "Obtain the authenticated recipient public key R"
+ // pubKey corresponds to `R`.
+ var pubKey x25519lib.Key
+ copy(pubKey[:], point)
+
+ // RFC6637 §8: "Compute the shared point S = vR"
+ // "VB = convert point V to the octet string"
+ // sharedPoint corresponds to `VB`.
+ var sharedPoint x25519lib.Key
+ x25519lib.Shared(&sharedPoint, &ephemeralPrivate, &pubKey)
+
+ return ephemeralPublic[:], sharedPoint[:], nil
+}
+
+func (c *curve25519) Decaps(vsG, secret []byte) (sharedSecret []byte, err error) {
+ var ephemeralPublic, decodedPrivate, sharedPoint x25519lib.Key
+ // RFC6637 §8: "The decryption is the inverse of the method given."
+ // All quoted descriptions in comments below describe encryption, and
+ // the reverse is performed.
+ // vsG corresponds to `VB` in RFC6637 §8 .
+
+ // RFC6637 §8: "VB = convert point V to the octet string"
+ copy(ephemeralPublic[:], vsG)
+
+ // decodedPrivate corresponds to `r` in RFC6637 §8 .
+ copy(decodedPrivate[:], secret)
+
+ // RFC6637 §8: "Note that the recipient obtains the shared secret by calculating
+ // S = rV = rvG, where (r,R) is the recipient's key pair."
+ // sharedPoint corresponds to `S`.
+ x25519lib.Shared(&sharedPoint, &decodedPrivate, &ephemeralPublic)
+
+ return sharedPoint[:], nil
+}
+
+func (c *curve25519) ValidateECDH(point []byte, secret []byte) (err error) {
+ var pk, sk x25519lib.Key
+ copy(sk[:], secret)
+ x25519lib.KeyGen(&pk, &sk)
+
+ if subtle.ConstantTimeCompare(point, pk[:]) == 0 {
+ return errors.KeyInvalidError("ecc: invalid curve25519 public point")
+ }
+
+ return nil
+}
+
+func copyReversed(out []byte, in []byte) {
+ l := len(in)
+ for i := 0; i < l; i++ {
+ out[i] = in[l-i-1]
+ }
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve_info.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve_info.go
new file mode 100644
index 0000000000000000000000000000000000000000..0da2d0d852ea34994247d613215d196676b38922
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curve_info.go
@@ -0,0 +1,143 @@
+// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
+package ecc
+
+import (
+ "bytes"
+ "crypto/elliptic"
+
+ "github.com/ProtonMail/go-crypto/bitcurves"
+ "github.com/ProtonMail/go-crypto/brainpool"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/encoding"
+)
+
+const Curve25519GenName = "Curve25519"
+
+type CurveInfo struct {
+ GenName string
+ Oid *encoding.OID
+ Curve Curve
+}
+
+var Curves = []CurveInfo{
+ {
+ // NIST P-256
+ GenName: "P256",
+ Oid: encoding.NewOID([]byte{0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07}),
+ Curve: NewGenericCurve(elliptic.P256()),
+ },
+ {
+ // NIST P-384
+ GenName: "P384",
+ Oid: encoding.NewOID([]byte{0x2B, 0x81, 0x04, 0x00, 0x22}),
+ Curve: NewGenericCurve(elliptic.P384()),
+ },
+ {
+ // NIST P-521
+ GenName: "P521",
+ Oid: encoding.NewOID([]byte{0x2B, 0x81, 0x04, 0x00, 0x23}),
+ Curve: NewGenericCurve(elliptic.P521()),
+ },
+ {
+ // SecP256k1
+ GenName: "SecP256k1",
+ Oid: encoding.NewOID([]byte{0x2B, 0x81, 0x04, 0x00, 0x0A}),
+ Curve: NewGenericCurve(bitcurves.S256()),
+ },
+ {
+ // Curve25519
+ GenName: Curve25519GenName,
+ Oid: encoding.NewOID([]byte{0x2B, 0x06, 0x01, 0x04, 0x01, 0x97, 0x55, 0x01, 0x05, 0x01}),
+ Curve: NewCurve25519(),
+ },
+ {
+ // x448
+ GenName: "Curve448",
+ Oid: encoding.NewOID([]byte{0x2B, 0x65, 0x6F}),
+ Curve: NewX448(),
+ },
+ {
+ // Ed25519
+ GenName: Curve25519GenName,
+ Oid: encoding.NewOID([]byte{0x2B, 0x06, 0x01, 0x04, 0x01, 0xDA, 0x47, 0x0F, 0x01}),
+ Curve: NewEd25519(),
+ },
+ {
+ // Ed448
+ GenName: "Curve448",
+ Oid: encoding.NewOID([]byte{0x2B, 0x65, 0x71}),
+ Curve: NewEd448(),
+ },
+ {
+ // BrainpoolP256r1
+ GenName: "BrainpoolP256",
+ Oid: encoding.NewOID([]byte{0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x07}),
+ Curve: NewGenericCurve(brainpool.P256r1()),
+ },
+ {
+ // BrainpoolP384r1
+ GenName: "BrainpoolP384",
+ Oid: encoding.NewOID([]byte{0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0B}),
+ Curve: NewGenericCurve(brainpool.P384r1()),
+ },
+ {
+ // BrainpoolP512r1
+ GenName: "BrainpoolP512",
+ Oid: encoding.NewOID([]byte{0x2B, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0D}),
+ Curve: NewGenericCurve(brainpool.P512r1()),
+ },
+}
+
+func FindByCurve(curve Curve) *CurveInfo {
+ for _, curveInfo := range Curves {
+ if curveInfo.Curve.GetCurveName() == curve.GetCurveName() {
+ return &curveInfo
+ }
+ }
+ return nil
+}
+
+func FindByOid(oid encoding.Field) *CurveInfo {
+ var rawBytes = oid.Bytes()
+ for _, curveInfo := range Curves {
+ if bytes.Equal(curveInfo.Oid.Bytes(), rawBytes) {
+ return &curveInfo
+ }
+ }
+ return nil
+}
+
+func FindEdDSAByGenName(curveGenName string) EdDSACurve {
+ for _, curveInfo := range Curves {
+ if curveInfo.GenName == curveGenName {
+ curve, ok := curveInfo.Curve.(EdDSACurve)
+ if ok {
+ return curve
+ }
+ }
+ }
+ return nil
+}
+
+func FindECDSAByGenName(curveGenName string) ECDSACurve {
+ for _, curveInfo := range Curves {
+ if curveInfo.GenName == curveGenName {
+ curve, ok := curveInfo.Curve.(ECDSACurve)
+ if ok {
+ return curve
+ }
+ }
+ }
+ return nil
+}
+
+func FindECDHByGenName(curveGenName string) ECDHCurve {
+ for _, curveInfo := range Curves {
+ if curveInfo.GenName == curveGenName {
+ curve, ok := curveInfo.Curve.(ECDHCurve)
+ if ok {
+ return curve
+ }
+ }
+ }
+ return nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curves.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curves.go
new file mode 100644
index 0000000000000000000000000000000000000000..5ed9c93b3d606ce142fae6ecdfaf0fae643c4d0d
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/curves.go
@@ -0,0 +1,48 @@
+// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
+package ecc
+
+import (
+ "io"
+ "math/big"
+)
+
+type Curve interface {
+ GetCurveName() string
+}
+
+type ECDSACurve interface {
+ Curve
+ MarshalIntegerPoint(x, y *big.Int) []byte
+ UnmarshalIntegerPoint([]byte) (x, y *big.Int)
+ MarshalIntegerSecret(d *big.Int) []byte
+ UnmarshalIntegerSecret(d []byte) *big.Int
+ GenerateECDSA(rand io.Reader) (x, y, secret *big.Int, err error)
+ Sign(rand io.Reader, x, y, d *big.Int, hash []byte) (r, s *big.Int, err error)
+ Verify(x, y *big.Int, hash []byte, r, s *big.Int) bool
+ ValidateECDSA(x, y *big.Int, secret []byte) error
+}
+
+type EdDSACurve interface {
+ Curve
+ MarshalBytePoint(x []byte) []byte
+ UnmarshalBytePoint([]byte) (x []byte)
+ MarshalByteSecret(d []byte) []byte
+ UnmarshalByteSecret(d []byte) []byte
+ MarshalSignature(sig []byte) (r, s []byte)
+ UnmarshalSignature(r, s []byte) (sig []byte)
+ GenerateEdDSA(rand io.Reader) (pub, priv []byte, err error)
+ Sign(publicKey, privateKey, message []byte) (sig []byte, err error)
+ Verify(publicKey, message, sig []byte) bool
+ ValidateEdDSA(publicKey, privateKey []byte) (err error)
+}
+type ECDHCurve interface {
+ Curve
+ MarshalBytePoint([]byte) (encoded []byte)
+ UnmarshalBytePoint(encoded []byte) []byte
+ MarshalByteSecret(d []byte) []byte
+ UnmarshalByteSecret(d []byte) []byte
+ GenerateECDH(rand io.Reader) (point []byte, secret []byte, err error)
+ Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error)
+ Decaps(ephemeral, secret []byte) (sharedSecret []byte, err error)
+ ValidateECDH(public []byte, secret []byte) error
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed25519.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed25519.go
new file mode 100644
index 0000000000000000000000000000000000000000..5a4c3a8596b65b8dcfac9962f85cecfced39cc6e
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed25519.go
@@ -0,0 +1,120 @@
+// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
+package ecc
+
+import (
+ "bytes"
+ "crypto/subtle"
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ ed25519lib "github.com/cloudflare/circl/sign/ed25519"
+)
+
+const ed25519Size = 32
+
+type ed25519 struct{}
+
+func NewEd25519() *ed25519 {
+ return &ed25519{}
+}
+
+func (c *ed25519) GetCurveName() string {
+ return "ed25519"
+}
+
+// MarshalBytePoint encodes the public point from native format, adding the prefix.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
+func (c *ed25519) MarshalBytePoint(x []byte) []byte {
+ return append([]byte{0x40}, x...)
+}
+
+// UnmarshalBytePoint decodes a point from prefixed format to native.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
+func (c *ed25519) UnmarshalBytePoint(point []byte) (x []byte) {
+ if len(point) != ed25519lib.PublicKeySize+1 {
+ return nil
+ }
+
+ // Return unprefixed
+ return point[1:]
+}
+
+// MarshalByteSecret encodes a scalar in native format.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
+func (c *ed25519) MarshalByteSecret(d []byte) []byte {
+ return d
+}
+
+// UnmarshalByteSecret decodes a scalar in native format and re-adds the stripped leading zeroes
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
+func (c *ed25519) UnmarshalByteSecret(s []byte) (d []byte) {
+ if len(s) > ed25519lib.SeedSize {
+ return nil
+ }
+
+ // Handle stripped leading zeroes
+ d = make([]byte, ed25519lib.SeedSize)
+ copy(d[ed25519lib.SeedSize-len(s):], s)
+ return
+}
+
+// MarshalSignature splits a signature in R and S.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.1
+func (c *ed25519) MarshalSignature(sig []byte) (r, s []byte) {
+ return sig[:ed25519Size], sig[ed25519Size:]
+}
+
+// UnmarshalSignature decodes R and S in the native format, re-adding the stripped leading zeroes
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.1
+func (c *ed25519) UnmarshalSignature(r, s []byte) (sig []byte) {
+ // Check size
+ if len(r) > 32 || len(s) > 32 {
+ return nil
+ }
+
+ sig = make([]byte, ed25519lib.SignatureSize)
+
+ // Handle stripped leading zeroes
+ copy(sig[ed25519Size-len(r):ed25519Size], r)
+ copy(sig[ed25519lib.SignatureSize-len(s):], s)
+ return sig
+}
+
+func (c *ed25519) GenerateEdDSA(rand io.Reader) (pub, priv []byte, err error) {
+ pk, sk, err := ed25519lib.GenerateKey(rand)
+
+ if err != nil {
+ return nil, nil, err
+ }
+
+ return pk, sk[:ed25519lib.SeedSize], nil
+}
+
+func getEd25519Sk(publicKey, privateKey []byte) ed25519lib.PrivateKey {
+ privateKeyCap, privateKeyLen, publicKeyLen := cap(privateKey), len(privateKey), len(publicKey)
+
+ if privateKeyCap >= privateKeyLen+publicKeyLen &&
+ bytes.Equal(privateKey[privateKeyLen:privateKeyLen+publicKeyLen], publicKey) {
+ return privateKey[:privateKeyLen+publicKeyLen]
+ }
+
+ return append(privateKey[:privateKeyLen:privateKeyLen], publicKey...)
+}
+
+func (c *ed25519) Sign(publicKey, privateKey, message []byte) (sig []byte, err error) {
+ sig = ed25519lib.Sign(getEd25519Sk(publicKey, privateKey), message)
+ return sig, nil
+}
+
+func (c *ed25519) Verify(publicKey, message, sig []byte) bool {
+ return ed25519lib.Verify(publicKey, message, sig)
+}
+
+func (c *ed25519) ValidateEdDSA(publicKey, privateKey []byte) (err error) {
+ priv := getEd25519Sk(publicKey, privateKey)
+ expectedPriv := ed25519lib.NewKeyFromSeed(priv.Seed())
+ if subtle.ConstantTimeCompare(priv, expectedPriv) == 0 {
+ return errors.KeyInvalidError("ecc: invalid ed25519 secret")
+ }
+ return nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed448.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed448.go
new file mode 100644
index 0000000000000000000000000000000000000000..b6edda748024031b222a8d9e2887f80e056ce5b9
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/ed448.go
@@ -0,0 +1,119 @@
+// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
+package ecc
+
+import (
+ "bytes"
+ "crypto/subtle"
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ ed448lib "github.com/cloudflare/circl/sign/ed448"
+)
+
+type ed448 struct{}
+
+func NewEd448() *ed448 {
+ return &ed448{}
+}
+
+func (c *ed448) GetCurveName() string {
+ return "ed448"
+}
+
+// MarshalBytePoint encodes the public point from native format, adding the prefix.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
+func (c *ed448) MarshalBytePoint(x []byte) []byte {
+ // Return prefixed
+ return append([]byte{0x40}, x...)
+}
+
+// UnmarshalBytePoint decodes a point from prefixed format to native.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
+func (c *ed448) UnmarshalBytePoint(point []byte) (x []byte) {
+ if len(point) != ed448lib.PublicKeySize+1 {
+ return nil
+ }
+
+ // Strip prefix
+ return point[1:]
+}
+
+// MarshalByteSecret encoded a scalar from native format to prefixed.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
+func (c *ed448) MarshalByteSecret(d []byte) []byte {
+ // Return prefixed
+ return append([]byte{0x40}, d...)
+}
+
+// UnmarshalByteSecret decodes a scalar from prefixed format to native.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.5
+func (c *ed448) UnmarshalByteSecret(s []byte) (d []byte) {
+ // Check prefixed size
+ if len(s) != ed448lib.SeedSize+1 {
+ return nil
+ }
+
+ // Strip prefix
+ return s[1:]
+}
+
+// MarshalSignature splits a signature in R and S, where R is in prefixed native format and
+// S is an MPI with value zero.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.2
+func (c *ed448) MarshalSignature(sig []byte) (r, s []byte) {
+ return append([]byte{0x40}, sig...), []byte{}
+}
+
+// UnmarshalSignature decodes R and S in the native format. Only R is used, in prefixed native format.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.2.3.3.2
+func (c *ed448) UnmarshalSignature(r, s []byte) (sig []byte) {
+ if len(r) != ed448lib.SignatureSize+1 {
+ return nil
+ }
+
+ return r[1:]
+}
+
+func (c *ed448) GenerateEdDSA(rand io.Reader) (pub, priv []byte, err error) {
+ pk, sk, err := ed448lib.GenerateKey(rand)
+
+ if err != nil {
+ return nil, nil, err
+ }
+
+ return pk, sk[:ed448lib.SeedSize], nil
+}
+
+func getEd448Sk(publicKey, privateKey []byte) ed448lib.PrivateKey {
+ privateKeyCap, privateKeyLen, publicKeyLen := cap(privateKey), len(privateKey), len(publicKey)
+
+ if privateKeyCap >= privateKeyLen+publicKeyLen &&
+ bytes.Equal(privateKey[privateKeyLen:privateKeyLen+publicKeyLen], publicKey) {
+ return privateKey[:privateKeyLen+publicKeyLen]
+ }
+
+ return append(privateKey[:privateKeyLen:privateKeyLen], publicKey...)
+}
+
+func (c *ed448) Sign(publicKey, privateKey, message []byte) (sig []byte, err error) {
+ // Ed448 is used with the empty string as a context string.
+ // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-13.7
+ sig = ed448lib.Sign(getEd448Sk(publicKey, privateKey), message, "")
+
+ return sig, nil
+}
+
+func (c *ed448) Verify(publicKey, message, sig []byte) bool {
+ // Ed448 is used with the empty string as a context string.
+ // See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-13.7
+ return ed448lib.Verify(publicKey, message, sig, "")
+}
+
+func (c *ed448) ValidateEdDSA(publicKey, privateKey []byte) (err error) {
+ priv := getEd448Sk(publicKey, privateKey)
+ expectedPriv := ed448lib.NewKeyFromSeed(priv.Seed())
+ if subtle.ConstantTimeCompare(priv, expectedPriv) == 0 {
+ return errors.KeyInvalidError("ecc: invalid ed448 secret")
+ }
+ return nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/generic.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/generic.go
new file mode 100644
index 0000000000000000000000000000000000000000..e28d7c7106a335bd5f1c453d41afd4cccdfdc919
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/generic.go
@@ -0,0 +1,149 @@
+// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
+package ecc
+
+import (
+ "crypto/ecdsa"
+ "crypto/elliptic"
+ "fmt"
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "io"
+ "math/big"
+)
+
+type genericCurve struct {
+ Curve elliptic.Curve
+}
+
+func NewGenericCurve(c elliptic.Curve) *genericCurve {
+ return &genericCurve{
+ Curve: c,
+ }
+}
+
+func (c *genericCurve) GetCurveName() string {
+ return c.Curve.Params().Name
+}
+
+func (c *genericCurve) MarshalBytePoint(point []byte) []byte {
+ return point
+}
+
+func (c *genericCurve) UnmarshalBytePoint(point []byte) []byte {
+ return point
+}
+
+func (c *genericCurve) MarshalIntegerPoint(x, y *big.Int) []byte {
+ return elliptic.Marshal(c.Curve, x, y)
+}
+
+func (c *genericCurve) UnmarshalIntegerPoint(point []byte) (x, y *big.Int) {
+ return elliptic.Unmarshal(c.Curve, point)
+}
+
+func (c *genericCurve) MarshalByteSecret(d []byte) []byte {
+ return d
+}
+
+func (c *genericCurve) UnmarshalByteSecret(d []byte) []byte {
+ return d
+}
+
+func (c *genericCurve) MarshalIntegerSecret(d *big.Int) []byte {
+ return d.Bytes()
+}
+
+func (c *genericCurve) UnmarshalIntegerSecret(d []byte) *big.Int {
+ return new(big.Int).SetBytes(d)
+}
+
+func (c *genericCurve) GenerateECDH(rand io.Reader) (point, secret []byte, err error) {
+ secret, x, y, err := elliptic.GenerateKey(c.Curve, rand)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ point = elliptic.Marshal(c.Curve, x, y)
+ return point, secret, nil
+}
+
+func (c *genericCurve) GenerateECDSA(rand io.Reader) (x, y, secret *big.Int, err error) {
+ priv, err := ecdsa.GenerateKey(c.Curve, rand)
+ if err != nil {
+ return
+ }
+
+ return priv.X, priv.Y, priv.D, nil
+}
+
+func (c *genericCurve) Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error) {
+ xP, yP := elliptic.Unmarshal(c.Curve, point)
+ if xP == nil {
+ panic("invalid point")
+ }
+
+ d, x, y, err := elliptic.GenerateKey(c.Curve, rand)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ vsG := elliptic.Marshal(c.Curve, x, y)
+ zbBig, _ := c.Curve.ScalarMult(xP, yP, d)
+
+ byteLen := (c.Curve.Params().BitSize + 7) >> 3
+ zb := make([]byte, byteLen)
+ zbBytes := zbBig.Bytes()
+ copy(zb[byteLen-len(zbBytes):], zbBytes)
+
+ return vsG, zb, nil
+}
+
+func (c *genericCurve) Decaps(ephemeral, secret []byte) (sharedSecret []byte, err error) {
+ x, y := elliptic.Unmarshal(c.Curve, ephemeral)
+ zbBig, _ := c.Curve.ScalarMult(x, y, secret)
+ byteLen := (c.Curve.Params().BitSize + 7) >> 3
+ zb := make([]byte, byteLen)
+ zbBytes := zbBig.Bytes()
+ copy(zb[byteLen-len(zbBytes):], zbBytes)
+
+ return zb, nil
+}
+
+func (c *genericCurve) Sign(rand io.Reader, x, y, d *big.Int, hash []byte) (r, s *big.Int, err error) {
+ priv := &ecdsa.PrivateKey{D: d, PublicKey: ecdsa.PublicKey{X: x, Y: y, Curve: c.Curve}}
+ return ecdsa.Sign(rand, priv, hash)
+}
+
+func (c *genericCurve) Verify(x, y *big.Int, hash []byte, r, s *big.Int) bool {
+ pub := &ecdsa.PublicKey{X: x, Y: y, Curve: c.Curve}
+ return ecdsa.Verify(pub, hash, r, s)
+}
+
+func (c *genericCurve) validate(xP, yP *big.Int, secret []byte) error {
+ // the public point should not be at infinity (0,0)
+ zero := new(big.Int)
+ if xP.Cmp(zero) == 0 && yP.Cmp(zero) == 0 {
+ return errors.KeyInvalidError(fmt.Sprintf("ecc (%s): infinity point", c.Curve.Params().Name))
+ }
+
+ // re-derive the public point Q' = (X,Y) = dG
+ // to compare to declared Q in public key
+ expectedX, expectedY := c.Curve.ScalarBaseMult(secret)
+ if xP.Cmp(expectedX) != 0 || yP.Cmp(expectedY) != 0 {
+ return errors.KeyInvalidError(fmt.Sprintf("ecc (%s): invalid point", c.Curve.Params().Name))
+ }
+
+ return nil
+}
+
+func (c *genericCurve) ValidateECDSA(xP, yP *big.Int, secret []byte) error {
+ return c.validate(xP, yP, secret)
+}
+
+func (c *genericCurve) ValidateECDH(point []byte, secret []byte) error {
+ xP, yP := elliptic.Unmarshal(c.Curve, point)
+ if xP == nil {
+ return errors.KeyInvalidError(fmt.Sprintf("ecc (%s): invalid point", c.Curve.Params().Name))
+ }
+
+ return c.validate(xP, yP, secret)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go
new file mode 100644
index 0000000000000000000000000000000000000000..df04262e9e6b1195de51da2ca31f72c1b95fb666
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/ecc/x448.go
@@ -0,0 +1,107 @@
+// Package ecc implements a generic interface for ECDH, ECDSA, and EdDSA.
+package ecc
+
+import (
+ "crypto/subtle"
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ x448lib "github.com/cloudflare/circl/dh/x448"
+)
+
+type x448 struct{}
+
+func NewX448() *x448 {
+ return &x448{}
+}
+
+func (c *x448) GetCurveName() string {
+ return "x448"
+}
+
+// MarshalBytePoint encodes the public point from native format, adding the prefix.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6
+func (c *x448) MarshalBytePoint(point []byte) []byte {
+ return append([]byte{0x40}, point...)
+}
+
+// UnmarshalBytePoint decodes a point from prefixed format to native.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6
+func (c *x448) UnmarshalBytePoint(point []byte) []byte {
+ if len(point) != x448lib.Size+1 {
+ return nil
+ }
+
+ return point[1:]
+}
+
+// MarshalByteSecret encoded a scalar from native format to prefixed.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6.1.2
+func (c *x448) MarshalByteSecret(d []byte) []byte {
+ return append([]byte{0x40}, d...)
+}
+
+// UnmarshalByteSecret decodes a scalar from prefixed format to native.
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-06#section-5.5.5.6.1.2
+func (c *x448) UnmarshalByteSecret(d []byte) []byte {
+ if len(d) != x448lib.Size+1 {
+ return nil
+ }
+
+ // Store without prefix
+ return d[1:]
+}
+
+func (c *x448) generateKeyPairBytes(rand io.Reader) (sk, pk x448lib.Key, err error) {
+ if _, err = rand.Read(sk[:]); err != nil {
+ return
+ }
+
+ x448lib.KeyGen(&pk, &sk)
+ return
+}
+
+func (c *x448) GenerateECDH(rand io.Reader) (point []byte, secret []byte, err error) {
+ priv, pub, err := c.generateKeyPairBytes(rand)
+ if err != nil {
+ return
+ }
+
+ return pub[:], priv[:], nil
+}
+
+func (c *x448) Encaps(rand io.Reader, point []byte) (ephemeral, sharedSecret []byte, err error) {
+ var pk, ss x448lib.Key
+ seed, e, err := c.generateKeyPairBytes(rand)
+ if err != nil {
+ return nil, nil, err
+ }
+ copy(pk[:], point)
+ x448lib.Shared(&ss, &seed, &pk)
+
+ return e[:], ss[:], nil
+}
+
+func (c *x448) Decaps(ephemeral, secret []byte) (sharedSecret []byte, err error) {
+ var ss, sk, e x448lib.Key
+
+ copy(sk[:], secret)
+ copy(e[:], ephemeral)
+ x448lib.Shared(&ss, &sk, &e)
+
+ return ss[:], nil
+}
+
+func (c *x448) ValidateECDH(point []byte, secret []byte) error {
+ var sk, pk, expectedPk x448lib.Key
+
+ copy(pk[:], point)
+ copy(sk[:], secret)
+ x448lib.KeyGen(&expectedPk, &sk)
+
+ if subtle.ConstantTimeCompare(expectedPk[:], pk[:]) == 0 {
+ return errors.KeyInvalidError("ecc: invalid curve25519 public point")
+ }
+
+ return nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/encoding.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/encoding.go
new file mode 100644
index 0000000000000000000000000000000000000000..6c921481b7b24217e78b574a2769fa476299a354
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/encoding.go
@@ -0,0 +1,27 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package encoding implements openpgp packet field encodings as specified in
+// RFC 4880 and 6637.
+package encoding
+
+import "io"
+
+// Field is an encoded field of an openpgp packet.
+type Field interface {
+ // Bytes returns the decoded data.
+ Bytes() []byte
+
+ // BitLength is the size in bits of the decoded data.
+ BitLength() uint16
+
+ // EncodedBytes returns the encoded data.
+ EncodedBytes() []byte
+
+ // EncodedLength is the size in bytes of the encoded data.
+ EncodedLength() uint16
+
+ // ReadFrom reads the next Field from r.
+ ReadFrom(r io.Reader) (int64, error)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/mpi.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/mpi.go
new file mode 100644
index 0000000000000000000000000000000000000000..02e5e695c38ce0802b2e8de0e297e7bb0c0c0298
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/mpi.go
@@ -0,0 +1,91 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package encoding
+
+import (
+ "io"
+ "math/big"
+ "math/bits"
+)
+
+// An MPI is used to store the contents of a big integer, along with the bit
+// length that was specified in the original input. This allows the MPI to be
+// reserialized exactly.
+type MPI struct {
+ bytes []byte
+ bitLength uint16
+}
+
+// NewMPI returns a MPI initialized with bytes.
+func NewMPI(bytes []byte) *MPI {
+ for len(bytes) != 0 && bytes[0] == 0 {
+ bytes = bytes[1:]
+ }
+ if len(bytes) == 0 {
+ bitLength := uint16(0)
+ return &MPI{bytes, bitLength}
+ }
+ bitLength := 8*uint16(len(bytes)-1) + uint16(bits.Len8(bytes[0]))
+ return &MPI{bytes, bitLength}
+}
+
+// Bytes returns the decoded data.
+func (m *MPI) Bytes() []byte {
+ return m.bytes
+}
+
+// BitLength is the size in bits of the decoded data.
+func (m *MPI) BitLength() uint16 {
+ return m.bitLength
+}
+
+// EncodedBytes returns the encoded data.
+func (m *MPI) EncodedBytes() []byte {
+ return append([]byte{byte(m.bitLength >> 8), byte(m.bitLength)}, m.bytes...)
+}
+
+// EncodedLength is the size in bytes of the encoded data.
+func (m *MPI) EncodedLength() uint16 {
+ return uint16(2 + len(m.bytes))
+}
+
+// ReadFrom reads into m the next MPI from r.
+func (m *MPI) ReadFrom(r io.Reader) (int64, error) {
+ var buf [2]byte
+ n, err := io.ReadFull(r, buf[0:])
+ if err != nil {
+ if err == io.EOF {
+ err = io.ErrUnexpectedEOF
+ }
+ return int64(n), err
+ }
+
+ m.bitLength = uint16(buf[0])<<8 | uint16(buf[1])
+ m.bytes = make([]byte, (int(m.bitLength)+7)/8)
+
+ nn, err := io.ReadFull(r, m.bytes)
+ if err == io.EOF {
+ err = io.ErrUnexpectedEOF
+ }
+
+ // remove leading zero bytes from malformed GnuPG encoded MPIs:
+ // https://bugs.gnupg.org/gnupg/issue1853
+ // for _, b := range m.bytes {
+ // if b != 0 {
+ // break
+ // }
+ // m.bytes = m.bytes[1:]
+ // m.bitLength -= 8
+ // }
+
+ return int64(n) + int64(nn), err
+}
+
+// SetBig initializes m with the bits from n.
+func (m *MPI) SetBig(n *big.Int) *MPI {
+ m.bytes = n.Bytes()
+ m.bitLength = uint16(n.BitLen())
+ return m
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/oid.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/oid.go
new file mode 100644
index 0000000000000000000000000000000000000000..c9df9fe23220354f58e4cc315e85c8219ac1a506
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/internal/encoding/oid.go
@@ -0,0 +1,88 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package encoding
+
+import (
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+)
+
+// OID is used to store a variable-length field with a one-octet size
+// prefix. See https://tools.ietf.org/html/rfc6637#section-9.
+type OID struct {
+ bytes []byte
+}
+
+const (
+ // maxOID is the maximum number of bytes in a OID.
+ maxOID = 254
+ // reservedOIDLength1 and reservedOIDLength2 are OID lengths that the RFC
+ // specifies are reserved.
+ reservedOIDLength1 = 0
+ reservedOIDLength2 = 0xff
+)
+
+// NewOID returns a OID initialized with bytes.
+func NewOID(bytes []byte) *OID {
+ switch len(bytes) {
+ case reservedOIDLength1, reservedOIDLength2:
+ panic("encoding: NewOID argument length is reserved")
+ default:
+ if len(bytes) > maxOID {
+ panic("encoding: NewOID argument too large")
+ }
+ }
+
+ return &OID{
+ bytes: bytes,
+ }
+}
+
+// Bytes returns the decoded data.
+func (o *OID) Bytes() []byte {
+ return o.bytes
+}
+
+// BitLength is the size in bits of the decoded data.
+func (o *OID) BitLength() uint16 {
+ return uint16(len(o.bytes) * 8)
+}
+
+// EncodedBytes returns the encoded data.
+func (o *OID) EncodedBytes() []byte {
+ return append([]byte{byte(len(o.bytes))}, o.bytes...)
+}
+
+// EncodedLength is the size in bytes of the encoded data.
+func (o *OID) EncodedLength() uint16 {
+ return uint16(1 + len(o.bytes))
+}
+
+// ReadFrom reads into b the next OID from r.
+func (o *OID) ReadFrom(r io.Reader) (int64, error) {
+ var buf [1]byte
+ n, err := io.ReadFull(r, buf[:])
+ if err != nil {
+ if err == io.EOF {
+ err = io.ErrUnexpectedEOF
+ }
+ return int64(n), err
+ }
+
+ switch buf[0] {
+ case reservedOIDLength1, reservedOIDLength2:
+ return int64(n), errors.UnsupportedError("reserved for future extensions")
+ }
+
+ o.bytes = make([]byte, buf[0])
+
+ nn, err := io.ReadFull(r, o.bytes)
+ if err == io.EOF {
+ err = io.ErrUnexpectedEOF
+ }
+
+ return int64(n) + int64(nn), err
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/key_generation.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/key_generation.go
new file mode 100644
index 0000000000000000000000000000000000000000..77213f66be094e67993ec83c8c1dc62b4c8edba9
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/key_generation.go
@@ -0,0 +1,456 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package openpgp
+
+import (
+ "crypto"
+ "crypto/rand"
+ "crypto/rsa"
+ goerrors "errors"
+ "io"
+ "math/big"
+ "time"
+
+ "github.com/ProtonMail/go-crypto/openpgp/ecdh"
+ "github.com/ProtonMail/go-crypto/openpgp/ecdsa"
+ "github.com/ProtonMail/go-crypto/openpgp/ed25519"
+ "github.com/ProtonMail/go-crypto/openpgp/ed448"
+ "github.com/ProtonMail/go-crypto/openpgp/eddsa"
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/ecc"
+ "github.com/ProtonMail/go-crypto/openpgp/packet"
+ "github.com/ProtonMail/go-crypto/openpgp/x25519"
+ "github.com/ProtonMail/go-crypto/openpgp/x448"
+)
+
+// NewEntity returns an Entity that contains a fresh RSA/RSA keypair with a
+// single identity composed of the given full name, comment and email, any of
+// which may be empty but must not contain any of "()<>\x00".
+// If config is nil, sensible defaults will be used.
+func NewEntity(name, comment, email string, config *packet.Config) (*Entity, error) {
+ creationTime := config.Now()
+ keyLifetimeSecs := config.KeyLifetime()
+
+ // Generate a primary signing key
+ primaryPrivRaw, err := newSigner(config)
+ if err != nil {
+ return nil, err
+ }
+ primary := packet.NewSignerPrivateKey(creationTime, primaryPrivRaw)
+ if config.V6() {
+ if err := primary.UpgradeToV6(); err != nil {
+ return nil, err
+ }
+ }
+
+ e := &Entity{
+ PrimaryKey: &primary.PublicKey,
+ PrivateKey: primary,
+ Identities: make(map[string]*Identity),
+ Subkeys: []Subkey{},
+ Signatures: []*packet.Signature{},
+ }
+
+ if config.V6() {
+ // In v6 keys algorithm preferences should be stored in direct key signatures
+ selfSignature := createSignaturePacket(&primary.PublicKey, packet.SigTypeDirectSignature, config)
+ err = writeKeyProperties(selfSignature, creationTime, keyLifetimeSecs, config)
+ if err != nil {
+ return nil, err
+ }
+ err = selfSignature.SignDirectKeyBinding(&primary.PublicKey, primary, config)
+ if err != nil {
+ return nil, err
+ }
+ e.Signatures = append(e.Signatures, selfSignature)
+ e.SelfSignature = selfSignature
+ }
+
+ err = e.addUserId(name, comment, email, config, creationTime, keyLifetimeSecs, !config.V6())
+ if err != nil {
+ return nil, err
+ }
+
+ // NOTE: No key expiry here, but we will not return this subkey in EncryptionKey()
+ // if the primary/master key has expired.
+ err = e.addEncryptionSubkey(config, creationTime, 0)
+ if err != nil {
+ return nil, err
+ }
+
+ return e, nil
+}
+
+func (t *Entity) AddUserId(name, comment, email string, config *packet.Config) error {
+ creationTime := config.Now()
+ keyLifetimeSecs := config.KeyLifetime()
+ return t.addUserId(name, comment, email, config, creationTime, keyLifetimeSecs, !config.V6())
+}
+
+func writeKeyProperties(selfSignature *packet.Signature, creationTime time.Time, keyLifetimeSecs uint32, config *packet.Config) error {
+ advertiseAead := config.AEAD() != nil
+
+ selfSignature.CreationTime = creationTime
+ selfSignature.KeyLifetimeSecs = &keyLifetimeSecs
+ selfSignature.FlagsValid = true
+ selfSignature.FlagSign = true
+ selfSignature.FlagCertify = true
+ selfSignature.SEIPDv1 = true // true by default, see 5.8 vs. 5.14
+ selfSignature.SEIPDv2 = advertiseAead
+
+ // Set the PreferredHash for the SelfSignature from the packet.Config.
+ // If it is not the must-implement algorithm from rfc4880bis, append that.
+ hash, ok := algorithm.HashToHashId(config.Hash())
+ if !ok {
+ return errors.UnsupportedError("unsupported preferred hash function")
+ }
+
+ selfSignature.PreferredHash = []uint8{hash}
+ if config.Hash() != crypto.SHA256 {
+ selfSignature.PreferredHash = append(selfSignature.PreferredHash, hashToHashId(crypto.SHA256))
+ }
+
+ // Likewise for DefaultCipher.
+ selfSignature.PreferredSymmetric = []uint8{uint8(config.Cipher())}
+ if config.Cipher() != packet.CipherAES128 {
+ selfSignature.PreferredSymmetric = append(selfSignature.PreferredSymmetric, uint8(packet.CipherAES128))
+ }
+
+ // We set CompressionNone as the preferred compression algorithm because
+ // of compression side channel attacks, then append the configured
+ // DefaultCompressionAlgo if any is set (to signal support for cases
+ // where the application knows that using compression is safe).
+ selfSignature.PreferredCompression = []uint8{uint8(packet.CompressionNone)}
+ if config.Compression() != packet.CompressionNone {
+ selfSignature.PreferredCompression = append(selfSignature.PreferredCompression, uint8(config.Compression()))
+ }
+
+ if advertiseAead {
+ // Get the preferred AEAD mode from the packet.Config.
+ // If it is not the must-implement algorithm from rfc9580, append that.
+ modes := []uint8{uint8(config.AEAD().Mode())}
+ if config.AEAD().Mode() != packet.AEADModeOCB {
+ modes = append(modes, uint8(packet.AEADModeOCB))
+ }
+
+ // For preferred (AES256, GCM), we'll generate (AES256, GCM), (AES256, OCB), (AES128, GCM), (AES128, OCB)
+ for _, cipher := range selfSignature.PreferredSymmetric {
+ for _, mode := range modes {
+ selfSignature.PreferredCipherSuites = append(selfSignature.PreferredCipherSuites, [2]uint8{cipher, mode})
+ }
+ }
+ }
+ return nil
+}
+
+func (t *Entity) addUserId(name, comment, email string, config *packet.Config, creationTime time.Time, keyLifetimeSecs uint32, writeProperties bool) error {
+ uid := packet.NewUserId(name, comment, email)
+ if uid == nil {
+ return errors.InvalidArgumentError("user id field contained invalid characters")
+ }
+
+ if _, ok := t.Identities[uid.Id]; ok {
+ return errors.InvalidArgumentError("user id exist")
+ }
+
+ primary := t.PrivateKey
+ isPrimaryId := len(t.Identities) == 0
+ selfSignature := createSignaturePacket(&primary.PublicKey, packet.SigTypePositiveCert, config)
+ if writeProperties {
+ err := writeKeyProperties(selfSignature, creationTime, keyLifetimeSecs, config)
+ if err != nil {
+ return err
+ }
+ }
+ selfSignature.IsPrimaryId = &isPrimaryId
+
+ // User ID binding signature
+ err := selfSignature.SignUserId(uid.Id, &primary.PublicKey, primary, config)
+ if err != nil {
+ return err
+ }
+ t.Identities[uid.Id] = &Identity{
+ Name: uid.Id,
+ UserId: uid,
+ SelfSignature: selfSignature,
+ Signatures: []*packet.Signature{selfSignature},
+ }
+ return nil
+}
+
+// AddSigningSubkey adds a signing keypair as a subkey to the Entity.
+// If config is nil, sensible defaults will be used.
+func (e *Entity) AddSigningSubkey(config *packet.Config) error {
+ creationTime := config.Now()
+ keyLifetimeSecs := config.KeyLifetime()
+
+ subPrivRaw, err := newSigner(config)
+ if err != nil {
+ return err
+ }
+ sub := packet.NewSignerPrivateKey(creationTime, subPrivRaw)
+ sub.IsSubkey = true
+ if config.V6() {
+ if err := sub.UpgradeToV6(); err != nil {
+ return err
+ }
+ }
+
+ subkey := Subkey{
+ PublicKey: &sub.PublicKey,
+ PrivateKey: sub,
+ }
+ subkey.Sig = createSignaturePacket(e.PrimaryKey, packet.SigTypeSubkeyBinding, config)
+ subkey.Sig.CreationTime = creationTime
+ subkey.Sig.KeyLifetimeSecs = &keyLifetimeSecs
+ subkey.Sig.FlagsValid = true
+ subkey.Sig.FlagSign = true
+ subkey.Sig.EmbeddedSignature = createSignaturePacket(subkey.PublicKey, packet.SigTypePrimaryKeyBinding, config)
+ subkey.Sig.EmbeddedSignature.CreationTime = creationTime
+
+ err = subkey.Sig.EmbeddedSignature.CrossSignKey(subkey.PublicKey, e.PrimaryKey, subkey.PrivateKey, config)
+ if err != nil {
+ return err
+ }
+
+ err = subkey.Sig.SignKey(subkey.PublicKey, e.PrivateKey, config)
+ if err != nil {
+ return err
+ }
+
+ e.Subkeys = append(e.Subkeys, subkey)
+ return nil
+}
+
+// AddEncryptionSubkey adds an encryption keypair as a subkey to the Entity.
+// If config is nil, sensible defaults will be used.
+func (e *Entity) AddEncryptionSubkey(config *packet.Config) error {
+ creationTime := config.Now()
+ keyLifetimeSecs := config.KeyLifetime()
+ return e.addEncryptionSubkey(config, creationTime, keyLifetimeSecs)
+}
+
+func (e *Entity) addEncryptionSubkey(config *packet.Config, creationTime time.Time, keyLifetimeSecs uint32) error {
+ subPrivRaw, err := newDecrypter(config)
+ if err != nil {
+ return err
+ }
+ sub := packet.NewDecrypterPrivateKey(creationTime, subPrivRaw)
+ sub.IsSubkey = true
+ if config.V6() {
+ if err := sub.UpgradeToV6(); err != nil {
+ return err
+ }
+ }
+
+ subkey := Subkey{
+ PublicKey: &sub.PublicKey,
+ PrivateKey: sub,
+ }
+ subkey.Sig = createSignaturePacket(e.PrimaryKey, packet.SigTypeSubkeyBinding, config)
+ subkey.Sig.CreationTime = creationTime
+ subkey.Sig.KeyLifetimeSecs = &keyLifetimeSecs
+ subkey.Sig.FlagsValid = true
+ subkey.Sig.FlagEncryptStorage = true
+ subkey.Sig.FlagEncryptCommunications = true
+
+ err = subkey.Sig.SignKey(subkey.PublicKey, e.PrivateKey, config)
+ if err != nil {
+ return err
+ }
+
+ e.Subkeys = append(e.Subkeys, subkey)
+ return nil
+}
+
+// Generates a signing key
+func newSigner(config *packet.Config) (signer interface{}, err error) {
+ switch config.PublicKeyAlgorithm() {
+ case packet.PubKeyAlgoRSA:
+ bits := config.RSAModulusBits()
+ if bits < 1024 {
+ return nil, errors.InvalidArgumentError("bits must be >= 1024")
+ }
+ if config != nil && len(config.RSAPrimes) >= 2 {
+ primes := config.RSAPrimes[0:2]
+ config.RSAPrimes = config.RSAPrimes[2:]
+ return generateRSAKeyWithPrimes(config.Random(), 2, bits, primes)
+ }
+ return rsa.GenerateKey(config.Random(), bits)
+ case packet.PubKeyAlgoEdDSA:
+ if config.V6() {
+ // Implementations MUST NOT accept or generate v6 key material
+ // using the deprecated OIDs.
+ return nil, errors.InvalidArgumentError("EdDSALegacy cannot be used for v6 keys")
+ }
+ curve := ecc.FindEdDSAByGenName(string(config.CurveName()))
+ if curve == nil {
+ return nil, errors.InvalidArgumentError("unsupported curve")
+ }
+
+ priv, err := eddsa.GenerateKey(config.Random(), curve)
+ if err != nil {
+ return nil, err
+ }
+ return priv, nil
+ case packet.PubKeyAlgoECDSA:
+ curve := ecc.FindECDSAByGenName(string(config.CurveName()))
+ if curve == nil {
+ return nil, errors.InvalidArgumentError("unsupported curve")
+ }
+
+ priv, err := ecdsa.GenerateKey(config.Random(), curve)
+ if err != nil {
+ return nil, err
+ }
+ return priv, nil
+ case packet.PubKeyAlgoEd25519:
+ priv, err := ed25519.GenerateKey(config.Random())
+ if err != nil {
+ return nil, err
+ }
+ return priv, nil
+ case packet.PubKeyAlgoEd448:
+ priv, err := ed448.GenerateKey(config.Random())
+ if err != nil {
+ return nil, err
+ }
+ return priv, nil
+ default:
+ return nil, errors.InvalidArgumentError("unsupported public key algorithm")
+ }
+}
+
+// Generates an encryption/decryption key
+func newDecrypter(config *packet.Config) (decrypter interface{}, err error) {
+ switch config.PublicKeyAlgorithm() {
+ case packet.PubKeyAlgoRSA:
+ bits := config.RSAModulusBits()
+ if bits < 1024 {
+ return nil, errors.InvalidArgumentError("bits must be >= 1024")
+ }
+ if config != nil && len(config.RSAPrimes) >= 2 {
+ primes := config.RSAPrimes[0:2]
+ config.RSAPrimes = config.RSAPrimes[2:]
+ return generateRSAKeyWithPrimes(config.Random(), 2, bits, primes)
+ }
+ return rsa.GenerateKey(config.Random(), bits)
+ case packet.PubKeyAlgoEdDSA, packet.PubKeyAlgoECDSA:
+ fallthrough // When passing EdDSA or ECDSA, we generate an ECDH subkey
+ case packet.PubKeyAlgoECDH:
+ if config.V6() &&
+ (config.CurveName() == packet.Curve25519 ||
+ config.CurveName() == packet.Curve448) {
+ // Implementations MUST NOT accept or generate v6 key material
+ // using the deprecated OIDs.
+ return nil, errors.InvalidArgumentError("ECDH with Curve25519/448 legacy cannot be used for v6 keys")
+ }
+ var kdf = ecdh.KDF{
+ Hash: algorithm.SHA512,
+ Cipher: algorithm.AES256,
+ }
+ curve := ecc.FindECDHByGenName(string(config.CurveName()))
+ if curve == nil {
+ return nil, errors.InvalidArgumentError("unsupported curve")
+ }
+ return ecdh.GenerateKey(config.Random(), curve, kdf)
+ case packet.PubKeyAlgoEd25519, packet.PubKeyAlgoX25519: // When passing Ed25519, we generate an x25519 subkey
+ return x25519.GenerateKey(config.Random())
+ case packet.PubKeyAlgoEd448, packet.PubKeyAlgoX448: // When passing Ed448, we generate an x448 subkey
+ return x448.GenerateKey(config.Random())
+ default:
+ return nil, errors.InvalidArgumentError("unsupported public key algorithm")
+ }
+}
+
+var bigOne = big.NewInt(1)
+
+// generateRSAKeyWithPrimes generates a multi-prime RSA keypair of the
+// given bit size, using the given random source and pre-populated primes.
+func generateRSAKeyWithPrimes(random io.Reader, nprimes int, bits int, prepopulatedPrimes []*big.Int) (*rsa.PrivateKey, error) {
+ priv := new(rsa.PrivateKey)
+ priv.E = 65537
+
+ if nprimes < 2 {
+ return nil, goerrors.New("generateRSAKeyWithPrimes: nprimes must be >= 2")
+ }
+
+ if bits < 1024 {
+ return nil, goerrors.New("generateRSAKeyWithPrimes: bits must be >= 1024")
+ }
+
+ primes := make([]*big.Int, nprimes)
+
+NextSetOfPrimes:
+ for {
+ todo := bits
+ // crypto/rand should set the top two bits in each prime.
+ // Thus each prime has the form
+ // p_i = 2^bitlen(p_i) × 0.11... (in base 2).
+ // And the product is:
+ // P = 2^todo × α
+ // where α is the product of nprimes numbers of the form 0.11...
+ //
+ // If α < 1/2 (which can happen for nprimes > 2), we need to
+ // shift todo to compensate for lost bits: the mean value of 0.11...
+ // is 7/8, so todo + shift - nprimes * log2(7/8) ~= bits - 1/2
+ // will give good results.
+ if nprimes >= 7 {
+ todo += (nprimes - 2) / 5
+ }
+ for i := 0; i < nprimes; i++ {
+ var err error
+ if len(prepopulatedPrimes) == 0 {
+ primes[i], err = rand.Prime(random, todo/(nprimes-i))
+ if err != nil {
+ return nil, err
+ }
+ } else {
+ primes[i] = prepopulatedPrimes[0]
+ prepopulatedPrimes = prepopulatedPrimes[1:]
+ }
+
+ todo -= primes[i].BitLen()
+ }
+
+ // Make sure that primes is pairwise unequal.
+ for i, prime := range primes {
+ for j := 0; j < i; j++ {
+ if prime.Cmp(primes[j]) == 0 {
+ continue NextSetOfPrimes
+ }
+ }
+ }
+
+ n := new(big.Int).Set(bigOne)
+ totient := new(big.Int).Set(bigOne)
+ pminus1 := new(big.Int)
+ for _, prime := range primes {
+ n.Mul(n, prime)
+ pminus1.Sub(prime, bigOne)
+ totient.Mul(totient, pminus1)
+ }
+ if n.BitLen() != bits {
+ // This should never happen for nprimes == 2 because
+ // crypto/rand should set the top two bits in each prime.
+ // For nprimes > 2 we hope it does not happen often.
+ continue NextSetOfPrimes
+ }
+
+ priv.D = new(big.Int)
+ e := big.NewInt(int64(priv.E))
+ ok := priv.D.ModInverse(e, totient)
+
+ if ok != nil {
+ priv.Primes = primes
+ priv.N = n
+ break
+ }
+ }
+
+ priv.Precompute()
+ return priv, nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/keys.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/keys.go
new file mode 100644
index 0000000000000000000000000000000000000000..a071353e2ec2e7d2656b3e781ffcc2a05cffba46
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/keys.go
@@ -0,0 +1,901 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package openpgp
+
+import (
+ goerrors "errors"
+ "fmt"
+ "io"
+ "time"
+
+ "github.com/ProtonMail/go-crypto/openpgp/armor"
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "github.com/ProtonMail/go-crypto/openpgp/packet"
+)
+
+// PublicKeyType is the armor type for a PGP public key.
+var PublicKeyType = "PGP PUBLIC KEY BLOCK"
+
+// PrivateKeyType is the armor type for a PGP private key.
+var PrivateKeyType = "PGP PRIVATE KEY BLOCK"
+
+// An Entity represents the components of an OpenPGP key: a primary public key
+// (which must be a signing key), one or more identities claimed by that key,
+// and zero or more subkeys, which may be encryption keys.
+type Entity struct {
+ PrimaryKey *packet.PublicKey
+ PrivateKey *packet.PrivateKey
+ Identities map[string]*Identity // indexed by Identity.Name
+ Revocations []*packet.Signature
+ Subkeys []Subkey
+ SelfSignature *packet.Signature // Direct-key self signature of the PrimaryKey (contains primary key properties in v6)
+ Signatures []*packet.Signature // all (potentially unverified) self-signatures, revocations, and third-party signatures
+}
+
+// An Identity represents an identity claimed by an Entity and zero or more
+// assertions by other entities about that claim.
+type Identity struct {
+ Name string // by convention, has the form "Full Name (comment) <email@example.com>"
+ UserId *packet.UserId
+ SelfSignature *packet.Signature
+ Revocations []*packet.Signature
+ Signatures []*packet.Signature // all (potentially unverified) self-signatures, revocations, and third-party signatures
+}
+
+// A Subkey is an additional public key in an Entity. Subkeys can be used for
+// encryption.
+type Subkey struct {
+ PublicKey *packet.PublicKey
+ PrivateKey *packet.PrivateKey
+ Sig *packet.Signature
+ Revocations []*packet.Signature
+}
+
+// A Key identifies a specific public key in an Entity. This is either the
+// Entity's primary key or a subkey.
+type Key struct {
+ Entity *Entity
+ PublicKey *packet.PublicKey
+ PrivateKey *packet.PrivateKey
+ SelfSignature *packet.Signature
+ Revocations []*packet.Signature
+}
+
+// A KeyRing provides access to public and private keys.
+type KeyRing interface {
+ // KeysById returns the set of keys that have the given key id.
+ KeysById(id uint64) []Key
+ // KeysByIdAndUsage returns the set of keys with the given id
+ // that also meet the key usage given by requiredUsage.
+ // The requiredUsage is expressed as the bitwise-OR of
+ // packet.KeyFlag* values.
+ KeysByIdUsage(id uint64, requiredUsage byte) []Key
+ // DecryptionKeys returns all private keys that are valid for
+ // decryption.
+ DecryptionKeys() []Key
+}
+
+// PrimaryIdentity returns an Identity, preferring non-revoked identities,
+// identities marked as primary, or the latest-created identity, in that order.
+func (e *Entity) PrimaryIdentity() *Identity {
+ var primaryIdentity *Identity
+ for _, ident := range e.Identities {
+ if shouldPreferIdentity(primaryIdentity, ident) {
+ primaryIdentity = ident
+ }
+ }
+ return primaryIdentity
+}
+
+func shouldPreferIdentity(existingId, potentialNewId *Identity) bool {
+ if existingId == nil {
+ return true
+ }
+
+ if len(existingId.Revocations) > len(potentialNewId.Revocations) {
+ return true
+ }
+
+ if len(existingId.Revocations) < len(potentialNewId.Revocations) {
+ return false
+ }
+
+ if existingId.SelfSignature == nil {
+ return true
+ }
+
+ if existingId.SelfSignature.IsPrimaryId != nil && *existingId.SelfSignature.IsPrimaryId &&
+ !(potentialNewId.SelfSignature.IsPrimaryId != nil && *potentialNewId.SelfSignature.IsPrimaryId) {
+ return false
+ }
+
+ if !(existingId.SelfSignature.IsPrimaryId != nil && *existingId.SelfSignature.IsPrimaryId) &&
+ potentialNewId.SelfSignature.IsPrimaryId != nil && *potentialNewId.SelfSignature.IsPrimaryId {
+ return true
+ }
+
+ return potentialNewId.SelfSignature.CreationTime.After(existingId.SelfSignature.CreationTime)
+}
+
+// EncryptionKey returns the best candidate Key for encrypting a message to the
+// given Entity.
+func (e *Entity) EncryptionKey(now time.Time) (Key, bool) {
+ // Fail to find any encryption key if the...
+ primarySelfSignature, primaryIdentity := e.PrimarySelfSignature()
+ if primarySelfSignature == nil || // no self-signature found
+ e.PrimaryKey.KeyExpired(primarySelfSignature, now) || // primary key has expired
+ e.Revoked(now) || // primary key has been revoked
+ primarySelfSignature.SigExpired(now) || // user ID or or direct self-signature has expired
+ (primaryIdentity != nil && primaryIdentity.Revoked(now)) { // user ID has been revoked (for v4 keys)
+ return Key{}, false
+ }
+
+ // Iterate the keys to find the newest, unexpired one
+ candidateSubkey := -1
+ var maxTime time.Time
+ for i, subkey := range e.Subkeys {
+ if subkey.Sig.FlagsValid &&
+ subkey.Sig.FlagEncryptCommunications &&
+ subkey.PublicKey.PubKeyAlgo.CanEncrypt() &&
+ !subkey.PublicKey.KeyExpired(subkey.Sig, now) &&
+ !subkey.Sig.SigExpired(now) &&
+ !subkey.Revoked(now) &&
+ (maxTime.IsZero() || subkey.Sig.CreationTime.After(maxTime)) {
+ candidateSubkey = i
+ maxTime = subkey.Sig.CreationTime
+ }
+ }
+
+ if candidateSubkey != -1 {
+ subkey := e.Subkeys[candidateSubkey]
+ return Key{e, subkey.PublicKey, subkey.PrivateKey, subkey.Sig, subkey.Revocations}, true
+ }
+
+ // If we don't have any subkeys for encryption and the primary key
+ // is marked as OK to encrypt with, then we can use it.
+ if primarySelfSignature.FlagsValid && primarySelfSignature.FlagEncryptCommunications &&
+ e.PrimaryKey.PubKeyAlgo.CanEncrypt() {
+ return Key{e, e.PrimaryKey, e.PrivateKey, primarySelfSignature, e.Revocations}, true
+ }
+
+ return Key{}, false
+}
+
+// CertificationKey return the best candidate Key for certifying a key with this
+// Entity.
+func (e *Entity) CertificationKey(now time.Time) (Key, bool) {
+ return e.CertificationKeyById(now, 0)
+}
+
+// CertificationKeyById return the Key for key certification with this
+// Entity and keyID.
+func (e *Entity) CertificationKeyById(now time.Time, id uint64) (Key, bool) {
+ return e.signingKeyByIdUsage(now, id, packet.KeyFlagCertify)
+}
+
+// SigningKey return the best candidate Key for signing a message with this
+// Entity.
+func (e *Entity) SigningKey(now time.Time) (Key, bool) {
+ return e.SigningKeyById(now, 0)
+}
+
+// SigningKeyById return the Key for signing a message with this
+// Entity and keyID.
+func (e *Entity) SigningKeyById(now time.Time, id uint64) (Key, bool) {
+ return e.signingKeyByIdUsage(now, id, packet.KeyFlagSign)
+}
+
+func (e *Entity) signingKeyByIdUsage(now time.Time, id uint64, flags int) (Key, bool) {
+ // Fail to find any signing key if the...
+ primarySelfSignature, primaryIdentity := e.PrimarySelfSignature()
+ if primarySelfSignature == nil || // no self-signature found
+ e.PrimaryKey.KeyExpired(primarySelfSignature, now) || // primary key has expired
+ e.Revoked(now) || // primary key has been revoked
+ primarySelfSignature.SigExpired(now) || // user ID or direct self-signature has expired
+ (primaryIdentity != nil && primaryIdentity.Revoked(now)) { // user ID has been revoked (for v4 keys)
+ return Key{}, false
+ }
+
+ // Iterate the keys to find the newest, unexpired one
+ candidateSubkey := -1
+ var maxTime time.Time
+ for idx, subkey := range e.Subkeys {
+ if subkey.Sig.FlagsValid &&
+ (flags&packet.KeyFlagCertify == 0 || subkey.Sig.FlagCertify) &&
+ (flags&packet.KeyFlagSign == 0 || subkey.Sig.FlagSign) &&
+ subkey.PublicKey.PubKeyAlgo.CanSign() &&
+ !subkey.PublicKey.KeyExpired(subkey.Sig, now) &&
+ !subkey.Sig.SigExpired(now) &&
+ !subkey.Revoked(now) &&
+ (maxTime.IsZero() || subkey.Sig.CreationTime.After(maxTime)) &&
+ (id == 0 || subkey.PublicKey.KeyId == id) {
+ candidateSubkey = idx
+ maxTime = subkey.Sig.CreationTime
+ }
+ }
+
+ if candidateSubkey != -1 {
+ subkey := e.Subkeys[candidateSubkey]
+ return Key{e, subkey.PublicKey, subkey.PrivateKey, subkey.Sig, subkey.Revocations}, true
+ }
+
+ // If we don't have any subkeys for signing and the primary key
+ // is marked as OK to sign with, then we can use it.
+ if primarySelfSignature.FlagsValid &&
+ (flags&packet.KeyFlagCertify == 0 || primarySelfSignature.FlagCertify) &&
+ (flags&packet.KeyFlagSign == 0 || primarySelfSignature.FlagSign) &&
+ e.PrimaryKey.PubKeyAlgo.CanSign() &&
+ (id == 0 || e.PrimaryKey.KeyId == id) {
+ return Key{e, e.PrimaryKey, e.PrivateKey, primarySelfSignature, e.Revocations}, true
+ }
+
+ // No keys with a valid Signing Flag or no keys matched the id passed in
+ return Key{}, false
+}
+
+func revoked(revocations []*packet.Signature, now time.Time) bool {
+ for _, revocation := range revocations {
+ if revocation.RevocationReason != nil && *revocation.RevocationReason == packet.KeyCompromised {
+ // If the key is compromised, the key is considered revoked even before the revocation date.
+ return true
+ }
+ if !revocation.SigExpired(now) {
+ return true
+ }
+ }
+ return false
+}
+
+// Revoked returns whether the entity has any direct key revocation signatures.
+// Note that third-party revocation signatures are not supported.
+// Note also that Identity and Subkey revocation should be checked separately.
+func (e *Entity) Revoked(now time.Time) bool {
+ return revoked(e.Revocations, now)
+}
+
+// EncryptPrivateKeys encrypts all non-encrypted keys in the entity with the same key
+// derived from the provided passphrase. Public keys and dummy keys are ignored,
+// and don't cause an error to be returned.
+func (e *Entity) EncryptPrivateKeys(passphrase []byte, config *packet.Config) error {
+ var keysToEncrypt []*packet.PrivateKey
+ // Add entity private key to encrypt.
+ if e.PrivateKey != nil && !e.PrivateKey.Dummy() && !e.PrivateKey.Encrypted {
+ keysToEncrypt = append(keysToEncrypt, e.PrivateKey)
+ }
+
+ // Add subkeys to encrypt.
+ for _, sub := range e.Subkeys {
+ if sub.PrivateKey != nil && !sub.PrivateKey.Dummy() && !sub.PrivateKey.Encrypted {
+ keysToEncrypt = append(keysToEncrypt, sub.PrivateKey)
+ }
+ }
+ return packet.EncryptPrivateKeys(keysToEncrypt, passphrase, config)
+}
+
+// DecryptPrivateKeys decrypts all encrypted keys in the entity with the given passphrase.
+// Avoids recomputation of similar s2k key derivations. Public keys and dummy keys are ignored,
+// and don't cause an error to be returned.
+func (e *Entity) DecryptPrivateKeys(passphrase []byte) error {
+ var keysToDecrypt []*packet.PrivateKey
+ // Add entity private key to decrypt.
+ if e.PrivateKey != nil && !e.PrivateKey.Dummy() && e.PrivateKey.Encrypted {
+ keysToDecrypt = append(keysToDecrypt, e.PrivateKey)
+ }
+
+ // Add subkeys to decrypt.
+ for _, sub := range e.Subkeys {
+ if sub.PrivateKey != nil && !sub.PrivateKey.Dummy() && sub.PrivateKey.Encrypted {
+ keysToDecrypt = append(keysToDecrypt, sub.PrivateKey)
+ }
+ }
+ return packet.DecryptPrivateKeys(keysToDecrypt, passphrase)
+}
+
+// Revoked returns whether the identity has been revoked by a self-signature.
+// Note that third-party revocation signatures are not supported.
+func (i *Identity) Revoked(now time.Time) bool {
+ return revoked(i.Revocations, now)
+}
+
+// Revoked returns whether the subkey has been revoked by a self-signature.
+// Note that third-party revocation signatures are not supported.
+func (s *Subkey) Revoked(now time.Time) bool {
+ return revoked(s.Revocations, now)
+}
+
+// Revoked returns whether the key or subkey has been revoked by a self-signature.
+// Note that third-party revocation signatures are not supported.
+// Note also that Identity revocation should be checked separately.
+// Normally, it's not necessary to call this function, except on keys returned by
+// KeysById or KeysByIdUsage.
+func (key *Key) Revoked(now time.Time) bool {
+ return revoked(key.Revocations, now)
+}
+
+// An EntityList contains one or more Entities.
+type EntityList []*Entity
+
+// KeysById returns the set of keys that have the given key id.
+func (el EntityList) KeysById(id uint64) (keys []Key) {
+ for _, e := range el {
+ if e.PrimaryKey.KeyId == id {
+ selfSig, _ := e.PrimarySelfSignature()
+ keys = append(keys, Key{e, e.PrimaryKey, e.PrivateKey, selfSig, e.Revocations})
+ }
+
+ for _, subKey := range e.Subkeys {
+ if subKey.PublicKey.KeyId == id {
+ keys = append(keys, Key{e, subKey.PublicKey, subKey.PrivateKey, subKey.Sig, subKey.Revocations})
+ }
+ }
+ }
+ return
+}
+
+// KeysByIdAndUsage returns the set of keys with the given id that also meet
+// the key usage given by requiredUsage. The requiredUsage is expressed as
+// the bitwise-OR of packet.KeyFlag* values.
+func (el EntityList) KeysByIdUsage(id uint64, requiredUsage byte) (keys []Key) {
+ for _, key := range el.KeysById(id) {
+ if requiredUsage != 0 {
+ if key.SelfSignature == nil || !key.SelfSignature.FlagsValid {
+ continue
+ }
+
+ var usage byte
+ if key.SelfSignature.FlagCertify {
+ usage |= packet.KeyFlagCertify
+ }
+ if key.SelfSignature.FlagSign {
+ usage |= packet.KeyFlagSign
+ }
+ if key.SelfSignature.FlagEncryptCommunications {
+ usage |= packet.KeyFlagEncryptCommunications
+ }
+ if key.SelfSignature.FlagEncryptStorage {
+ usage |= packet.KeyFlagEncryptStorage
+ }
+ if usage&requiredUsage != requiredUsage {
+ continue
+ }
+ }
+
+ keys = append(keys, key)
+ }
+ return
+}
+
+// DecryptionKeys returns all private keys that are valid for decryption.
+func (el EntityList) DecryptionKeys() (keys []Key) {
+ for _, e := range el {
+ for _, subKey := range e.Subkeys {
+ if subKey.PrivateKey != nil && subKey.Sig.FlagsValid && (subKey.Sig.FlagEncryptStorage || subKey.Sig.FlagEncryptCommunications) {
+ keys = append(keys, Key{e, subKey.PublicKey, subKey.PrivateKey, subKey.Sig, subKey.Revocations})
+ }
+ }
+ }
+ return
+}
+
+// ReadArmoredKeyRing reads one or more public/private keys from an armor keyring file.
+func ReadArmoredKeyRing(r io.Reader) (EntityList, error) {
+ block, err := armor.Decode(r)
+ if err == io.EOF {
+ return nil, errors.InvalidArgumentError("no armored data found")
+ }
+ if err != nil {
+ return nil, err
+ }
+ if block.Type != PublicKeyType && block.Type != PrivateKeyType {
+ return nil, errors.InvalidArgumentError("expected public or private key block, got: " + block.Type)
+ }
+
+ return ReadKeyRing(block.Body)
+}
+
+// ReadKeyRing reads one or more public/private keys. Unsupported keys are
+// ignored as long as at least a single valid key is found.
+func ReadKeyRing(r io.Reader) (el EntityList, err error) {
+ packets := packet.NewReader(r)
+ var lastUnsupportedError error
+
+ for {
+ var e *Entity
+ e, err = ReadEntity(packets)
+ if err != nil {
+ // TODO: warn about skipped unsupported/unreadable keys
+ if _, ok := err.(errors.UnsupportedError); ok {
+ lastUnsupportedError = err
+ err = readToNextPublicKey(packets)
+ } else if _, ok := err.(errors.StructuralError); ok {
+ // Skip unreadable, badly-formatted keys
+ lastUnsupportedError = err
+ err = readToNextPublicKey(packets)
+ }
+ if err == io.EOF {
+ err = nil
+ break
+ }
+ if err != nil {
+ el = nil
+ break
+ }
+ } else {
+ el = append(el, e)
+ }
+ }
+
+ if len(el) == 0 && err == nil {
+ err = lastUnsupportedError
+ }
+ return
+}
+
+// readToNextPublicKey reads packets until the start of the entity and leaves
+// the first packet of the new entity in the Reader.
+func readToNextPublicKey(packets *packet.Reader) (err error) {
+ var p packet.Packet
+ for {
+ p, err = packets.Next()
+ if err == io.EOF {
+ return
+ } else if err != nil {
+ if _, ok := err.(errors.UnsupportedError); ok {
+ continue
+ }
+ return
+ }
+
+ if pk, ok := p.(*packet.PublicKey); ok && !pk.IsSubkey {
+ packets.Unread(p)
+ return
+ }
+ }
+}
+
+// ReadEntity reads an entity (public key, identities, subkeys etc) from the
+// given Reader.
+func ReadEntity(packets *packet.Reader) (*Entity, error) {
+ e := new(Entity)
+ e.Identities = make(map[string]*Identity)
+
+ p, err := packets.Next()
+ if err != nil {
+ return nil, err
+ }
+
+ var ok bool
+ if e.PrimaryKey, ok = p.(*packet.PublicKey); !ok {
+ if e.PrivateKey, ok = p.(*packet.PrivateKey); !ok {
+ packets.Unread(p)
+ return nil, errors.StructuralError("first packet was not a public/private key")
+ }
+ e.PrimaryKey = &e.PrivateKey.PublicKey
+ }
+
+ if !e.PrimaryKey.PubKeyAlgo.CanSign() {
+ return nil, errors.StructuralError("primary key cannot be used for signatures")
+ }
+
+ var revocations []*packet.Signature
+ var directSignatures []*packet.Signature
+EachPacket:
+ for {
+ p, err := packets.Next()
+ if err == io.EOF {
+ break
+ } else if err != nil {
+ return nil, err
+ }
+
+ switch pkt := p.(type) {
+ case *packet.UserId:
+ if err := addUserID(e, packets, pkt); err != nil {
+ return nil, err
+ }
+ case *packet.Signature:
+ if pkt.SigType == packet.SigTypeKeyRevocation {
+ revocations = append(revocations, pkt)
+ } else if pkt.SigType == packet.SigTypeDirectSignature {
+ directSignatures = append(directSignatures, pkt)
+ }
+ // Else, ignoring the signature as it does not follow anything
+ // we would know to attach it to.
+ case *packet.PrivateKey:
+ if !pkt.IsSubkey {
+ packets.Unread(p)
+ break EachPacket
+ }
+ err = addSubkey(e, packets, &pkt.PublicKey, pkt)
+ if err != nil {
+ return nil, err
+ }
+ case *packet.PublicKey:
+ if !pkt.IsSubkey {
+ packets.Unread(p)
+ break EachPacket
+ }
+ err = addSubkey(e, packets, pkt, nil)
+ if err != nil {
+ return nil, err
+ }
+ default:
+ // we ignore unknown packets.
+ }
+ }
+
+ if len(e.Identities) == 0 && e.PrimaryKey.Version < 6 {
+ return nil, errors.StructuralError(fmt.Sprintf("v%d entity without any identities", e.PrimaryKey.Version))
+ }
+
+ // An implementation MUST ensure that a valid direct-key signature is present before using a v6 key.
+ if e.PrimaryKey.Version == 6 {
+ if len(directSignatures) == 0 {
+ return nil, errors.StructuralError("v6 entity without a valid direct-key signature")
+ }
+ // Select main direct key signature.
+ var mainDirectKeySelfSignature *packet.Signature
+ for _, directSignature := range directSignatures {
+ if directSignature.SigType == packet.SigTypeDirectSignature &&
+ directSignature.CheckKeyIdOrFingerprint(e.PrimaryKey) &&
+ (mainDirectKeySelfSignature == nil ||
+ directSignature.CreationTime.After(mainDirectKeySelfSignature.CreationTime)) {
+ mainDirectKeySelfSignature = directSignature
+ }
+ }
+ if mainDirectKeySelfSignature == nil {
+ return nil, errors.StructuralError("no valid direct-key self-signature for v6 primary key found")
+ }
+ // Check that the main self-signature is valid.
+ err = e.PrimaryKey.VerifyDirectKeySignature(mainDirectKeySelfSignature)
+ if err != nil {
+ return nil, errors.StructuralError("invalid direct-key self-signature for v6 primary key")
+ }
+ e.SelfSignature = mainDirectKeySelfSignature
+ e.Signatures = directSignatures
+ }
+
+ for _, revocation := range revocations {
+ err = e.PrimaryKey.VerifyRevocationSignature(revocation)
+ if err == nil {
+ e.Revocations = append(e.Revocations, revocation)
+ } else {
+ // TODO: RFC 4880 5.2.3.15 defines revocation keys.
+ return nil, errors.StructuralError("revocation signature signed by alternate key")
+ }
+ }
+
+ return e, nil
+}
+
+func addUserID(e *Entity, packets *packet.Reader, pkt *packet.UserId) error {
+ // Make a new Identity object, that we might wind up throwing away.
+ // We'll only add it if we get a valid self-signature over this
+ // userID.
+ identity := new(Identity)
+ identity.Name = pkt.Id
+ identity.UserId = pkt
+
+ for {
+ p, err := packets.Next()
+ if err == io.EOF {
+ break
+ } else if err != nil {
+ return err
+ }
+
+ sig, ok := p.(*packet.Signature)
+ if !ok {
+ packets.Unread(p)
+ break
+ }
+
+ if sig.SigType != packet.SigTypeGenericCert &&
+ sig.SigType != packet.SigTypePersonaCert &&
+ sig.SigType != packet.SigTypeCasualCert &&
+ sig.SigType != packet.SigTypePositiveCert &&
+ sig.SigType != packet.SigTypeCertificationRevocation {
+ return errors.StructuralError("user ID signature with wrong type")
+ }
+
+ if sig.CheckKeyIdOrFingerprint(e.PrimaryKey) {
+ if err = e.PrimaryKey.VerifyUserIdSignature(pkt.Id, e.PrimaryKey, sig); err != nil {
+ return errors.StructuralError("user ID self-signature invalid: " + err.Error())
+ }
+ if sig.SigType == packet.SigTypeCertificationRevocation {
+ identity.Revocations = append(identity.Revocations, sig)
+ } else if identity.SelfSignature == nil || sig.CreationTime.After(identity.SelfSignature.CreationTime) {
+ identity.SelfSignature = sig
+ }
+ identity.Signatures = append(identity.Signatures, sig)
+ e.Identities[pkt.Id] = identity
+ } else {
+ identity.Signatures = append(identity.Signatures, sig)
+ }
+ }
+
+ return nil
+}
+
+func addSubkey(e *Entity, packets *packet.Reader, pub *packet.PublicKey, priv *packet.PrivateKey) error {
+ var subKey Subkey
+ subKey.PublicKey = pub
+ subKey.PrivateKey = priv
+
+ for {
+ p, err := packets.Next()
+ if err == io.EOF {
+ break
+ } else if err != nil {
+ return errors.StructuralError("subkey signature invalid: " + err.Error())
+ }
+
+ sig, ok := p.(*packet.Signature)
+ if !ok {
+ packets.Unread(p)
+ break
+ }
+
+ if sig.SigType != packet.SigTypeSubkeyBinding && sig.SigType != packet.SigTypeSubkeyRevocation {
+ return errors.StructuralError("subkey signature with wrong type")
+ }
+
+ if err := e.PrimaryKey.VerifyKeySignature(subKey.PublicKey, sig); err != nil {
+ return errors.StructuralError("subkey signature invalid: " + err.Error())
+ }
+
+ switch sig.SigType {
+ case packet.SigTypeSubkeyRevocation:
+ subKey.Revocations = append(subKey.Revocations, sig)
+ case packet.SigTypeSubkeyBinding:
+ if subKey.Sig == nil || sig.CreationTime.After(subKey.Sig.CreationTime) {
+ subKey.Sig = sig
+ }
+ }
+ }
+
+ if subKey.Sig == nil {
+ return errors.StructuralError("subkey packet not followed by signature")
+ }
+
+ e.Subkeys = append(e.Subkeys, subKey)
+
+ return nil
+}
+
+// SerializePrivate serializes an Entity, including private key material, but
+// excluding signatures from other entities, to the given Writer.
+// Identities and subkeys are re-signed in case they changed since NewEntry.
+// If config is nil, sensible defaults will be used.
+func (e *Entity) SerializePrivate(w io.Writer, config *packet.Config) (err error) {
+ if e.PrivateKey.Dummy() {
+ return errors.ErrDummyPrivateKey("dummy private key cannot re-sign identities")
+ }
+ return e.serializePrivate(w, config, true)
+}
+
+// SerializePrivateWithoutSigning serializes an Entity, including private key
+// material, but excluding signatures from other entities, to the given Writer.
+// Self-signatures of identities and subkeys are not re-signed. This is useful
+// when serializing GNU dummy keys, among other things.
+// If config is nil, sensible defaults will be used.
+func (e *Entity) SerializePrivateWithoutSigning(w io.Writer, config *packet.Config) (err error) {
+ return e.serializePrivate(w, config, false)
+}
+
+func (e *Entity) serializePrivate(w io.Writer, config *packet.Config, reSign bool) (err error) {
+ if e.PrivateKey == nil {
+ return goerrors.New("openpgp: private key is missing")
+ }
+ err = e.PrivateKey.Serialize(w)
+ if err != nil {
+ return
+ }
+ for _, revocation := range e.Revocations {
+ err := revocation.Serialize(w)
+ if err != nil {
+ return err
+ }
+ }
+ for _, directSignature := range e.Signatures {
+ err := directSignature.Serialize(w)
+ if err != nil {
+ return err
+ }
+ }
+ for _, ident := range e.Identities {
+ err = ident.UserId.Serialize(w)
+ if err != nil {
+ return
+ }
+ if reSign {
+ if ident.SelfSignature == nil {
+ return goerrors.New("openpgp: can't re-sign identity without valid self-signature")
+ }
+ err = ident.SelfSignature.SignUserId(ident.UserId.Id, e.PrimaryKey, e.PrivateKey, config)
+ if err != nil {
+ return
+ }
+ }
+ for _, sig := range ident.Signatures {
+ err = sig.Serialize(w)
+ if err != nil {
+ return err
+ }
+ }
+ }
+ for _, subkey := range e.Subkeys {
+ err = subkey.PrivateKey.Serialize(w)
+ if err != nil {
+ return
+ }
+ if reSign {
+ err = subkey.Sig.SignKey(subkey.PublicKey, e.PrivateKey, config)
+ if err != nil {
+ return
+ }
+ if subkey.Sig.EmbeddedSignature != nil {
+ err = subkey.Sig.EmbeddedSignature.CrossSignKey(subkey.PublicKey, e.PrimaryKey,
+ subkey.PrivateKey, config)
+ if err != nil {
+ return
+ }
+ }
+ }
+ for _, revocation := range subkey.Revocations {
+ err := revocation.Serialize(w)
+ if err != nil {
+ return err
+ }
+ }
+ err = subkey.Sig.Serialize(w)
+ if err != nil {
+ return
+ }
+ }
+ return nil
+}
+
+// Serialize writes the public part of the given Entity to w, including
+// signatures from other entities. No private key material will be output.
+func (e *Entity) Serialize(w io.Writer) error {
+ err := e.PrimaryKey.Serialize(w)
+ if err != nil {
+ return err
+ }
+ for _, revocation := range e.Revocations {
+ err := revocation.Serialize(w)
+ if err != nil {
+ return err
+ }
+ }
+ for _, directSignature := range e.Signatures {
+ err := directSignature.Serialize(w)
+ if err != nil {
+ return err
+ }
+ }
+ for _, ident := range e.Identities {
+ err = ident.UserId.Serialize(w)
+ if err != nil {
+ return err
+ }
+ for _, sig := range ident.Signatures {
+ err = sig.Serialize(w)
+ if err != nil {
+ return err
+ }
+ }
+ }
+ for _, subkey := range e.Subkeys {
+ err = subkey.PublicKey.Serialize(w)
+ if err != nil {
+ return err
+ }
+ for _, revocation := range subkey.Revocations {
+ err := revocation.Serialize(w)
+ if err != nil {
+ return err
+ }
+ }
+ err = subkey.Sig.Serialize(w)
+ if err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+// SignIdentity adds a signature to e, from signer, attesting that identity is
+// associated with e. The provided identity must already be an element of
+// e.Identities and the private key of signer must have been decrypted if
+// necessary.
+// If config is nil, sensible defaults will be used.
+func (e *Entity) SignIdentity(identity string, signer *Entity, config *packet.Config) error {
+ certificationKey, ok := signer.CertificationKey(config.Now())
+ if !ok {
+ return errors.InvalidArgumentError("no valid certification key found")
+ }
+
+ if certificationKey.PrivateKey.Encrypted {
+ return errors.InvalidArgumentError("signing Entity's private key must be decrypted")
+ }
+
+ ident, ok := e.Identities[identity]
+ if !ok {
+ return errors.InvalidArgumentError("given identity string not found in Entity")
+ }
+
+ sig := createSignaturePacket(certificationKey.PublicKey, packet.SigTypeGenericCert, config)
+
+ signingUserID := config.SigningUserId()
+ if signingUserID != "" {
+ if _, ok := signer.Identities[signingUserID]; !ok {
+ return errors.InvalidArgumentError("signer identity string not found in signer Entity")
+ }
+ sig.SignerUserId = &signingUserID
+ }
+
+ if err := sig.SignUserId(identity, e.PrimaryKey, certificationKey.PrivateKey, config); err != nil {
+ return err
+ }
+ ident.Signatures = append(ident.Signatures, sig)
+ return nil
+}
+
+// RevokeKey generates a key revocation signature (packet.SigTypeKeyRevocation) with the
+// specified reason code and text (RFC4880 section-5.2.3.23).
+// If config is nil, sensible defaults will be used.
+func (e *Entity) RevokeKey(reason packet.ReasonForRevocation, reasonText string, config *packet.Config) error {
+ revSig := createSignaturePacket(e.PrimaryKey, packet.SigTypeKeyRevocation, config)
+ revSig.RevocationReason = &reason
+ revSig.RevocationReasonText = reasonText
+
+ if err := revSig.RevokeKey(e.PrimaryKey, e.PrivateKey, config); err != nil {
+ return err
+ }
+ e.Revocations = append(e.Revocations, revSig)
+ return nil
+}
+
+// RevokeSubkey generates a subkey revocation signature (packet.SigTypeSubkeyRevocation) for
+// a subkey with the specified reason code and text (RFC4880 section-5.2.3.23).
+// If config is nil, sensible defaults will be used.
+func (e *Entity) RevokeSubkey(sk *Subkey, reason packet.ReasonForRevocation, reasonText string, config *packet.Config) error {
+ if err := e.PrimaryKey.VerifyKeySignature(sk.PublicKey, sk.Sig); err != nil {
+ return errors.InvalidArgumentError("given subkey is not associated with this key")
+ }
+
+ revSig := createSignaturePacket(e.PrimaryKey, packet.SigTypeSubkeyRevocation, config)
+ revSig.RevocationReason = &reason
+ revSig.RevocationReasonText = reasonText
+
+ if err := revSig.RevokeSubkey(sk.PublicKey, e.PrivateKey, config); err != nil {
+ return err
+ }
+
+ sk.Revocations = append(sk.Revocations, revSig)
+ return nil
+}
+
+func (e *Entity) primaryDirectSignature() *packet.Signature {
+ return e.SelfSignature
+}
+
+// PrimarySelfSignature searches the entity for the self-signature that stores key preferences.
+// For V4 keys, returns the self-signature of the primary identity, and the identity.
+// For V6 keys, returns the latest valid direct-key self-signature, and no identity (nil).
+// This self-signature is to be used to check the key expiration,
+// algorithm preferences, and so on.
+func (e *Entity) PrimarySelfSignature() (*packet.Signature, *Identity) {
+ if e.PrimaryKey.Version == 6 {
+ return e.primaryDirectSignature(), nil
+ }
+ primaryIdentity := e.PrimaryIdentity()
+ if primaryIdentity == nil {
+ return nil, nil
+ }
+ return primaryIdentity.SelfSignature, primaryIdentity
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/keys_test_data.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/keys_test_data.go
new file mode 100644
index 0000000000000000000000000000000000000000..108fd096f3c797e1e471d11814a692f168f7ccb0
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/keys_test_data.go
@@ -0,0 +1,538 @@
+package openpgp
+
+const expiringKeyHex = "c6c04d0451d0c680010800abbb021fd03ffc4e96618901180c3fdcb060ee69eeead97b91256d11420d80b5f1b51930248044130bd300605cf8a05b7a40d3d8cfb0a910be2e3db50dcd50a9c54064c2a5550801daa834ff4480b33d3d3ca495ff8a4e84a886977d17d998f881241a874083d8b995beab555b6d22b8a4817ab17ac3e7304f7d4d2c05c495fb2218348d3bc13651db1d92732e368a9dd7dcefa6eddff30b94706a9aaee47e9d39321460b740c59c6fc3c2fd8ab6c0fb868cb87c0051f0321301fe0f0e1820b15e7fb7063395769b525005c7e30a7ce85984f5cac00504e7b4fdc45d74958de8388436fd5c7ba9ea121f1c851b5911dd1b47a14d81a09e92ef37721e2325b6790011010001cd00c2c07b041001080025050251d0c680050900278d00060b09070803020415080a0203160201021901021b03021e01000a0910e7b484133a890a35ae4b0800a1beb82e7f28eaf5273d6af9d3391314f6280b2b624eaca2851f89a9ebcaf80ac589ebd509f168bc4322106ca2e2ce77a76e071a3c7444787d65216b5f05e82c77928860b92aace3b7d0327db59492f422eb9dfab7249266d37429870b091a98aba8724c2259ebf8f85093f21255eafa75aa841e31d94f2ac891b9755fed455e539044ee69fc47950b80e003fc9f298d695660f28329eaa38037c367efde1727458e514faf990d439a21461b719edaddf9296d3d0647b43ca56cb8dbf63b4fcf8b9968e7928c463470fab3b98e44d0d95645062f94b2d04fe56bd52822b71934db8ce845622c40b92fcbe765a142e7f38b61a6aa9606c8e8858dcd3b6eb1894acec04d0451d1f06b01080088bea67444e1789390e7c0335c86775502d58ec783d99c8ef4e06de235ed3dd4b0467f6f358d818c7d8989d43ec6d69fcbc8c32632d5a1b605e3fa8e41d695fcdcaa535936cd0157f9040dce362519803b908eafe838bb13216c885c6f93e9e8d5745607f0d062322085d6bdc760969149a8ff8dd9f5c18d9bfe2e6f63a06e17694cf1f67587c6fb70e9aebf90ffc528ca3b615ac7c9d4a21ea4f7c06f2e98fbbd90a859b8608bf9ea638e3a54289ce44c283110d0c45fa458de6251cd6e7baf71f80f12c8978340490fd90c92b81736ae902ed958e478dceae2835953d189c45d182aff02ea2be61b81d8e94430f041d638647b43e2fcb45fd512fbf5068b810011010001c2c06504180108000f050251d1f06b050900081095021b0c000a0910e7b484133a890a35e63407fe2ec88d6d1e6c9ce7553ece0cb2524747217bad29f251d33df84599ffcc900141a355abd62126800744068a5e05dc167056aa9205273dc7765a2ed49db15c2a83b8d6e6429c902136f1e12229086c1c10c0053242c2a4ae1930db58163387a48cad64607ff2153c320e42843dec28e3fce90e7399d63ac0affa2fee1f0adc0953c89eb3f46ef1d6c04328ed13b491669d5120a3782e3ffb7c69575fb77eebd108794f4dda9d34be2bae57e8e59ec8ebfda2f6f06104b2321be408ea146e2db482b00c5055c8618de36ac9716f80da2617e225556d0fce61b01c8cea2d1e0ea982c31711060ca370f2739366e1e708f38405d784b49d16a26cf62d152eae734327cec04d0451d1f07b010800d5af91c5e7c2fd8951c8d254eab0c97cdcb66822f868b79b78c366255059a68fd74ebca9adb9b970cd9e586690e6e0756705432306878c897b10a4b4ca0005966f99ac8fa4e6f9caf54bf8e53844544beee9872a7ac64c119cf1393d96e674254b661f61ee975633d0e8a8672531edb6bb8e211204e7754a9efa802342118eee850beea742bac95a3f706cc2024cf6037a308bb68162b2f53b9a6346a96e6d31871a2456186e24a1c7a82b82ac04afdfd57cd7fb9ba77a9c760d40b76a170f7be525e5fb6a9848cc726e806187710d9b190387df28700f321f988a392899f93815cc937f309129eb94d5299c5547cb2c085898e6639496e70d746c9d3fb9881d0011010001c2c06504180108000f050251d1f07b050900266305021b0c000a0910e7b484133a890a35bff207fd10dfe8c4a6ea1dd30568012b6fd6891a763c87ad0f7a1d112aad9e8e3239378a3b85588c235865bac2e614348cb4f216d7217f53b3ef48c192e0a4d31d64d7bfa5faccf21155965fa156e887056db644a05ad08a85cc6152d1377d9e37b46f4ff462bbe68ace2dc586ef90070314576c985d8037c2ba63f0a7dc17a62e15bd77e88bc61d9d00858979709f12304264a4cf4225c5cf86f12c8e19486cb9cdcc69f18f027e5f16f4ca8b50e28b3115eaff3a345acd21f624aef81f6ede515c1b55b26b84c1e32264754eab672d5489b287e7277ea855e0a5ff2aa9e8b8c76d579a964ec225255f4d57bf66639ccb34b64798846943e162a41096a7002ca21c7f56"
+const subkeyUsageHex = "988d04533a52bc010400d26af43085558f65b9e7dbc90cb9238015259aed5e954637adcfa2181548b2d0b60c65f1f42ec5081cbf1bc0a8aa4900acfb77070837c58f26012fbce297d70afe96e759ad63531f0037538e70dbf8e384569b9720d99d8eb39d8d0a2947233ed242436cb6ac7dfe74123354b3d0119b5c235d3dd9c9d6c004f8ffaf67ad8583001101000188b7041f010200210502533b8552170c8001ce094aa433f7040bb2ddf0be3893cb843d0fe70c020700000a0910a42704b92866382aa98404009d63d916a27543da4221c60087c33f1c44bec9998c5438018ed370cca4962876c748e94b73eb39c58eb698063f3fd6346d58dd2a11c0247934c4a9d71f24754f7468f96fb24c3e791dd2392b62f626148ad724189498cbf993db2df7c0cdc2d677c35da0f16cb16c9ce7c33b4de65a4a91b1d21a130ae9cc26067718910ef8e2b417556d627261203c756d627261407379642e65642e61753e88b80413010200220502533a52bc021b03060b090807030206150802090a0b0416020301021e01021780000a0910a42704b92866382a47840400c0c2bd04f5fca586de408b395b3c280a278259c93eaaa8b79a53b97003f8ed502a8a00446dd9947fb462677e4fcac0dac2f0701847d15130aadb6cd9e0705ea0cf5f92f129136c7be21a718d46c8e641eb7f044f2adae573e11ae423a0a9ca51324f03a8a2f34b91fa40c3cc764bee4dccadedb54c768ba0469b683ea53f1c29b88d04533a52bc01040099c92a5d6f8b744224da27bc2369127c35269b58bec179de6bbc038f749344222f85a31933224f26b70243c4e4b2d242f0c4777eaef7b5502f9dad6d8bf3aaeb471210674b74de2d7078af497d55f5cdad97c7bedfbc1b41e8065a97c9c3d344b21fc81d27723af8e374bc595da26ea242dccb6ae497be26eea57e563ed517e90011010001889f0418010200090502533a52bc021b0c000a0910a42704b92866382afa1403ff70284c2de8a043ff51d8d29772602fa98009b7861c540535f874f2c230af8caf5638151a636b21f8255003997ccd29747fdd06777bb24f9593bd7d98a3e887689bf902f999915fcc94625ae487e5d13e6616f89090ebc4fdc7eb5cad8943e4056995bb61c6af37f8043016876a958ec7ebf39c43d20d53b7f546cfa83e8d2604b88d04533b8283010400c0b529316dbdf58b4c54461e7e669dc11c09eb7f73819f178ccd4177b9182b91d138605fcf1e463262fabefa73f94a52b5e15d1904635541c7ea540f07050ce0fb51b73e6f88644cec86e91107c957a114f69554548a85295d2b70bd0b203992f76eb5d493d86d9eabcaa7ef3fc7db7e458438db3fcdb0ca1cc97c638439a9170011010001889f0418010200090502533b8283021b0c000a0910a42704b92866382adc6d0400cfff6258485a21675adb7a811c3e19ebca18851533f75a7ba317950b9997fda8d1a4c8c76505c08c04b6c2cc31dc704d33da36a21273f2b388a1a706f7c3378b66d887197a525936ed9a69acb57fe7f718133da85ec742001c5d1864e9c6c8ea1b94f1c3759cebfd93b18606066c063a63be86085b7e37bdbc65f9a915bf084bb901a204533b85cd110400aed3d2c52af2b38b5b67904b0ef73d6dd7aef86adb770e2b153cd22489654dcc91730892087bb9856ae2d9f7ed1eb48f214243fe86bfe87b349ebd7c30e630e49c07b21fdabf78b7a95c8b7f969e97e3d33f2e074c63552ba64a2ded7badc05ce0ea2be6d53485f6900c7860c7aa76560376ce963d7271b9b54638a4028b573f00a0d8854bfcdb04986141568046202192263b9b67350400aaa1049dbc7943141ef590a70dcb028d730371d92ea4863de715f7f0f16d168bd3dc266c2450457d46dcbbf0b071547e5fbee7700a820c3750b236335d8d5848adb3c0da010e998908dfd93d961480084f3aea20b247034f8988eccb5546efaa35a92d0451df3aaf1aee5aa36a4c4d462c760ecd9cebcabfbe1412b1f21450f203fd126687cd486496e971a87fd9e1a8a765fe654baa219a6871ab97768596ab05c26c1aeea8f1a2c72395a58dbc12ef9640d2b95784e974a4d2d5a9b17c25fedacfe551bda52602de8f6d2e48443f5dd1a2a2a8e6a5e70ecdb88cd6e766ad9745c7ee91d78cc55c3d06536b49c3fee6c3d0b6ff0fb2bf13a314f57c953b8f4d93bf88e70418010200090502533b85cd021b0200520910a42704b92866382a47200419110200060502533b85cd000a091042ce2c64bc0ba99214b2009e26b26852c8b13b10c35768e40e78fbbb48bd084100a0c79d9ea0844fa5853dd3c85ff3ecae6f2c9dd6c557aa04008bbbc964cd65b9b8299d4ebf31f41cc7264b8cf33a00e82c5af022331fac79efc9563a822497ba012953cefe2629f1242fcdcb911dbb2315985bab060bfd58261ace3c654bdbbe2e8ed27a46e836490145c86dc7bae15c011f7e1ffc33730109b9338cd9f483e7cef3d2f396aab5bd80efb6646d7e778270ee99d934d187dd98"
+const revokedKeyHex = "988d045331ce82010400c4fdf7b40a5477f206e6ee278eaef888ca73bf9128a9eef9f2f1ddb8b7b71a4c07cfa241f028a04edb405e4d916c61d6beabc333813dc7b484d2b3c52ee233c6a79b1eea4e9cc51596ba9cd5ac5aeb9df62d86ea051055b79d03f8a4fa9f38386f5bd17529138f3325d46801514ea9047977e0829ed728e68636802796801be10011010001889f04200102000905025331d0e3021d03000a0910a401d9f09a34f7c042aa040086631196405b7e6af71026b88e98012eab44aa9849f6ef3fa930c7c9f23deaedba9db1538830f8652fb7648ec3fcade8dbcbf9eaf428e83c6cbcc272201bfe2fbb90d41963397a7c0637a1a9d9448ce695d9790db2dc95433ad7be19eb3de72dacf1d6db82c3644c13eae2a3d072b99bb341debba012c5ce4006a7d34a1f4b94b444526567205265766f6b657220283c52656727732022424d204261726973746122204b657920262530305c303e5c29203c72656740626d626172697374612e636f2e61753e88b704130102002205025331ce82021b03060b090807030206150802090a0b0416020301021e01021780000a0910a401d9f09a34f7c0019c03f75edfbeb6a73e7225ad3cc52724e2872e04260d7daf0d693c170d8c4b243b8767bc7785763533febc62ec2600c30603c433c095453ede59ff2fcabeb84ce32e0ed9d5cf15ffcbc816202b64370d4d77c1e9077d74e94a16fb4fa2e5bec23a56d7a73cf275f91691ae1801a976fcde09e981a2f6327ac27ea1fecf3185df0d56889c04100102000605025331cfb5000a0910fe9645554e8266b64b4303fc084075396674fb6f778d302ac07cef6bc0b5d07b66b2004c44aef711cbac79617ef06d836b4957522d8772dd94bf41a2f4ac8b1ee6d70c57503f837445a74765a076d07b829b8111fc2a918423ddb817ead7ca2a613ef0bfb9c6b3562aec6c3cf3c75ef3031d81d95f6563e4cdcc9960bcb386c5d757b104fcca5fe11fc709df884604101102000605025331cfe7000a09107b15a67f0b3ddc0317f6009e360beea58f29c1d963a22b962b80788c3fa6c84e009d148cfde6b351469b8eae91187eff07ad9d08fcaab88d045331ce820104009f25e20a42b904f3fa555530fe5c46737cf7bd076c35a2a0d22b11f7e0b61a69320b768f4a80fe13980ce380d1cfc4a0cd8fbe2d2e2ef85416668b77208baa65bf973fe8e500e78cc310d7c8705cdb34328bf80e24f0385fce5845c33bc7943cf6b11b02348a23da0bf6428e57c05135f2dc6bd7c1ce325d666d5a5fd2fd5e410011010001889f04180102000905025331ce82021b0c000a0910a401d9f09a34f7c0418003fe34feafcbeaef348a800a0d908a7a6809cc7304017d820f70f0474d5e23cb17e38b67dc6dca282c6ca00961f4ec9edf2738d0f087b1d81e4871ef08e1798010863afb4eac4c44a376cb343be929c5be66a78cfd4456ae9ec6a99d97f4e1c3ff3583351db2147a65c0acef5c003fb544ab3a2e2dc4d43646f58b811a6c3a369d1f"
+const revokedSubkeyHex = "988d04533121f6010400aefc803a3e4bb1a61c86e8a86d2726c6a43e0079e9f2713f1fa017e9854c83877f4aced8e331d675c67ea83ddab80aacbfa0b9040bb12d96f5a3d6be09455e2a76546cbd21677537db941cab710216b6d24ec277ee0bd65b910f416737ed120f6b93a9d3b306245c8cfd8394606fdb462e5cf43c551438d2864506c63367fc890011010001b41d416c696365203c616c69636540626d626172697374612e636f2e61753e88bb041301020025021b03060b090807030206150802090a0b0416020301021e01021780050253312798021901000a09104ef7e4beccde97f015a803ff5448437780f63263b0df8442a995e7f76c221351a51edd06f2063d8166cf3157aada4923dfc44aa0f2a6a4da5cf83b7fe722ba8ab416c976e77c6b5682e7f1069026673bd0de56ba06fd5d7a9f177607f277d9b55ff940a638c3e68525c67517e2b3d976899b93ca267f705b3e5efad7d61220e96b618a4497eab8d04403d23f8846041011020006050253312910000a09107b15a67f0b3ddc03d96e009f50b6365d86c4be5d5e9d0ea42d5e56f5794c617700a0ab274e19c2827780016d23417ce89e0a2c0d987d889c04100102000605025331cf7a000a0910a401d9f09a34f7c0ee970400aca292f213041c9f3b3fc49148cbda9d84afee6183c8dd6c5ff2600b29482db5fecd4303797be1ee6d544a20a858080fec43412061c9a71fae4039fd58013b4ae341273e6c66ad4c7cdd9e68245bedb260562e7b166f2461a1032f2b38c0e0e5715fb3d1656979e052b55ca827a76f872b78a9fdae64bc298170bfcebedc1271b41a416c696365203c616c696365407379646973702e6f722e61753e88b804130102002205025331278b021b03060b090807030206150802090a0b0416020301021e01021780000a09104ef7e4beccde97f06a7003fa03c3af68d272ebc1fa08aa72a03b02189c26496a2833d90450801c4e42c5b5f51ad96ce2d2c9cef4b7c02a6a2fcf1412d6a2d486098eb762f5010a201819c17fd2888aec8eda20c65a3b75744de7ee5cc8ac7bfc470cbe3cb982720405a27a3c6a8c229cfe36905f881b02ed5680f6a8f05866efb9d6c5844897e631deb949ca8846041011020006050253312910000a09107b15a67f0b3ddc0347bc009f7fa35db59147469eb6f2c5aaf6428accb138b22800a0caa2f5f0874bacc5909c652a57a31beda65eddd5889c04100102000605025331cf7a000a0910a401d9f09a34f7c0316403ff46f2a5c101256627f16384d34a38fb47a6c88ba60506843e532d91614339fccae5f884a5741e7582ffaf292ba38ee10a270a05f139bde3814b6a077e8cd2db0f105ebea2a83af70d385f13b507fac2ad93ff79d84950328bb86f3074745a8b7f9b64990fb142e2a12976e27e8d09a28dc5621f957ac49091116da410ac3cbde1b88d04533121f6010400cbd785b56905e4192e2fb62a720727d43c4fa487821203cf72138b884b78b701093243e1d8c92a0248a6c0203a5a88693da34af357499abacaf4b3309c640797d03093870a323b4b6f37865f6eaa2838148a67df4735d43a90ca87942554cdf1c4a751b1e75f9fd4ce4e97e278d6c1c7ed59d33441df7d084f3f02beb68896c70011010001889f0418010200090502533121f6021b0c000a09104ef7e4beccde97f0b98b03fc0a5ccf6a372995835a2f5da33b282a7d612c0ab2a97f59cf9fff73e9110981aac2858c41399afa29624a7fd8a0add11654e3d882c0fd199e161bdad65e5e2548f7b68a437ea64293db1246e3011cbb94dc1bcdeaf0f2539bd88ff16d95547144d97cead6a8c5927660a91e6db0d16eb36b7b49a3525b54d1644e65599b032b7eb901a204533127a0110400bd3edaa09eff9809c4edc2c2a0ebe52e53c50a19c1e49ab78e6167bf61473bb08f2050d78a5cbbc6ed66aff7b42cd503f16b4a0b99fa1609681fca9b7ce2bbb1a5b3864d6cdda4d7ef7849d156d534dea30fb0efb9e4cf8959a2b2ce623905882d5430b995a15c3b9fe92906086788b891002924f94abe139b42cbbfaaabe42f00a0b65dc1a1ad27d798adbcb5b5ad02d2688c89477b03ff4eebb6f7b15a73b96a96bed201c0e5e4ea27e4c6e2dd1005b94d4b90137a5b1cf5e01c6226c070c4cc999938101578877ee76d296b9aab8246d57049caacf489e80a3f40589cade790a020b1ac146d6f7a6241184b8c7fcde680eae3188f5dcbe846d7f7bdad34f6fcfca08413e19c1d5df83fc7c7c627d493492e009c2f52a80400a2fe82de87136fd2e8845888c4431b032ba29d9a29a804277e31002a8201fb8591a3e55c7a0d0881496caf8b9fb07544a5a4879291d0dc026a0ea9e5bd88eb4aa4947bbd694b25012e208a250d65ddc6f1eea59d3aed3b4ec15fcab85e2afaa23a40ab1ef9ce3e11e1bc1c34a0e758e7aa64deb8739276df0af7d4121f834a9b88e70418010200090502533127a0021b02005209104ef7e4beccde97f047200419110200060502533127a0000a0910dbce4ee19529437fe045009c0b32f5ead48ee8a7e98fac0dea3d3e6c0e2c552500a0ad71fadc5007cfaf842d9b7db3335a8cdad15d3d1a6404009b08e2c68fe8f3b45c1bb72a4b3278cdf3012aa0f229883ad74aa1f6000bb90b18301b2f85372ca5d6b9bf478d235b733b1b197d19ccca48e9daf8e890cb64546b4ce1b178faccfff07003c172a2d4f5ebaba9f57153955f3f61a9b80a4f5cb959908f8b211b03b7026a8a82fc612bfedd3794969bcf458c4ce92be215a1176ab88d045331d144010400a5063000c5aaf34953c1aa3bfc95045b3aab9882b9a8027fecfe2142dc6b47ba8aca667399990244d513dd0504716908c17d92c65e74219e004f7b83fc125e575dd58efec3ab6dd22e3580106998523dea42ec75bf9aa111734c82df54630bebdff20fe981cfc36c76f865eb1c2fb62c9e85bc3a6e5015a361a2eb1c8431578d0011010001889f04280102000905025331d433021d03000a09104ef7e4beccde97f02e5503ff5e0630d1b65291f4882b6d40a29da4616bb5088717d469fbcc3648b8276de04a04988b1f1b9f3e18f52265c1f8b6c85861691c1a6b8a3a25a1809a0b32ad330aec5667cb4262f4450649184e8113849b05e5ad06a316ea80c001e8e71838190339a6e48bbde30647bcf245134b9a97fa875c1d83a9862cae87ffd7e2c4ce3a1b89013d04180102000905025331d144021b0200a809104ef7e4beccde97f09d2004190102000605025331d144000a0910677815e371c2fd23522203fe22ab62b8e7a151383cea3edd3a12995693911426f8ccf125e1f6426388c0010f88d9ca7da2224aee8d1c12135998640c5e1813d55a93df472faae75bef858457248db41b4505827590aeccf6f9eb646da7f980655dd3050c6897feddddaca90676dee856d66db8923477d251712bb9b3186b4d0114daf7d6b59272b53218dd1da94a03ff64006fcbe71211e5daecd9961fba66cdb6de3f914882c58ba5beddeba7dcb950c1156d7fba18c19ea880dccc800eae335deec34e3b84ac75ffa24864f782f87815cda1c0f634b3dd2fa67cea30811d21723d21d9551fa12ccbcfa62b6d3a15d01307b99925707992556d50065505b090aadb8579083a20fe65bd2a270da9b011"
+
+const missingCrossSignatureKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+Charset: UTF-8
+
+mQENBFMYynYBCACVOZ3/e8Bm2b9KH9QyIlHGo/i1bnkpqsgXj8tpJ2MIUOnXMMAY
+ztW7kKFLCmgVdLIC0vSoLA4yhaLcMojznh/2CcUglZeb6Ao8Gtelr//Rd5DRfPpG
+zqcfUo+m+eO1co2Orabw0tZDfGpg5p3AYl0hmxhUyYSc/xUq93xL1UJzBFgYXY54
+QsM8dgeQgFseSk/YvdP5SMx1ev+eraUyiiUtWzWrWC1TdyRa5p4UZg6Rkoppf+WJ
+QrW6BWrhAtqATHc8ozV7uJjeONjUEq24roRc/OFZdmQQGK6yrzKnnbA6MdHhqpdo
+9kWDcXYb7pSE63Lc+OBa5X2GUVvXJLS/3nrtABEBAAG0F2ludmFsaWQtc2lnbmlu
+Zy1zdWJrZXlziQEoBBMBAgASBQJTnKB5AhsBAgsHAhUIAh4BAAoJEO3UDQUIHpI/
+dN4H/idX4FQ1LIZCnpHS/oxoWQWfpRgdKAEM0qCqjMgiipJeEwSQbqjTCynuh5/R
+JlODDz85ABR06aoF4l5ebGLQWFCYifPnJZ/Yf5OYcMGtb7dIbqxWVFL9iLMO/oDL
+ioI3dotjPui5e+2hI9pVH1UHB/bZ/GvMGo6Zg0XxLPolKQODMVjpjLAQ0YJ3spew
+RAmOGre6tIvbDsMBnm8qREt7a07cBJ6XK7xjxYaZHQBiHVxyEWDa6gyANONx8duW
+/fhQ/zDTnyVM/ik6VO0Ty9BhPpcEYLFwh5c1ilFari1ta3e6qKo6ZGa9YMk/REhu
+yBHd9nTkI+0CiQUmbckUiVjDKKe5AQ0EUxjKdgEIAJcXQeP+NmuciE99YcJoffxv
+2gVLU4ZXBNHEaP0mgaJ1+tmMD089vUQAcyGRvw8jfsNsVZQIOAuRxY94aHQhIRHR
+bUzBN28ofo/AJJtfx62C15xt6fDKRV6HXYqAiygrHIpEoRLyiN69iScUsjIJeyFL
+C8wa72e8pSL6dkHoaV1N9ZH/xmrJ+k0vsgkQaAh9CzYufncDxcwkoP+aOlGtX1gP
+WwWoIbz0JwLEMPHBWvDDXQcQPQTYQyj+LGC9U6f9VZHN25E94subM1MjuT9OhN9Y
+MLfWaaIc5WyhLFyQKW2Upofn9wSFi8ubyBnv640Dfd0rVmaWv7LNTZpoZ/GbJAMA
+EQEAAYkBHwQYAQIACQUCU5ygeQIbAgAKCRDt1A0FCB6SP0zCB/sEzaVR38vpx+OQ
+MMynCBJrakiqDmUZv9xtplY7zsHSQjpd6xGflbU2n+iX99Q+nav0ETQZifNUEd4N
+1ljDGQejcTyKD6Pkg6wBL3x9/RJye7Zszazm4+toJXZ8xJ3800+BtaPoI39akYJm
++ijzbskvN0v/j5GOFJwQO0pPRAFtdHqRs9Kf4YanxhedB4dIUblzlIJuKsxFit6N
+lgGRblagG3Vv2eBszbxzPbJjHCgVLR3RmrVezKOsZjr/2i7X+xLWIR0uD3IN1qOW
+CXQxLBizEEmSNVNxsp7KPGTLnqO3bPtqFirxS9PJLIMPTPLNBY7ZYuPNTMqVIUWF
+4artDmrG
+=7FfJ
+-----END PGP PUBLIC KEY BLOCK-----`
+
+const invalidCrossSignatureKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFMYynYBCACVOZ3/e8Bm2b9KH9QyIlHGo/i1bnkpqsgXj8tpJ2MIUOnXMMAY
+ztW7kKFLCmgVdLIC0vSoLA4yhaLcMojznh/2CcUglZeb6Ao8Gtelr//Rd5DRfPpG
+zqcfUo+m+eO1co2Orabw0tZDfGpg5p3AYl0hmxhUyYSc/xUq93xL1UJzBFgYXY54
+QsM8dgeQgFseSk/YvdP5SMx1ev+eraUyiiUtWzWrWC1TdyRa5p4UZg6Rkoppf+WJ
+QrW6BWrhAtqATHc8ozV7uJjeONjUEq24roRc/OFZdmQQGK6yrzKnnbA6MdHhqpdo
+9kWDcXYb7pSE63Lc+OBa5X2GUVvXJLS/3nrtABEBAAG0F2ludmFsaWQtc2lnbmlu
+Zy1zdWJrZXlziQEoBBMBAgASBQJTnKB5AhsBAgsHAhUIAh4BAAoJEO3UDQUIHpI/
+dN4H/idX4FQ1LIZCnpHS/oxoWQWfpRgdKAEM0qCqjMgiipJeEwSQbqjTCynuh5/R
+JlODDz85ABR06aoF4l5ebGLQWFCYifPnJZ/Yf5OYcMGtb7dIbqxWVFL9iLMO/oDL
+ioI3dotjPui5e+2hI9pVH1UHB/bZ/GvMGo6Zg0XxLPolKQODMVjpjLAQ0YJ3spew
+RAmOGre6tIvbDsMBnm8qREt7a07cBJ6XK7xjxYaZHQBiHVxyEWDa6gyANONx8duW
+/fhQ/zDTnyVM/ik6VO0Ty9BhPpcEYLFwh5c1ilFari1ta3e6qKo6ZGa9YMk/REhu
+yBHd9nTkI+0CiQUmbckUiVjDKKe5AQ0EUxjKdgEIAIINDqlj7X6jYKc6DjwrOkjQ
+UIRWbQQar0LwmNilehmt70g5DCL1SYm9q4LcgJJ2Nhxj0/5qqsYib50OSWMcKeEe
+iRXpXzv1ObpcQtI5ithp0gR53YPXBib80t3bUzomQ5UyZqAAHzMp3BKC54/vUrSK
+FeRaxDzNLrCeyI00+LHNUtwghAqHvdNcsIf8VRumK8oTm3RmDh0TyjASWYbrt9c8
+R1Um3zuoACOVy+mEIgIzsfHq0u7dwYwJB5+KeM7ZLx+HGIYdUYzHuUE1sLwVoELh
++SHIGHI1HDicOjzqgajShuIjj5hZTyQySVprrsLKiXS6NEwHAP20+XjayJ/R3tEA
+EQEAAYkCPgQYAQIBKAUCU5ygeQIbAsBdIAQZAQIABgUCU5ygeQAKCRCpVlnFZmhO
+52RJB/9uD1MSa0wjY6tHOIgquZcP3bHBvHmrHNMw9HR2wRCMO91ZkhrpdS3ZHtgb
+u3/55etj0FdvDo1tb8P8FGSVtO5Vcwf5APM8sbbqoi8L951Q3i7qt847lfhu6sMl
+w0LWFvPTOLHrliZHItPRjOltS1WAWfr2jUYhsU9ytaDAJmvf9DujxEOsN5G1YJep
+54JCKVCkM/y585Zcnn+yxk/XwqoNQ0/iJUT9qRrZWvoeasxhl1PQcwihCwss44A+
+YXaAt3hbk+6LEQuZoYS73yR3WHj+42tfm7YxRGeubXfgCEz/brETEWXMh4pe0vCL
+bfWrmfSPq2rDegYcAybxRQz0lF8PAAoJEO3UDQUIHpI/exkH/0vQfdHA8g/N4T6E
+i6b1CUVBAkvtdJpCATZjWPhXmShOw62gkDw306vHPilL4SCvEEi4KzG72zkp6VsB
+DSRcpxCwT4mHue+duiy53/aRMtSJ+vDfiV1Vhq+3sWAck/yUtfDU9/u4eFaiNok1
+8/Gd7reyuZt5CiJnpdPpjCwelK21l2w7sHAnJF55ITXdOxI8oG3BRKufz0z5lyDY
+s2tXYmhhQIggdgelN8LbcMhWs/PBbtUr6uZlNJG2lW1yscD4aI529VjwJlCeo745
+U7pO4eF05VViUJ2mmfoivL3tkhoTUWhx8xs8xCUcCg8DoEoSIhxtOmoTPR22Z9BL
+6LCg2mg=
+=Dhm4
+-----END PGP PUBLIC KEY BLOCK-----`
+
+const goodCrossSignatureKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mI0EVUqeVwEEAMufHRrMPWK3gyvi0O0tABCs/oON9zV9KDZlr1a1M91ShCSFwCPo
+7r80PxdWVWcj0V5h50/CJYtpN3eE/mUIgW2z1uDYQF1OzrQ8ubrksfsJvpAhENom
+lTQEppv9mV8qhcM278teb7TX0pgrUHLYF5CfPdp1L957JLLXoQR/lwLVABEBAAG0
+E2dvb2Qtc2lnbmluZy1zdWJrZXmIuAQTAQIAIgUCVUqeVwIbAwYLCQgHAwIGFQgC
+CQoLBBYCAwECHgECF4AACgkQNRjL95IRWP69XQQAlH6+eyXJN4DZTLX78KGjHrsw
+6FCvxxClEPtPUjcJy/1KCRQmtLAt9PbbA78dvgzjDeZMZqRAwdjyJhjyg/fkU2OH
+7wq4ktjUu+dLcOBb+BFMEY+YjKZhf6EJuVfxoTVr5f82XNPbYHfTho9/OABKH6kv
+X70PaKZhbwnwij8Nts65AaIEVUqftREEAJ3WxZfqAX0bTDbQPf2CMT2IVMGDfhK7
+GyubOZgDFFjwUJQvHNvsrbeGLZ0xOBumLINyPO1amIfTgJNm1iiWFWfmnHReGcDl
+y5mpYG60Mb79Whdcer7CMm3AqYh/dW4g6IB02NwZMKoUHo3PXmFLxMKXnWyJ0clw
+R0LI/Qn509yXAKDh1SO20rqrBM+EAP2c5bfI98kyNwQAi3buu94qo3RR1ZbvfxgW
+CKXDVm6N99jdZGNK7FbRifXqzJJDLcXZKLnstnC4Sd3uyfyf1uFhmDLIQRryn5m+
+LBYHfDBPN3kdm7bsZDDq9GbTHiFZUfm/tChVKXWxkhpAmHhU/tH6GGzNSMXuIWSO
+aOz3Rqq0ED4NXyNKjdF9MiwD/i83S0ZBc0LmJYt4Z10jtH2B6tYdqnAK29uQaadx
+yZCX2scE09UIm32/w7pV77CKr1Cp/4OzAXS1tmFzQ+bX7DR+Gl8t4wxr57VeEMvl
+BGw4Vjh3X8//m3xynxycQU18Q1zJ6PkiMyPw2owZ/nss3hpSRKFJsxMLhW3fKmKr
+Ey2KiOcEGAECAAkFAlVKn7UCGwIAUgkQNRjL95IRWP5HIAQZEQIABgUCVUqftQAK
+CRD98VjDN10SqkWrAKDTpEY8D8HC02E/KVC5YUI01B30wgCgurpILm20kXEDCeHp
+C5pygfXw1DJrhAP+NyPJ4um/bU1I+rXaHHJYroYJs8YSweiNcwiHDQn0Engh/mVZ
+SqLHvbKh2dL/RXymC3+rjPvQf5cup9bPxNMa6WagdYBNAfzWGtkVISeaQW+cTEp/
+MtgVijRGXR/lGLGETPg2X3Afwn9N9bLMBkBprKgbBqU7lpaoPupxT61bL70=
+=vtbN
+-----END PGP PUBLIC KEY BLOCK-----`
+
+const revokedUserIDKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFsgO5EBCADhREPmcjsPkXe1z7ctvyWL0S7oa9JaoGZ9oPDHFDlQxd0qlX2e
+DZJZDg0qYvVixmaULIulApq1puEsaJCn3lHUbHlb4PYKwLEywYXM28JN91KtLsz/
+uaEX2KC5WqeP40utmzkNLq+oRX/xnRMgwbO7yUNVG2UlEa6eI+xOXO3YtLdmJMBW
+ClQ066ZnOIzEo1JxnIwha1CDBMWLLfOLrg6l8InUqaXbtEBbnaIYO6fXVXELUjkx
+nmk7t/QOk0tXCy8muH9UDqJkwDUESY2l79XwBAcx9riX8vY7vwC34pm22fAUVLCJ
+x1SJx0J8bkeNp38jKM2Zd9SUQqSbfBopQ4pPABEBAAG0I0dvbGFuZyBHb3BoZXIg
+PG5vLXJlcGx5QGdvbGFuZy5jb20+iQFUBBMBCgA+FiEE5Ik5JLcNx6l6rZfw1oFy
+9I6cUoMFAlsgO5ECGwMFCQPCZwAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ
+1oFy9I6cUoMIkwf8DNPeD23i4jRwd/pylbvxwZintZl1fSwTJW1xcOa1emXaEtX2
+depuqhP04fjlRQGfsYAQh7X9jOJxAHjTmhqFBi5sD7QvKU00cPFYbJ/JTx0B41bl
+aXnSbGhRPh63QtEZL7ACAs+shwvvojJqysx7kyVRu0EW2wqjXdHwR/SJO6nhNBa2
+DXzSiOU/SUA42mmG+5kjF8Aabq9wPwT9wjraHShEweNerNMmOqJExBOy3yFeyDpa
+XwEZFzBfOKoxFNkIaVf5GSdIUGhFECkGvBMB935khftmgR8APxdU4BE7XrXexFJU
+8RCuPXonm4WQOwTWR0vQg64pb2WKAzZ8HhwTGbQiR29sYW5nIEdvcGhlciA8cmV2
+b2tlZEBnb2xhbmcuY29tPokBNgQwAQoAIBYhBOSJOSS3Dcepeq2X8NaBcvSOnFKD
+BQJbIDv3Ah0AAAoJENaBcvSOnFKDfWMIAKhI/Tvu3h8fSUxp/gSAcduT6bC1JttG
+0lYQ5ilKB/58lBUA5CO3ZrKDKlzW3M8VEcvohVaqeTMKeoQd5rCZq8KxHn/KvN6N
+s85REfXfniCKfAbnGgVXX3kDmZ1g63pkxrFu0fDZjVDXC6vy+I0sGyI/Inro0Pzb
+tvn0QCsxjapKK15BtmSrpgHgzVqVg0cUp8vqZeKFxarYbYB2idtGRci4b9tObOK0
+BSTVFy26+I/mrFGaPrySYiy2Kz5NMEcRhjmTxJ8jSwEr2O2sUR0yjbgUAXbTxDVE
+/jg5fQZ1ACvBRQnB7LvMHcInbzjyeTM3FazkkSYQD6b97+dkWwb1iWG5AQ0EWyA7
+kQEIALkg04REDZo1JgdYV4x8HJKFS4xAYWbIva1ZPqvDNmZRUbQZR2+gpJGEwn7z
+VofGvnOYiGW56AS5j31SFf5kro1+1bZQ5iOONBng08OOo58/l1hRseIIVGB5TGSa
+PCdChKKHreJI6hS3mShxH6hdfFtiZuB45rwoaArMMsYcjaezLwKeLc396cpUwwcZ
+snLUNd1Xu5EWEF2OdFkZ2a1qYdxBvAYdQf4+1Nr+NRIx1u1NS9c8jp3PuMOkrQEi
+bNtc1v6v0Jy52mKLG4y7mC/erIkvkQBYJdxPaP7LZVaPYc3/xskcyijrJ/5ufoD8
+K71/ShtsZUXSQn9jlRaYR0EbojMAEQEAAYkBPAQYAQoAJhYhBOSJOSS3Dcepeq2X
+8NaBcvSOnFKDBQJbIDuRAhsMBQkDwmcAAAoJENaBcvSOnFKDkFMIAIt64bVZ8x7+
+TitH1bR4pgcNkaKmgKoZz6FXu80+SnbuEt2NnDyf1cLOSimSTILpwLIuv9Uft5Pb
+OraQbYt3xi9yrqdKqGLv80bxqK0NuryNkvh9yyx5WoG1iKqMj9/FjGghuPrRaT4l
+QinNAghGVkEy1+aXGFrG2DsOC1FFI51CC2WVTzZ5RwR2GpiNRfESsU1rZAUqf/2V
+yJl9bD5R4SUNy8oQmhOxi+gbhD4Ao34e4W0ilibslI/uawvCiOwlu5NGd8zv5n+U
+heiQvzkApQup5c+BhH5zFDFdKJ2CBByxw9+7QjMFI/wgLixKuE0Ob2kAokXf7RlB
+7qTZOahrETw=
+=IKnw
+-----END PGP PUBLIC KEY BLOCK-----`
+
+const keyWithFirstUserIDRevoked = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: OpenPGP.js v4.10.10
+Comment: https://openpgpjs.org
+
+xsBNBFsgO5EBCADhREPmcjsPkXe1z7ctvyWL0S7oa9JaoGZ9oPDHFDlQxd0q
+lX2eDZJZDg0qYvVixmaULIulApq1puEsaJCn3lHUbHlb4PYKwLEywYXM28JN
+91KtLsz/uaEX2KC5WqeP40utmzkNLq+oRX/xnRMgwbO7yUNVG2UlEa6eI+xO
+XO3YtLdmJMBWClQ066ZnOIzEo1JxnIwha1CDBMWLLfOLrg6l8InUqaXbtEBb
+naIYO6fXVXELUjkxnmk7t/QOk0tXCy8muH9UDqJkwDUESY2l79XwBAcx9riX
+8vY7vwC34pm22fAUVLCJx1SJx0J8bkeNp38jKM2Zd9SUQqSbfBopQ4pPABEB
+AAHNIkdvbGFuZyBHb3BoZXIgPHJldm9rZWRAZ29sYW5nLmNvbT7CwI0EMAEK
+ACAWIQTkiTkktw3HqXqtl/DWgXL0jpxSgwUCWyA79wIdAAAhCRDWgXL0jpxS
+gxYhBOSJOSS3Dcepeq2X8NaBcvSOnFKDfWMIAKhI/Tvu3h8fSUxp/gSAcduT
+6bC1JttG0lYQ5ilKB/58lBUA5CO3ZrKDKlzW3M8VEcvohVaqeTMKeoQd5rCZ
+q8KxHn/KvN6Ns85REfXfniCKfAbnGgVXX3kDmZ1g63pkxrFu0fDZjVDXC6vy
++I0sGyI/Inro0Pzbtvn0QCsxjapKK15BtmSrpgHgzVqVg0cUp8vqZeKFxarY
+bYB2idtGRci4b9tObOK0BSTVFy26+I/mrFGaPrySYiy2Kz5NMEcRhjmTxJ8j
+SwEr2O2sUR0yjbgUAXbTxDVE/jg5fQZ1ACvBRQnB7LvMHcInbzjyeTM3Fazk
+kSYQD6b97+dkWwb1iWHNI0dvbGFuZyBHb3BoZXIgPG5vLXJlcGx5QGdvbGFu
+Zy5jb20+wsCrBBMBCgA+FiEE5Ik5JLcNx6l6rZfw1oFy9I6cUoMFAlsgO5EC
+GwMFCQPCZwAFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AAIQkQ1oFy9I6cUoMW
+IQTkiTkktw3HqXqtl/DWgXL0jpxSgwiTB/wM094PbeLiNHB3+nKVu/HBmKe1
+mXV9LBMlbXFw5rV6ZdoS1fZ16m6qE/Th+OVFAZ+xgBCHtf2M4nEAeNOaGoUG
+LmwPtC8pTTRw8Vhsn8lPHQHjVuVpedJsaFE+HrdC0RkvsAICz6yHC++iMmrK
+zHuTJVG7QRbbCqNd0fBH9Ik7qeE0FrYNfNKI5T9JQDjaaYb7mSMXwBpur3A/
+BP3COtodKETB416s0yY6okTEE7LfIV7IOlpfARkXMF84qjEU2QhpV/kZJ0hQ
+aEUQKQa8EwH3fmSF+2aBHwA/F1TgETtetd7EUlTxEK49eiebhZA7BNZHS9CD
+rilvZYoDNnweHBMZzsBNBFsgO5EBCAC5INOERA2aNSYHWFeMfByShUuMQGFm
+yL2tWT6rwzZmUVG0GUdvoKSRhMJ+81aHxr5zmIhluegEuY99UhX+ZK6NftW2
+UOYjjjQZ4NPDjqOfP5dYUbHiCFRgeUxkmjwnQoSih63iSOoUt5kocR+oXXxb
+YmbgeOa8KGgKzDLGHI2nsy8Cni3N/enKVMMHGbJy1DXdV7uRFhBdjnRZGdmt
+amHcQbwGHUH+PtTa/jUSMdbtTUvXPI6dz7jDpK0BImzbXNb+r9CcudpiixuM
+u5gv3qyJL5EAWCXcT2j+y2VWj2HN/8bJHMoo6yf+bn6A/Cu9f0obbGVF0kJ/
+Y5UWmEdBG6IzABEBAAHCwJMEGAEKACYWIQTkiTkktw3HqXqtl/DWgXL0jpxS
+gwUCWyA7kQIbDAUJA8JnAAAhCRDWgXL0jpxSgxYhBOSJOSS3Dcepeq2X8NaB
+cvSOnFKDkFMIAIt64bVZ8x7+TitH1bR4pgcNkaKmgKoZz6FXu80+SnbuEt2N
+nDyf1cLOSimSTILpwLIuv9Uft5PbOraQbYt3xi9yrqdKqGLv80bxqK0NuryN
+kvh9yyx5WoG1iKqMj9/FjGghuPrRaT4lQinNAghGVkEy1+aXGFrG2DsOC1FF
+I51CC2WVTzZ5RwR2GpiNRfESsU1rZAUqf/2VyJl9bD5R4SUNy8oQmhOxi+gb
+hD4Ao34e4W0ilibslI/uawvCiOwlu5NGd8zv5n+UheiQvzkApQup5c+BhH5z
+FDFdKJ2CBByxw9+7QjMFI/wgLixKuE0Ob2kAokXf7RlB7qTZOahrETw=
+=+2T8
+-----END PGP PUBLIC KEY BLOCK-----
+`
+
+const keyWithOnlyUserIDRevoked = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYYwB7RYJKwYBBAHaRw8BAQdARimqhPPzyGAXmfQJjcqM1QVPzLtURJSzNVll
+JV4tEaW0KVJldm9rZWQgUHJpbWFyeSBVc2VyIElEIDxyZXZva2VkQGtleS5jb20+
+iHgEMBYIACAWIQSpyJZAXYqVEFkjyKutFcS0yeB0LQUCYYwCtgIdAAAKCRCtFcS0
+yeB0LbSsAQD8OYMaaBjrdzzpwIkP1stgmPd4/kzN/ZG28Ywl6a5F5QEA5Xg7aq4e
+/t6Fsb4F5iqB956kSPe6YJrikobD/tBbMwSIkAQTFggAOBYhBKnIlkBdipUQWSPI
+q60VxLTJ4HQtBQJhjAHtAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEK0V
+xLTJ4HQtBaoBAPZL7luTCji+Tqhn7XNfFE/0QIahCt8k9wfO1cGlB3inAQDf8Tzw
+ZGR5fNluUcNoVxQT7bUSFStbaGo3k0BaOYPbCLg4BGGMAe0SCisGAQQBl1UBBQEB
+B0DLwSpveSrbIO/IVZD13yrs1XuB3FURZUnafGrRq7+jUAMBCAeIeAQYFggAIBYh
+BKnIlkBdipUQWSPIq60VxLTJ4HQtBQJhjAHtAhsMAAoJEK0VxLTJ4HQtZ1oA/j9u
+8+p3xTNzsmabTL6BkNbMeB/RUKCrlm6woM6AV+vxAQCcXTn3JC2sNoNrLoXuVzaA
+mcG3/TwG5GSQUUPkrDsGDA==
+=mFWy
+-----END PGP PUBLIC KEY BLOCK-----
+`
+
+const keyWithSubKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mI0EWyKwKQEEALwXhKBnyaaNFeK3ljfc/qn9X/QFw+28EUfgZPHjRmHubuXLE2uR
+s3ZoSXY2z7Dkv+NyHYMt8p+X8q5fR7JvUjK2XbPyKoiJVnHINll83yl67DaWfKNL
+EjNoO0kIfbXfCkZ7EG6DL+iKtuxniGTcnGT47e+HJSqb/STpLMnWwXjBABEBAAG0
+I0dvbGFuZyBHb3BoZXIgPG5vLXJlcGx5QGdvbGFuZy5jb20+iM4EEwEKADgWIQQ/
+lRafP/p9PytHbwxMvYJsOQdOOAUCWyKwKQIbAwULCQgHAwUVCgkICwUWAgMBAAIe
+AQIXgAAKCRBMvYJsOQdOOOsFBAC62mXww8XuqvYLcVOvHkWLT6mhxrQOJXnlfpn7
+2uBV9CMhoG/Ycd43NONsJrB95Apr9TDIqWnVszNbqPCuBhZQSGLdbiDKjxnCWBk0
+69qv4RNtkpOhYB7jK4s8F5oQZqId6JasT/PmJTH92mhBYhhTQr0GYFuPX2UJdkw9
+Sn9C67iNBFsisDUBBAC3A+Yo9lgCnxi/pfskyLrweYif6kIXWLAtLTsM6g/6jt7b
+wTrknuCPyTv0QKGXsAEe/cK/Xq3HvX9WfXPGIHc/X56ZIsHQ+RLowbZV/Lhok1IW
+FAuQm8axr/by80cRwFnzhfPc/ukkAq2Qyj4hLsGblu6mxeAhzcp8aqmWOO2H9QAR
+AQABiLYEKAEKACAWIQQ/lRafP/p9PytHbwxMvYJsOQdOOAUCWyK16gIdAAAKCRBM
+vYJsOQdOOB1vA/4u4uLONsE+2GVOyBsHyy7uTdkuxaR9b54A/cz6jT/tzUbeIzgx
+22neWhgvIEghnUZd0vEyK9k1wy5vbDlEo6nKzHso32N1QExGr5upRERAxweDxGOj
+7luDwNypI7QcifE64lS/JmlnunwRCdRWMKc0Fp+7jtRc5mpwyHN/Suf5RokBagQY
+AQoAIBYhBD+VFp8/+n0/K0dvDEy9gmw5B044BQJbIrA1AhsCAL8JEEy9gmw5B044
+tCAEGQEKAB0WIQSNdnkaWY6t62iX336UXbGvYdhXJwUCWyKwNQAKCRCUXbGvYdhX
+JxJSA/9fCPHP6sUtGF1o3G1a3yvOUDGr1JWcct9U+QpbCt1mZoNopCNDDQAJvDWl
+mvDgHfuogmgNJRjOMznvahbF+wpTXmB7LS0SK412gJzl1fFIpK4bgnhu0TwxNsO1
+8UkCZWqxRMgcNUn9z6XWONK8dgt5JNvHSHrwF4CxxwjL23AAtK+FA/UUoi3U4kbC
+0XnSr1Sl+mrzQi1+H7xyMe7zjqe+gGANtskqexHzwWPUJCPZ5qpIa2l8ghiUim6b
+4ymJ+N8/T8Yva1FaPEqfMzzqJr8McYFm0URioXJPvOAlRxdHPteZ0qUopt/Jawxl
+Xt6B9h1YpeLoJwjwsvbi98UTRs0jXwoY
+=3fWu
+-----END PGP PUBLIC KEY BLOCK-----`
+
+const keyWithSubKeyAndBadSelfSigOrder = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mI0EWyLLDQEEAOqIOpJ/ha1OYAGduu9tS3rBz5vyjbNgJO4sFveEM0mgsHQ0X9/L
+plonW+d0gRoO1dhJ8QICjDAc6+cna1DE3tEb5m6JtQ30teLZuqrR398Cf6w7NNVz
+r3lrlmnH9JaKRuXl7tZciwyovneBfZVCdtsRZjaLI1uMQCz/BToiYe3DABEBAAG0
+I0dvbGFuZyBHb3BoZXIgPG5vLXJlcGx5QGdvbGFuZy5jb20+iM4EEwEKADgWIQRZ
+sixZOfQcZdW0wUqmgmdsv1O9xgUCWyLLDQIbAwULCQgHAwUVCgkICwUWAgMBAAIe
+AQIXgAAKCRCmgmdsv1O9xql2A/4pix98NxjhdsXtazA9agpAKeADf9tG4Za27Gj+
+3DCww/E4iP2X35jZimSm/30QRB6j08uGCqd9vXkkJxtOt63y/IpVOtWX6vMWSTUm
+k8xKkaYMP0/IzKNJ1qC/qYEUYpwERBKg9Z+k99E2Ql4kRHdxXUHq6OzY79H18Y+s
+GdeM/riNBFsiyxsBBAC54Pxg/8ZWaZX1phGdwfe5mek27SOYpC0AxIDCSOdMeQ6G
+HPk38pywl1d+S+KmF/F4Tdi+kWro62O4eG2uc/T8JQuRDUhSjX0Qa51gPzJrUOVT
+CFyUkiZ/3ZDhtXkgfuso8ua2ChBgR9Ngr4v43tSqa9y6AK7v0qjxD1x+xMrjXQAR
+AQABiQFxBBgBCgAmAhsCFiEEWbIsWTn0HGXVtMFKpoJnbL9TvcYFAlsizTIFCQAN
+MRcAv7QgBBkBCgAdFiEEJcoVUVJIk5RWj1c/o62jUpRPICQFAlsiyxsACgkQo62j
+UpRPICQq5gQApoWIigZxXFoM0uw4uJBS5JFZtirTANvirZV5RhndwHeMN6JttaBS
+YnjyA4+n1D+zB2VqliD2QrsX12KJN6rGOehCtEIClQ1Hodo9nC6kMzzAwW1O8bZs
+nRJmXV+bsvD4sidLZLjdwOVa3Cxh6pvq4Uur6a7/UYx121hEY0Qx0s8JEKaCZ2y/
+U73GGi0D/i20VW8AWYAPACm2zMlzExKTOAV01YTQH/3vW0WLrOse53WcIVZga6es
+HuO4So0SOEAvxKMe5HpRIu2dJxTvd99Bo9xk9xJU0AoFrO0vNCRnL+5y68xMlODK
+lEw5/kl0jeaTBp6xX0HDQOEVOpPGUwWV4Ij2EnvfNDXaE1vK1kffiQFrBBgBCgAg
+AhsCFiEEWbIsWTn0HGXVtMFKpoJnbL9TvcYFAlsi0AYAv7QgBBkBCgAdFiEEJcoV
+UVJIk5RWj1c/o62jUpRPICQFAlsiyxsACgkQo62jUpRPICQq5gQApoWIigZxXFoM
+0uw4uJBS5JFZtirTANvirZV5RhndwHeMN6JttaBSYnjyA4+n1D+zB2VqliD2QrsX
+12KJN6rGOehCtEIClQ1Hodo9nC6kMzzAwW1O8bZsnRJmXV+bsvD4sidLZLjdwOVa
+3Cxh6pvq4Uur6a7/UYx121hEY0Qx0s8JEKaCZ2y/U73GRl0EAJokkXmy4zKDHWWi
+wvK9gi2gQgRkVnu2AiONxJb5vjeLhM/07BRmH6K1o+w3fOeEQp4FjXj1eQ5fPSM6
+Hhwx2CTl9SDnPSBMiKXsEFRkmwQ2AAsQZLmQZvKBkLZYeBiwf+IY621eYDhZfo+G
+1dh1WoUCyREZsJQg2YoIpWIcvw+a
+=bNRo
+-----END PGP PUBLIC KEY BLOCK-----
+`
+
+const onlySubkeyNoPrivateKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1
+
+lQCVBFggvocBBAC7vBsHn7MKmS6IiiZNTXdciplVgS9cqVd+RTdIAoyNTcsiV1H0
+GQ3QtodOPeDlQDNoqinqaobd7R9g3m3hS53Nor7yBZkCWQ5x9v9JxRtoAq0sklh1
+I1X2zEqZk2l6YrfBF/64zWrhjnW3j23szkrAIVu0faQXbQ4z56tmZrw11wARAQAB
+/gdlAkdOVQG0CUdOVSBEdW1teYi4BBMBAgAiBQJYIL6HAhsDBgsJCAcDAgYVCAIJ
+CgsEFgIDAQIeAQIXgAAKCRCd1xxWp1CYAnjGA/9synn6ZXJUKAXQzySgmCZvCIbl
+rqBfEpxwLG4Q/lONhm5vthAE0z49I8hj5Gc5e2tLYUtq0o0OCRdCrYHa/efOYWpJ
+6RsK99bePOisVzmOABLIgZkcr022kHoMCmkPgv9CUGKP1yqbGl+zzAwQfUjRUmvD
+ZIcWLHi2ge4GzPMPi50B2ARYIL6cAQQAxWHnicKejAFcFcF1/3gUSgSH7eiwuBPX
+M7vDdgGzlve1o1jbV4tzrjN9jsCl6r0nJPDMfBSzgLr1auNTRG6HpJ4abcOx86ED
+Ad+avDcQPZb7z3dPhH/gb2lQejZsHh7bbeOS8WMSzHV3RqCLd8J/xwWPNR5zKn1f
+yp4IGfopidMAEQEAAQAD+wQOelnR82+dxyM2IFmZdOB9wSXQeCVOvxSaNMh6Y3lk
+UOOkO8Nlic4x0ungQRvjoRs4wBmCuwFK/MII6jKui0B7dn/NDf51i7rGdNGuJXDH
+e676By1sEY/NGkc74jr74T+5GWNU64W0vkpfgVmjSAzsUtpmhJMXsc7beBhJdnVl
+AgDKCb8hZqj1alcdmLoNvb7ibA3K/V8J462CPD7bMySPBa/uayoFhNxibpoXml2r
+oOtHa5izF3b0/9JY97F6rqkdAgD6GdTJ+xmlCoz1Sewoif1I6krq6xoa7gOYpIXo
+UL1Afr+LiJeyAnF/M34j/kjIVmPanZJjry0kkjHE5ILjH3uvAf4/6n9np+Th8ujS
+YDCIzKwR7639+H+qccOaddCep8Y6KGUMVdD/vTKEx1rMtK+hK/CDkkkxnFslifMJ
+kqoqv3WUqCWJAT0EGAECAAkFAlggvpwCGwIAqAkQndccVqdQmAKdIAQZAQIABgUC
+WCC+nAAKCRDmGUholQPwvQk+A/9latnSsR5s5/1A9TFki11GzSEnfLbx46FYOdkW
+n3YBxZoPQGxNA1vIn8GmouxZInw9CF4jdOJxEdzLlYQJ9YLTLtN5tQEMl/19/bR8
+/qLacAZ9IOezYRWxxZsyn6//jfl7A0Y+FV59d4YajKkEfItcIIlgVBSW6T+TNQT3
+R+EH5HJ/A/4/AN0CmBhhE2vGzTnVU0VPrE4V64pjn1rufFdclgpixNZCuuqpKpoE
+VVHn6mnBf4njKjZrAGPs5kfQ+H4NsM7v3Zz4yV6deu9FZc4O6E+V1WJ38rO8eBix
+7G2jko106CC6vtxsCPVIzY7aaG3H5pjRtomw+pX7SzrQ7FUg2PGumg==
+=F/T0
+-----END PGP PRIVATE KEY BLOCK-----`
+
+const ecdsaPrivateKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+xaUEX1KsSRMIKoZIzj0DAQcCAwTpYqJsnJiFhKKh+8TulWD+lVmerBFNS+Ii
+B+nlG3T0xQQ4Sy5eIjJ0CExIQQzi3EElF/Z2l4F3WC5taFA11NgA/gkDCHSS
+PThf1M2K4LN8F1MRcvR+sb7i0nH55ojkwuVB1DE6jqIT9m9i+mX1tzjSAS+6
+lPQiweCJvG7xTC7Hs3AzRapf/r1At4TB+v+5G2/CKynNFEJpbGwgPGJpbGxA
+aG9tZS5jb20+wncEEBMIAB8FAl9SrEkGCwkHCAMCBBUICgIDFgIBAhkBAhsD
+Ah4BAAoJEMpwT3+q3+xqw5UBAMebZN9isEZ1ML+R/jWAAWMwa/knMugrEZ1v
+Bl9+ZwM0AQCZdf80/wYY4Nve01qSRFv8OmKswLli3TvDv6FKc4cLz8epBF9S
+rEkSCCqGSM49AwEHAgMEAjKnT9b5wY2bf9TpAV3d7OUfPOxKj9c4VzeVzSrH
+AtQgo/MuI1cdYVURicV4i76DNjFhQHQFTk7BrC+C2u1yqQMBCAf+CQMIHImA
+iYfzQtjgQWSFZYUkCFpbbwhNF0ch+3HNaZkaHCnZRIsWsRnc6FCb6lRQyK9+
+Dq59kHlduE5QgY40894jfmP2JdJHU6nBdYrivbEdbMJhBBgTCAAJBQJfUqxJ
+AhsMAAoJEMpwT3+q3+xqUI0BAMykhV08kQ4Ip9Qlbss6Jdufv7YrU0Vd5hou
+b5TmiPd0APoDBh3qIic+aLLUcAuG3+Gt1P1AbUlmqV61ozn1WfHxfw==
+=KLN8
+-----END PGP PRIVATE KEY BLOCK-----`
+
+const dsaPrivateKeyWithElGamalSubkey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQOBBF9/MLsRCACeaF6BI0jTgDAs86t8/kXPfwlPvR2MCYzB0BCqAdcq1hV/GTYd
+oNmJRna/ZJfsI/vf+d8Nv+EYOQkPheFS1MJVBitkAXjQPgm8i1tQWen1FCWZxqGk
+/vwZYF4yo8GhZ+Wxi3w09W9Cp9QM/CTmyE1Xe7wpPBGe+oD+me8Zxjyt8JBS4Qx+
+gvWbfHxfHnggh4pz7U8QkItlLsBNQEdX4R5+zwRN66g2ZSX/shaa/EkVnihUhD7r
+njP9I51ORWucTQD6OvgooaNQZCkQ/Se9TzdakwWKS2XSIFXiY/e2E5ZgKI/pfKDU
+iA/KessxddPb7nP/05OIJqg9AoDrD4vmehLzAQD+zsUS3LDU1m9/cG4LMsQbT2VK
+Te4HqbGIAle+eu/asQf8DDJMrbZpiJZvADum9j0TJ0oep6VdMbzo9RSDKvlLKT9m
+kG63H8oDWnCZm1a+HmGq9YIX+JHWmsLXXsFLeEouLzHO+mZo0X28eji3V2T87hyR
+MmUM0wFo4k7jK8uVmkDXv3XwNp2uByWxUKZd7EnWmcEZWqIiexJ7XpCS0Pg3tRaI
+zxve0SRe/dxfUPnTk/9KQ9hS6DWroBKquL182zx1Fggh4LIWWE2zq+UYn8BI0E8A
+rmIDFJdF8ymFQGRrEy6g79NnkPmkrZWsgMRYY65P6v4zLVmqohJKkpm3/Uxa6QAP
+CCoPh/JTOvPeCP2bOJH8z4Z9Py3ouMIjofQW8sXqRgf/RIHbh0KsINHrwwZ4gVIr
+MK3RofpaYxw1ztPIWb4cMWoWZHH1Pxh7ggTGSBpAhKXkiWw2Rxat8QF5aA7e962c
+bLvVv8dqsPrD/RnVJHag89cbPTzjn7gY9elE8EM8ithV3oQkwHTr4avYlpDZsgNd
+hUW3YgRwGo31tdzxoG04AcpV2t+07P8XMPr9hsfWs4rHohXPi38Hseu1Ji+dBoWQ
+3+1w/HH3o55s+jy4Ruaz78AIrjbmAJq+6rA2mIcCgrhw3DnzuwQAKeBvSeqn9zfS
+ZC812osMBVmkycwelpaIh64WZ0vWL3GvdXDctV2kXM+qVpDTLEny0LuiXxrwCKQL
+Ev4HAwK9uQBcreDEEud7pfRb8EYP5lzO2ZA7RaIvje6EWAGBvJGMRT0QQE5SGqc7
+Fw5geigBdt+vVyRuNNhg3c2fdn/OBQaYu0J/8AiOogG8EaM8tCFlbGdhbWFsQGRz
+YS5jb20gPGVsZ2FtYWxAZHNhLmNvbT6IkAQTEQgAOBYhBI+gnfiHQxB35/Dp0XAQ
+aE/rsWC5BQJffzC7AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEHAQaE/r
+sWC5A4EA/0GcJmyPtN+Klc7b9sVT3JgKTRnB/URxOJfYJofP0hZLAQCkqyMO+adV
+JvbgDH0zaITQWZSSXPqpgMpCA6juTrDsd50CawRffzC7EAgAxFFFSAAEQzWTgKU5
+EBtpxxoPzHqcChawTHRxHxjcELXzmUBS5PzfA1HXSPnNqK/x3Ut5ycC3CsW41Fnt
+Gm3706Wu9VFbFZVn55F9lPiplUo61n5pqMvOr1gmuQsdXiTa0t5FRa4TZ2VSiHFw
+vdAVSPTUsT4ZxJ1rPyFYRtq1n3pQcvdZowd07r0JnzTMjLLMFYCKhwIowoOC4zqJ
+iB8enjwOlpaqBATRm9xpVF7SJkroPF6/B1vdhj7E3c1aJyHlo0PYBAg756sSHWHg
+UuLyUQ4TA0hcCVenn/L/aSY2LnbdZB1EBhlYjA7dTCgwIqsQhfQmPkjz6g64A7+Y
+HbbrLwADBQgAk14QIEQ+J/VHetpQV/jt2pNsFK1kVK7mXK0spTExaC2yj2sXlHjL
+Ie3bO5T/KqmIaBEB5db5fA5xK9cZt79qrQHDKsEqUetUeMUWLBx77zBsus3grIgy
+bwDZKseRzQ715pwxquxQlScGoDIBKEh08HpwHkq140eIj3w+MAIfndaZaSCNaxaP
+Snky7BQmJ7Wc7qrIwoQP6yrnUqyW2yNi81nJYUhxjChqaFSlwzLs/iNGryBKo0ic
+BqVIRjikKHBlwBng6WyrltQo/Vt9GG8w+lqaAVXbJRlaBZJUR+2NKi/YhP3qQse3
+v8fi4kns0gh5LK+2C01RvdX4T49QSExuIf4HAwLJqYIGwadA2uem5v7/765ZtFWV
+oL0iZ0ueTJDby4wTFDpLVzzDi/uVcB0ZRFrGOp7w6OYcNYTtV8n3xmli2Q5Trw0c
+wZVzvg+ABKWiv7faBjMczIFF8y6WZKOIeAQYEQgAIBYhBI+gnfiHQxB35/Dp0XAQ
+aE/rsWC5BQJffzC7AhsMAAoJEHAQaE/rsWC5ZmIA/jhS4r4lClbvjuPWt0Yqdn7R
+fss2SPMYvMrrDh42aE0OAQD8xn4G6CN8UtW9xihXOY6FpxiJ/sMc2VaneeUd34oa
+4g==
+=XZm8
+-----END PGP PRIVATE KEY BLOCK-----`
+
+// https://tests.sequoia-pgp.org/#Certificate_expiration
+// P _ U p
+const expiringPrimaryUIDKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv
+/seOXpgecTdOcVttfzC8ycIKrt3aQTiwOG/ctaR4Bk/t6ayNFfdUNxHWk4WCKzdz
+/56fW2O0F23qIRd8UUJp5IIlN4RDdRCtdhVQIAuzvp2oVy/LaS2kxQoKvph/5pQ/
+5whqsyroEWDJoSV0yOb25B/iwk/pLUFoyhDG9bj0kIzDxrEqW+7Ba8nocQlecMF3
+X5KMN5kp2zraLv9dlBBpWW43XktjcCZgMy20SouraVma8Je/ECwUWYUiAZxLIlMv
+9CurEOtxUw6N3RdOtLmYZS9uEnn5y1UkF88o8Nku890uk6BrewFzJyLAx5wRZ4F0
+qV/yq36UWQ0JB/AUGhHVPdFf6pl6eaxBwT5GXvbBUibtf8YI2og5RsgTWtXfU7eb
+SGXrl5ZMpbA6mbfhd0R8aPxWfmDWiIOhBufhMCvUHh1sApMKVZnvIff9/0Dca3wb
+vLIwa3T4CyshfT0AEQEAAc0hQm9iIEJhYmJhZ2UgPGJvYkBvcGVucGdwLmV4YW1w
+bGU+wsFcBBMBCgCQBYJhesp/BYkEWQPJBQsJCAcCCRD7/MgqAV5zMEcUAAAAAAAe
+ACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmeEOQlNyTLFkc9I/elp+BpY
+495V7KatqtDmsyDr+zDAdwYVCgkICwIEFgIDAQIXgAIbAwIeARYhBNGmbhojsYLJ
+mA94jPv8yCoBXnMwAABSCQv/av8hKyynMtXVKFuWOGJw0mR8auDm84WdhMFRZg8t
+yTJ1L88+Ny4WUAFeqo2j7DU2yPGrm5rmuvzlEedFYFeOWt+A4adz+oumgRd0nsgG
+Lf3QYUWQhLWVlz+H7zubgKqSB2A2RqV65S7mTTVro42nb2Mng6rvGWiqeKG5nrXN
+/01p1mIBQGR/KnZSqYLzA2Pw2PiJoSkXT26PDz/kiEMXpjKMR6sicV4bKVlEdUvm
+pIImIPBHZq1EsKXEyWtWC41w/pc+FofGE+uSFs2aef1vvEHFkj3BHSK8gRcH3kfR
+eFroTET8C2q9V1AOELWm+Ys6PzGzF72URK1MKXlThuL4t4LjvXWGNA78IKW+/RQH
+DzK4U0jqSO0mL6qxqVS5Ij6jjL6OTrVEGdtDf5n0vI8tcUTBKtVqYAYk+t2YGT05
+ayxALtb7viVKo8f10WEcCuKshn0gdsEFMRZQzJ89uQIY3R3FbsdRCaE6OEaDgKMQ
+UTFROyfhthgzRKbRxfcplMUCzsDNBF2lnPIBDADWML9cbGMrp12CtF9b2P6z9TTT
+74S8iyBOzaSvdGDQY/sUtZXRg21HWamXnn9sSXvIDEINOQ6A9QxdxoqWdCHrOuW3
+ofneYXoG+zeKc4dC86wa1TR2q9vW+RMXSO4uImA+Uzula/6k1DogDf28qhCxMwG/
+i/m9g1c/0aApuDyKdQ1PXsHHNlgd/Dn6rrd5y2AObaifV7wIhEJnvqgFXDN2RXGj
+LeCOHV4Q2WTYPg/S4k1nMXVDwZXrvIsA0YwIMgIT86Rafp1qKlgPNbiIlC1g9RY/
+iFaGN2b4Ir6GDohBQSfZW2+LXoPZuVE/wGlQ01rh827KVZW4lXvqsge+wtnWlszc
+selGATyzqOK9LdHPdZGzROZYI2e8c+paLNDdVPL6vdRBUnkCaEkOtl1mr2JpQi5n
+TU+gTX4IeInC7E+1a9UDF/Y85ybUz8XV8rUnR76UqVC7KidNepdHbZjjXCt8/Zo+
+Tec9JNbYNQB/e9ExmDntmlHEsSEQzFwzj8sxH48AEQEAAcLA9gQYAQoAIBYhBNGm
+bhojsYLJmA94jPv8yCoBXnMwBQJdpZzyAhsMAAoJEPv8yCoBXnMw6f8L/26C34dk
+jBffTzMj5Bdzm8MtF67OYneJ4TQMw7+41IL4rVcSKhIhk/3Ud5knaRtP2ef1+5F6
+6h9/RPQOJ5+tvBwhBAcUWSupKnUrdVaZQanYmtSxcVV2PL9+QEiNN3tzluhaWO//
+rACxJ+K/ZXQlIzwQVTpNhfGzAaMVV9zpf3u0k14itcv6alKY8+rLZvO1wIIeRZLm
+U0tZDD5HtWDvUV7rIFI1WuoLb+KZgbYn3OWjCPHVdTrdZ2CqnZbG3SXw6awH9bzR
+LV9EXkbhIMez0deCVdeo+wFFklh8/5VK2b0vk/+wqMJxfpa1lHvJLobzOP9fvrsw
+sr92MA2+k901WeISR7qEzcI0Fdg8AyFAExaEK6VyjP7SXGLwvfisw34OxuZr3qmx
+1Sufu4toH3XrB7QJN8XyqqbsGxUCBqWif9RSK4xjzRTe56iPeiSJJOIciMP9i2ld
+I+KgLycyeDvGoBj0HCLO3gVaBe4ubVrj5KjhX2PVNEJd3XZRzaXZE2aAMQ==
+=AmgT
+-----END PGP PUBLIC KEY BLOCK-----`
+
+const rsa2048PrivateKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+Comment: gpg (GnuPG) 2.2.27 with libgcrypt 1.9.4
+
+lQPGBGL07P0BCADL0etN8efyAXA6sL2WfQvHe5wEKYXPWeN2+jiqSppfeRZAOlzP
+kZ3U+cloeJriplYvVJwI3ID2aw52Z/TRn8iKRP5eOUFrEgcgl06lazLtOndK7o7p
+oBV5mLtHEirFHm6W61fNt10jzM0jx0PV6nseLhFB2J42F1cmU/aBgFo41wjLSZYr
+owR+v+O9S5sUXblQF6sEDcY01sBEu09zrIgT49VFwQ1Cvdh9XZEOTQBfdiugoj5a
+DS3fAqAka3r1VoQK4eR7/upnYSgSACGeaQ4pUelKku5rpm50gdWTY8ppq0k9e1eT
+y2x0OQcW3hWE+j4os1ca0ZEADMdqr/99MOxrABEBAAH+BwMCJWxU4VOZOJ7/I6vX
+FxdfBhIBEXlJ52FM3S/oYtXqLhkGyrtmZOeEazVvUtuCe3M3ScHI8xCthcmE8E0j
+bi+ZEHPS2NiBZtgHFF27BLn7zZuTc+oD5WKduZdK3463egnyThTqIIMl25WZBuab
+k5ycwYrWwBH0jfA4gwJ13ai4pufKC2RM8qIu6YAVPglYBKFLKGvvJHa5vI+LuA0E
+K+k35hIic7yVUcQneNnAF2598X5yWiieYnOZpmHlRw1zfbMwOJr3ZNj2v94u7b+L
+sTa/1Uv9887Vb6sJp0c2Sh4cwEccoPYkvMqFn3ZrJUr3UdDu1K2vWohPtswzhrYV
++RdPZE5RLoCQufKvlPezk0Pzhzb3bBU7XjUbdGY1nH/EyQeBNp+Gw6qldKvzcBaB
+cyOK1c6hPSszpJX93m5UxCN55IeifmcNjmbDh8vGCCdajy6d56qV2n4F3k7vt1J1
+0UlxIGhqijJoaTCX66xjLMC6VXkSz6aHQ35rnXosm/cqPcQshsZTdlfSyWkorfdr
+4Hj8viBER26mjYurTMLBKDtUN724ZrR0Ev5jorX9uoKlgl87bDZHty2Ku2S+vR68
+VAvnj6Fi1BYNclnDoqxdRB2z5T9JbWE52HuG83/QsplhEqXxESDxriTyTHMbNxEe
+88soVCDh4tgflZFa2ucUr6gEKJKij7jgahARnyaXfPZlQBUAS1YUeILYmN+VR+M/
+sHENpwDWc7TInn8VN638nJV+ScZGMih3AwWZTIoiLju3MMt1K0YZ3NuiqwGH4Jwg
+/BbEdTWeCci9y3NEQHQ3uZZ5p6j2CwFVlK11idemCMvAiTVxF+gKdaLMkeCwKxru
+J3YzhKEo+iDVYbPYBYizx/EHBn2U5kITQ5SBXzjTaaFMNZJEf9JYsL1ybPB6HOFY
+VNVB2KT8CGVwtCJHb2xhbmcgR29waGVyIDxnb2xhbmdAZXhhbXBsZS5vcmc+iQFO
+BBMBCgA4FiEEC6K7U7f4qesybTnqSkra7gHusm0FAmL07P0CGwMFCwkIBwIGFQoJ
+CAsCBBYCAwECHgECF4AACgkQSkra7gHusm1MvwgAxpClWkeSqIhMQfbiuz0+lOkE
+89y1DCFw8bHjZoUf4/4K8hFA3dGkk+q72XFgiyaCpfXxMt6Gi+dN47t+tTv9NIqC
+sukbaoJBmJDhN6+djmJOgOYy+FWsW2LAk2LOwKYulpnBZdcA5rlMAhBg7gevQpF+
+ruSU69P7UUaFJl/DC7hDmaIcj+4cjBE/HO26SnVQjoTfjZT82rDh1Wsuf8LnkJUk
+b3wezBLpXKjDvdHikdv4gdlR4AputVM38aZntYYglh/EASo5TneyZ7ZscdLNRdcF
+r5O2fKqrOJLOdaoYRFZZWOvP5GtEVFDU7WGivOSVfiszBE0wZR3dgZRJipHCXJ0D
+xgRi9Oz9AQgAtMJcJqLLVANJHl90tWuoizDkm+Imcwq2ubQAjpclnNrODnDK+7o4
+pBsWmXbZSdkC4gY+LhOQA6bPDD0JEHM58DOnrm49BddxXAyK0HPsk4sGGt2SS86B
+OawWNdfJVyqw4bAiHWDmQg4PcjBbt3ocOIxAR6I5kBSiQVxuGQs9T+Zvg3G1r3Or
+fS6DzlgY3HFUML5YsGH4lOxNSOoKAP68GIH/WNdUZ+feiRg9knIib6I3Hgtf5eO8
+JRH7aWE/TD7eNu36bLLjT5TZPq5r6xaD2plbtPOyXbNPWs9qI1yG+VnErfaLY0w8
+Qo0aqzbgID+CTZVomXSOpOcQseaFKw8ZfQARAQAB/gcDArha6+/+d4OY/w9N32K9
+hFNYt4LufTETMQ+k/sBeaMuAVzmT47DlAXzkrZhGW4dZOtXMu1rXaUwHlqkhEyzL
+L4MYEWVXfD+LbZNEK3MEFss6RK+UAMeT/PTV9aA8cXQVPcSJYzfBXHQ1U1hnOgrO
+apn92MN8RmkhX8wJLyeWTMMuP4lXByJMmmGo8WvifeRD2kFY4y0WVBDAXJAV4Ljf
+Di/bBiwoc5a+gxHuZT2W9ZSxBQJNXdt4Un2IlyZuo58s5MLx2N0EaNJ8PwRUE6fM
+RZYO8aZCEPUtINE4njbvsWOMCtrblsMPwZ1B0SiIaWmLaNyGdCNKea+fCIW7kasC
+JYMhnLumpUTXg5HNexkCsl7ABWj0PYBflOE61h8EjWpnQ7JBBVKS2ua4lMjwHRX7
+5o5yxym9k5UZNFdGoXVL7xpizCcdGawxTJvwhs3vBqu1ZWYCegOAZWDrOkCyhUpq
+8uKMROZFbn+FwE+7tjt+v2ed62FVEvD6g4V3ThCA6mQqeOARfJWN8GZY8BDm8lht
+crOXriUkrx+FlrgGtm2CkwjW5/9Xd7AhFpHnQdFeozOHyq1asNSgJF9sNi9Lz94W
+skQSVRi0IExxSXYGI3Y0nnAZUe2BAQflYPJdEveSr3sKlUqXiETTA1VXsTPK3kOC
+92CbLzj/Hz199jZvywwyu53I+GKMpF42rMq7zxr2oa61YWY4YE/GDezwwys/wLx/
+QpCW4X3ppI7wJjCSSqEV0baYZSSli1ayheS6dxi8QnSpX1Bmpz6gU7m/M9Sns+hl
+J7ZvgpjCAiV7KJTjtclr5/S02zP78LTVkoTWoz/6MOTROwaP63VBUXX8pbJhf/vu
+DLmNnDk8joMJxoDXWeNU0EnNl4hP7Z/jExRBOEO4oAnUf/Sf6gCWQhL5qcajtg6w
+tGv7vx3f2IkBNgQYAQoAIBYhBAuiu1O3+KnrMm056kpK2u4B7rJtBQJi9Oz9AhsM
+AAoJEEpK2u4B7rJt6lgIAMBWqP4BCOGnQXBbgJ0+ACVghpkFUXZTb/tXJc8UUvTM
+8uov6k/RsqDGZrvhhufD7Wwt7j9v7dD7VPp7bPyjVWyimglQzWguTUUqLDGlstYH
+5uYv1pzma0ZsAGNqFeGlTLsKOSGKFMH4rB2KfN2n51L8POvtp1y7GKZQbWIWneaB
+cZr3BINU5GMvYYU7pAYcoR+mJPdJx5Up3Ocn+bn8Tu1sy9C/ArtCQucazGnoE9u1
+HhNLrh0CdzzX7TNH6TQ8LwPOvq0K5l/WqbN9lE0WBBhMv2HydxhluO8AhU+A5GqC
+C+wET7nVDnhoOm/fstIeb7/LN7OYejKPeHdFBJEL9GA=
+=u442
+-----END PGP PRIVATE KEY BLOCK-----`
+
+const curve25519PrivateKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+Comment: gpg (GnuPG) 2.2.27 with libgcrypt 1.9.4
+
+lFgEYvTtQBYJKwYBBAHaRw8BAQdAxsNXLbrk5xOjpO24VhOMvQ0/F+JcyIkckMDH
+X3FIGxcAAQDFOlunZWYuPsCx5JLp78vKqUTfgef9TGG4oD6I/Sa0zBMstCJHb2xh
+bmcgR29waGVyIDxnb2xhbmdAZXhhbXBsZS5vcmc+iJAEExYIADgWIQSFQHEOazmo
+h1ldII4MvfnLQ4JBNwUCYvTtQAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAK
+CRAMvfnLQ4JBN5yeAQCKdry8B5ScCPrev2+UByMCss7Sdu5RhomCFsHdNPLcKAEA
+8ugei+1owHsV+3cGwWWzKk6sLa8ZN87i3SKuOGp9DQycXQRi9O1AEgorBgEEAZdV
+AQUBAQdA5CubPp8l7lrVQ25h7Hx5XN2C8xanRnnpcjzEooCaEA0DAQgHAAD/Rpc+
+sOZUXrFk9HOWB1XU41LoWbDBoG8sP8RWAVYwD5AQRYh4BBgWCAAgFiEEhUBxDms5
+qIdZXSCODL35y0OCQTcFAmL07UACGwwACgkQDL35y0OCQTcvdwEA7lb5g/YisrEf
+iq660uwMGoepLUfvtqKzuQ6heYe83y0BAN65Ffg5HYOJzUEi0kZQRf7OhdtuL2kJ
+SRXn8DmCTfEB
+=cELM
+-----END PGP PRIVATE KEY BLOCK-----`
+
+const curve448PrivateKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+Comment: C1DB 65D5 80D7 B922 7254 4B1E A699 9895 FABA CE52
+
+xYUEYV2UmRYDK2VxAc9AFyxgh5xnSbyt50TWl558mw9xdMN+/UBLr5+UMP8IsrvV
+MdXuTIE8CyaUQKSotHtH2RkYEXj5nsMAAAHPQIbTMSzjIWug8UFECzAex5FHgAgH
+gYF3RK+TS8D24wX8kOu2C/NoVxwGY+p+i0JHaB+7yljriSKAGxs6wsBEBB8WCgCD
+BYJhXZSZBYkFpI+9AwsJBwkQppmYlfq6zlJHFAAAAAAAHgAgc2FsdEBub3RhdGlv
+bnMuc2VxdW9pYS1wZ3Aub3Jn5wSpIutJ5HncJWk4ruUV8GzQF390rR5+qWEAnAoY
+akcDFQoIApsBAh4BFiEEwdtl1YDXuSJyVEseppmYlfq6zlIAALzdA5dA/fsgYg/J
+qaQriYKaPUkyHL7EB3BXhV2d1h/gk+qJLvXQuU2WEJ/XSs3GrsBRiiZwvPH4o+7b
+mleAxjy5wpS523vqrrBR2YZ5FwIku7WS4litSdn4AtVam/TlLdMNIf41CtFeZKBe
+c5R5VNdQy8y7qy8AAADNEUN1cnZlNDQ4IE9wdGlvbiA4wsBHBBMWCgCGBYJhXZSZ
+BYkFpI+9AwsJBwkQppmYlfq6zlJHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2Vx
+dW9pYS1wZ3Aub3JnD55UsYMzE6OACP+mgw5zvT+BBgol8/uFQjHg4krjUCMDFQoI
+ApkBApsBAh4BFiEEwdtl1YDXuSJyVEseppmYlfq6zlIAAPQJA5dA0Xqwzn/0uwCq
+RlsOVCB3f5NOj1exKnlBvRw0xT1VBee1yxvlUt5eIAoCxWoRlWBJob3TTkhm9AEA
+8dyhwPmyGfWHzPw5NFG3xsXrZdNXNvit9WMVAPcmsyR7teXuDlJItxRAdJJc/qfJ
+YVbBFoaNrhYAAADHhQRhXZSZFgMrZXEBz0BL7THZ9MnCLfSPJ1FMLim9eGkQ3Bfn
+M3he5rOwO3t14QI1LjI96OjkeJipMgcFAmEP1Bq/ZHGO7oAAAc9AFnE8iNBaT3OU
+EFtxkmWHXtdaYMmGGRdopw9JPXr/UxuunDln5o9dxPxf7q7z26zXrZen+qed/Isa
+HsDCwSwEGBYKAWsFgmFdlJkFiQWkj70JEKaZmJX6us5SRxQAAAAAAB4AIHNhbHRA
+bm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZxREUizdTcepBzgSMOv2VWQCWbl++3CZ
+EbgAWDryvSsyApsCwDGgBBkWCgBvBYJhXZSZCRBKo3SL4S5djkcUAAAAAAAeACBz
+YWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmemoGTDjmNQiIzw6HOEddvS0OB7
+UZ/P07jM/EVmnYxTlBYhBAxsnkGpx1UCiH6gUUqjdIvhLl2OAAALYQOXQAMB1oKq
+OWxSFmvmgCKNcbAAyA3piF5ERIqs4z07oJvqDYrOWt75UsEIH/04gU/vHc4EmfG2
+JDLJgOLlyTUPkL/08f0ydGZPofFQBhn8HkuFFjnNtJ5oz3GIP4cdWMQFaUw0uvjb
+PM9Tm3ptENGd6Ts1AAAAFiEEwdtl1YDXuSJyVEseppmYlfq6zlIAAGpTA5dATR6i
+U2GrpUcQgpG+JqfAsGmF4yAOhgFxc1UfidFk3nTup3fLgjipkYY170WLRNbyKkVO
+Sodx93GAs58rizO1acDAWiLq3cyEPBFXbyFThbcNPcLl+/77Uk/mgkYrPQFAQWdK
+1kSRm4SizDBK37K8ChAAAADHhwRhXZSZEgMrZW8Bx0DMhzvhQo+OsXeqQ6QVw4sF
+CaexHh6rLohh7TzL3hQSjoJ27fV6JBkIWdn0LfrMlJIDbSv2SLdlgQMBCgkAAcdA
+MO7Dc1myF6Co1fAH+EuP+OxhxP/7V6ljuSCZENDfA49tQkzTta+PniG+pOVB2LHb
+huyaKBkqiaogo8LAOQQYFgoAeAWCYV2UmQWJBaSPvQkQppmYlfq6zlJHFAAAAAAA
+HgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEjBMQAmc/2u45u5FQGmB
+QAytjSG2LM3JQN+PPVl5vEkCmwwWIQTB22XVgNe5InJUSx6mmZiV+rrOUgAASdYD
+l0DXEHQ9ykNP2rZP35ET1dmiFagFtTj/hLQcWlg16LqvJNGqOgYXuqTerbiOOt02
+XLCBln+wdewpU4ChEffMUDRBfqfQco/YsMqWV7bHJHAO0eC/DMKCjyU90xdH7R/d
+QgqsfguR1PqPuJxpXV4bSr6CGAAAAA==
+=MSvh
+-----END PGP PRIVATE KEY BLOCK-----`
+
+const keyWithNotation = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+xVgEY9gIshYJKwYBBAHaRw8BAQdAF25fSM8OpFlXZhop4Qpqo5ywGZ4jgWlR
+ppjhIKDthREAAQC+LFpzFcMJYcjxGKzBGHN0Px2jU4d04YSRnFAik+lVVQ6u
+zRdUZXN0IDx0ZXN0QGV4YW1wbGUuY29tPsLACgQQFgoAfAUCY9gIsgQLCQcI
+CRD/utJOCym8pR0UgAAAAAAQAAR0ZXh0QGV4YW1wbGUuY29tdGVzdB8UAAAA
+AAASAARiaW5hcnlAZXhhbXBsZS5jb20AAQIDAxUICgQWAAIBAhkBAhsDAh4B
+FiEEEMCQTUVGKgCX5rDQ/7rSTgspvKUAAPl5AP9Npz90LxzrB97Qr2DrGwfG
+wuYn4FSYwtuPfZHHeoIabwD/QEbvpQJ/NBb9EAZuow4Rirlt1yv19mmnF+j5
+8yUzhQjHXQRj2AiyEgorBgEEAZdVAQUBAQdARXAo30DmKcyUg6co7OUm0RNT
+z9iqFbDBzA8A47JEt1MDAQgHAAD/XKK3lBm0SqMR558HLWdBrNG6NqKuqb5X
+joCML987ZNgRD8J4BBgWCAAqBQJj2AiyCRD/utJOCym8pQIbDBYhBBDAkE1F
+RioAl+aw0P+60k4LKbylAADRxgEAg7UfBDiDPp5LHcW9D+SgFHk6+GyEU4ev
+VppQxdtxPvAA/34snHBX7Twnip1nMt7P4e2hDiw/hwQ7oqioOvc6jMkP
+=Z8YJ
+-----END PGP PRIVATE KEY BLOCK-----
+`
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go
new file mode 100644
index 0000000000000000000000000000000000000000..fec41a0e73f7c7c81cacf379709e97ae77bae330
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_config.go
@@ -0,0 +1,67 @@
+// Copyright (C) 2019 ProtonTech AG
+
+package packet
+
+import "math/bits"
+
+// CipherSuite contains a combination of Cipher and Mode
+type CipherSuite struct {
+ // The cipher function
+ Cipher CipherFunction
+ // The AEAD mode of operation.
+ Mode AEADMode
+}
+
+// AEADConfig collects a number of AEAD parameters along with sensible defaults.
+// A nil AEADConfig is valid and results in all default values.
+type AEADConfig struct {
+ // The AEAD mode of operation.
+ DefaultMode AEADMode
+ // Amount of octets in each chunk of data
+ ChunkSize uint64
+}
+
+// Mode returns the AEAD mode of operation.
+func (conf *AEADConfig) Mode() AEADMode {
+ // If no preference is specified, OCB is used (which is mandatory to implement).
+ if conf == nil || conf.DefaultMode == 0 {
+ return AEADModeOCB
+ }
+
+ mode := conf.DefaultMode
+ if mode != AEADModeEAX && mode != AEADModeOCB && mode != AEADModeGCM {
+ panic("AEAD mode unsupported")
+ }
+ return mode
+}
+
+// ChunkSizeByte returns the byte indicating the chunk size. The effective
+// chunk size is computed with the formula uint64(1) << (chunkSizeByte + 6)
+// limit to 16 = 4 MiB
+// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
+func (conf *AEADConfig) ChunkSizeByte() byte {
+ if conf == nil || conf.ChunkSize == 0 {
+ return 12 // 1 << (12 + 6) == 262144 bytes
+ }
+
+ chunkSize := conf.ChunkSize
+ exponent := bits.Len64(chunkSize) - 1
+ switch {
+ case exponent < 6:
+ exponent = 6
+ case exponent > 16:
+ exponent = 16
+ }
+
+ return byte(exponent - 6)
+}
+
+// decodeAEADChunkSize returns the effective chunk size. In 32-bit systems, the
+// maximum returned value is 1 << 30.
+func decodeAEADChunkSize(c byte) int {
+ size := uint64(1 << (c + 6))
+ if size != uint64(int(size)) {
+ return 1 << 30
+ }
+ return int(size)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_crypter.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_crypter.go
new file mode 100644
index 0000000000000000000000000000000000000000..5e460465631933b63e7aae55a130dce6ba1b81db
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_crypter.go
@@ -0,0 +1,250 @@
+// Copyright (C) 2019 ProtonTech AG
+
+package packet
+
+import (
+ "crypto/cipher"
+ "encoding/binary"
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+)
+
+// aeadCrypter is an AEAD opener/sealer, its configuration, and data for en/decryption.
+type aeadCrypter struct {
+ aead cipher.AEAD
+ chunkSize int
+ nonce []byte
+ associatedData []byte // Chunk-independent associated data
+ chunkIndex []byte // Chunk counter
+ packetTag packetType // SEIP packet (v2) or AEAD Encrypted Data packet
+ bytesProcessed int // Amount of plaintext bytes encrypted/decrypted
+}
+
+// computeNonce takes the incremental index and computes an eXclusive OR with
+// the least significant 8 bytes of the receivers' initial nonce (see sec.
+// 5.16.1 and 5.16.2). It returns the resulting nonce.
+func (wo *aeadCrypter) computeNextNonce() (nonce []byte) {
+ if wo.packetTag == packetTypeSymmetricallyEncryptedIntegrityProtected {
+ return wo.nonce
+ }
+
+ nonce = make([]byte, len(wo.nonce))
+ copy(nonce, wo.nonce)
+ offset := len(wo.nonce) - 8
+ for i := 0; i < 8; i++ {
+ nonce[i+offset] ^= wo.chunkIndex[i]
+ }
+ return
+}
+
+// incrementIndex performs an integer increment by 1 of the integer represented by the
+// slice, modifying it accordingly.
+func (wo *aeadCrypter) incrementIndex() error {
+ index := wo.chunkIndex
+ if len(index) == 0 {
+ return errors.AEADError("Index has length 0")
+ }
+ for i := len(index) - 1; i >= 0; i-- {
+ if index[i] < 255 {
+ index[i]++
+ return nil
+ }
+ index[i] = 0
+ }
+ return errors.AEADError("cannot further increment index")
+}
+
+// aeadDecrypter reads and decrypts bytes. It buffers extra decrypted bytes when
+// necessary, similar to aeadEncrypter.
+type aeadDecrypter struct {
+ aeadCrypter // Embedded ciphertext opener
+ reader io.Reader // 'reader' is a partialLengthReader
+ chunkBytes []byte
+ peekedBytes []byte // Used to detect last chunk
+ buffer []byte // Buffered decrypted bytes
+}
+
+// Read decrypts bytes and reads them into dst. It decrypts when necessary and
+// buffers extra decrypted bytes. It returns the number of bytes copied into dst
+// and an error.
+func (ar *aeadDecrypter) Read(dst []byte) (n int, err error) {
+ // Return buffered plaintext bytes from previous calls
+ if len(ar.buffer) > 0 {
+ n = copy(dst, ar.buffer)
+ ar.buffer = ar.buffer[n:]
+ return
+ }
+
+ // Read a chunk
+ tagLen := ar.aead.Overhead()
+ copy(ar.chunkBytes, ar.peekedBytes) // Copy bytes peeked in previous chunk or in initialization
+ bytesRead, errRead := io.ReadFull(ar.reader, ar.chunkBytes[tagLen:])
+ if errRead != nil && errRead != io.EOF && errRead != io.ErrUnexpectedEOF {
+ return 0, errRead
+ }
+
+ if bytesRead > 0 {
+ ar.peekedBytes = ar.chunkBytes[bytesRead:bytesRead+tagLen]
+
+ decrypted, errChunk := ar.openChunk(ar.chunkBytes[:bytesRead])
+ if errChunk != nil {
+ return 0, errChunk
+ }
+
+ // Return decrypted bytes, buffering if necessary
+ n = copy(dst, decrypted)
+ ar.buffer = decrypted[n:]
+ return
+ }
+
+ return 0, io.EOF
+}
+
+// Close checks the final authentication tag of the stream.
+// In the future, this function could also be used to wipe the reader
+// and peeked & decrypted bytes, if necessary.
+func (ar *aeadDecrypter) Close() (err error) {
+ errChunk := ar.validateFinalTag(ar.peekedBytes)
+ if errChunk != nil {
+ return errChunk
+ }
+ return nil
+}
+
+// openChunk decrypts and checks integrity of an encrypted chunk, returning
+// the underlying plaintext and an error. It accesses peeked bytes from next
+// chunk, to identify the last chunk and decrypt/validate accordingly.
+func (ar *aeadDecrypter) openChunk(data []byte) ([]byte, error) {
+ adata := ar.associatedData
+ if ar.aeadCrypter.packetTag == packetTypeAEADEncrypted {
+ adata = append(ar.associatedData, ar.chunkIndex...)
+ }
+
+ nonce := ar.computeNextNonce()
+ plainChunk, err := ar.aead.Open(data[:0:len(data)], nonce, data, adata)
+ if err != nil {
+ return nil, errors.ErrAEADTagVerification
+ }
+ ar.bytesProcessed += len(plainChunk)
+ if err = ar.aeadCrypter.incrementIndex(); err != nil {
+ return nil, err
+ }
+ return plainChunk, nil
+}
+
+// Checks the summary tag. It takes into account the total decrypted bytes into
+// the associated data. It returns an error, or nil if the tag is valid.
+func (ar *aeadDecrypter) validateFinalTag(tag []byte) error {
+ // Associated: tag, version, cipher, aead, chunk size, ...
+ amountBytes := make([]byte, 8)
+ binary.BigEndian.PutUint64(amountBytes, uint64(ar.bytesProcessed))
+
+ adata := ar.associatedData
+ if ar.aeadCrypter.packetTag == packetTypeAEADEncrypted {
+ // ... index ...
+ adata = append(ar.associatedData, ar.chunkIndex...)
+ }
+
+ // ... and total number of encrypted octets
+ adata = append(adata, amountBytes...)
+ nonce := ar.computeNextNonce()
+ if _, err := ar.aead.Open(nil, nonce, tag, adata); err != nil {
+ return errors.ErrAEADTagVerification
+ }
+ return nil
+}
+
+// aeadEncrypter encrypts and writes bytes. It encrypts when necessary according
+// to the AEAD block size, and buffers the extra encrypted bytes for next write.
+type aeadEncrypter struct {
+ aeadCrypter // Embedded plaintext sealer
+ writer io.WriteCloser // 'writer' is a partialLengthWriter
+ chunkBytes []byte
+ offset int
+}
+
+// Write encrypts and writes bytes. It encrypts when necessary and buffers extra
+// plaintext bytes for next call. When the stream is finished, Close() MUST be
+// called to append the final tag.
+func (aw *aeadEncrypter) Write(plaintextBytes []byte) (n int, err error) {
+ for n != len(plaintextBytes) {
+ copied := copy(aw.chunkBytes[aw.offset:aw.chunkSize], plaintextBytes[n:])
+ n += copied
+ aw.offset += copied
+
+ if aw.offset == aw.chunkSize {
+ encryptedChunk, err := aw.sealChunk(aw.chunkBytes[:aw.offset])
+ if err != nil {
+ return n, err
+ }
+ _, err = aw.writer.Write(encryptedChunk)
+ if err != nil {
+ return n, err
+ }
+ aw.offset = 0
+ }
+ }
+ return
+}
+
+// Close encrypts and writes the remaining buffered plaintext if any, appends
+// the final authentication tag, and closes the embedded writer. This function
+// MUST be called at the end of a stream.
+func (aw *aeadEncrypter) Close() (err error) {
+ // Encrypt and write a chunk if there's buffered data left, or if we haven't
+ // written any chunks yet.
+ if aw.offset > 0 || aw.bytesProcessed == 0 {
+ lastEncryptedChunk, err := aw.sealChunk(aw.chunkBytes[:aw.offset])
+ if err != nil {
+ return err
+ }
+ _, err = aw.writer.Write(lastEncryptedChunk)
+ if err != nil {
+ return err
+ }
+ }
+ // Compute final tag (associated data: packet tag, version, cipher, aead,
+ // chunk size...
+ adata := aw.associatedData
+
+ if aw.aeadCrypter.packetTag == packetTypeAEADEncrypted {
+ // ... index ...
+ adata = append(aw.associatedData, aw.chunkIndex...)
+ }
+
+ // ... and total number of encrypted octets
+ amountBytes := make([]byte, 8)
+ binary.BigEndian.PutUint64(amountBytes, uint64(aw.bytesProcessed))
+ adata = append(adata, amountBytes...)
+
+ nonce := aw.computeNextNonce()
+ finalTag := aw.aead.Seal(nil, nonce, nil, adata)
+ _, err = aw.writer.Write(finalTag)
+ if err != nil {
+ return err
+ }
+ return aw.writer.Close()
+}
+
+// sealChunk Encrypts and authenticates the given chunk.
+func (aw *aeadEncrypter) sealChunk(data []byte) ([]byte, error) {
+ if len(data) > aw.chunkSize {
+ return nil, errors.AEADError("chunk exceeds maximum length")
+ }
+ if aw.associatedData == nil {
+ return nil, errors.AEADError("can't seal without headers")
+ }
+ adata := aw.associatedData
+ if aw.aeadCrypter.packetTag == packetTypeAEADEncrypted {
+ adata = append(aw.associatedData, aw.chunkIndex...)
+ }
+
+ nonce := aw.computeNextNonce()
+ encrypted := aw.aead.Seal(data[:0], nonce, data, adata)
+ aw.bytesProcessed += len(data)
+ if err := aw.aeadCrypter.incrementIndex(); err != nil {
+ return nil, err
+ }
+ return encrypted, nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_encrypted.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_encrypted.go
new file mode 100644
index 0000000000000000000000000000000000000000..583765d87ca6fe983d50de317ce0dd4140a7d494
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/aead_encrypted.go
@@ -0,0 +1,100 @@
+// Copyright (C) 2019 ProtonTech AG
+
+package packet
+
+import (
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
+)
+
+// AEADEncrypted represents an AEAD Encrypted Packet.
+// See https://www.ietf.org/archive/id/draft-koch-openpgp-2015-rfc4880bis-00.html#name-aead-encrypted-data-packet-t
+type AEADEncrypted struct {
+ cipher CipherFunction
+ mode AEADMode
+ chunkSizeByte byte
+ Contents io.Reader // Encrypted chunks and tags
+ initialNonce []byte // Referred to as IV in RFC4880-bis
+}
+
+// Only currently defined version
+const aeadEncryptedVersion = 1
+
+func (ae *AEADEncrypted) parse(buf io.Reader) error {
+ headerData := make([]byte, 4)
+ if n, err := io.ReadFull(buf, headerData); n < 4 {
+ return errors.AEADError("could not read aead header:" + err.Error())
+ }
+ // Read initial nonce
+ mode := AEADMode(headerData[2])
+ nonceLen := mode.IvLength()
+
+ // This packet supports only EAX and OCB
+ // https://www.ietf.org/archive/id/draft-koch-openpgp-2015-rfc4880bis-00.html#name-aead-encrypted-data-packet-t
+ if nonceLen == 0 || mode > AEADModeOCB {
+ return errors.AEADError("unknown mode")
+ }
+
+ initialNonce := make([]byte, nonceLen)
+ if n, err := io.ReadFull(buf, initialNonce); n < nonceLen {
+ return errors.AEADError("could not read aead nonce:" + err.Error())
+ }
+ ae.Contents = buf
+ ae.initialNonce = initialNonce
+ c := headerData[1]
+ if _, ok := algorithm.CipherById[c]; !ok {
+ return errors.UnsupportedError("unknown cipher: " + string(c))
+ }
+ ae.cipher = CipherFunction(c)
+ ae.mode = mode
+ ae.chunkSizeByte = headerData[3]
+ return nil
+}
+
+// Decrypt returns a io.ReadCloser from which decrypted bytes can be read, or
+// an error.
+func (ae *AEADEncrypted) Decrypt(ciph CipherFunction, key []byte) (io.ReadCloser, error) {
+ return ae.decrypt(key)
+}
+
+// decrypt prepares an aeadCrypter and returns a ReadCloser from which
+// decrypted bytes can be read (see aeadDecrypter.Read()).
+func (ae *AEADEncrypted) decrypt(key []byte) (io.ReadCloser, error) {
+ blockCipher := ae.cipher.new(key)
+ aead := ae.mode.new(blockCipher)
+ // Carry the first tagLen bytes
+ chunkSize := decodeAEADChunkSize(ae.chunkSizeByte)
+ tagLen := ae.mode.TagLength()
+ chunkBytes := make([]byte, chunkSize+tagLen*2)
+ peekedBytes := chunkBytes[chunkSize+tagLen:]
+ n, err := io.ReadFull(ae.Contents, peekedBytes)
+ if n < tagLen || (err != nil && err != io.EOF) {
+ return nil, errors.AEADError("Not enough data to decrypt:" + err.Error())
+ }
+
+ return &aeadDecrypter{
+ aeadCrypter: aeadCrypter{
+ aead: aead,
+ chunkSize: chunkSize,
+ nonce: ae.initialNonce,
+ associatedData: ae.associatedData(),
+ chunkIndex: make([]byte, 8),
+ packetTag: packetTypeAEADEncrypted,
+ },
+ reader: ae.Contents,
+ chunkBytes: chunkBytes,
+ peekedBytes: peekedBytes,
+ }, nil
+}
+
+// associatedData for chunks: tag, version, cipher, mode, chunk size byte
+func (ae *AEADEncrypted) associatedData() []byte {
+ return []byte{
+ 0xD4,
+ aeadEncryptedVersion,
+ byte(ae.cipher),
+ byte(ae.mode),
+ ae.chunkSizeByte}
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/compressed.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/compressed.go
new file mode 100644
index 0000000000000000000000000000000000000000..0bcb38cacace6b7e13d659d1afe1831ed27a5311
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/compressed.go
@@ -0,0 +1,161 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "compress/bzip2"
+ "compress/flate"
+ "compress/zlib"
+ "io"
+ "strconv"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+)
+
+// Compressed represents a compressed OpenPGP packet. The decompressed contents
+// will contain more OpenPGP packets. See RFC 4880, section 5.6.
+type Compressed struct {
+ Body io.Reader
+}
+
+const (
+ NoCompression = flate.NoCompression
+ BestSpeed = flate.BestSpeed
+ BestCompression = flate.BestCompression
+ DefaultCompression = flate.DefaultCompression
+)
+
+// CompressionConfig contains compressor configuration settings.
+type CompressionConfig struct {
+ // Level is the compression level to use. It must be set to
+ // between -1 and 9, with -1 causing the compressor to use the
+ // default compression level, 0 causing the compressor to use
+ // no compression and 1 to 9 representing increasing (better,
+ // slower) compression levels. If Level is less than -1 or
+ // more then 9, a non-nil error will be returned during
+ // encryption. See the constants above for convenient common
+ // settings for Level.
+ Level int
+}
+
+// decompressionReader ensures that the whole compression packet is read.
+type decompressionReader struct {
+ compressed io.Reader
+ decompressed io.ReadCloser
+ readAll bool
+}
+
+func newDecompressionReader(r io.Reader, decompressor io.ReadCloser) *decompressionReader {
+ return &decompressionReader{
+ compressed: r,
+ decompressed: decompressor,
+ }
+}
+
+func (dr *decompressionReader) Read(data []byte) (n int, err error) {
+ if dr.readAll {
+ return 0, io.EOF
+ }
+ n, err = dr.decompressed.Read(data)
+ if err == io.EOF {
+ dr.readAll = true
+ // Close the decompressor.
+ if errDec := dr.decompressed.Close(); errDec != nil {
+ return n, errDec
+ }
+ // Consume all remaining data from the compressed packet.
+ consumeAll(dr.compressed)
+ }
+ return n, err
+}
+
+func (c *Compressed) parse(r io.Reader) error {
+ var buf [1]byte
+ _, err := readFull(r, buf[:])
+ if err != nil {
+ return err
+ }
+
+ switch buf[0] {
+ case 0:
+ c.Body = r
+ case 1:
+ c.Body = newDecompressionReader(r, flate.NewReader(r))
+ case 2:
+ decompressor, err := zlib.NewReader(r)
+ if err != nil {
+ return err
+ }
+ c.Body = newDecompressionReader(r, decompressor)
+ case 3:
+ c.Body = newDecompressionReader(r, io.NopCloser(bzip2.NewReader(r)))
+ default:
+ err = errors.UnsupportedError("unknown compression algorithm: " + strconv.Itoa(int(buf[0])))
+ }
+
+ return err
+}
+
+// compressedWriterCloser represents the serialized compression stream
+// header and the compressor. Its Close() method ensures that both the
+// compressor and serialized stream header are closed. Its Write()
+// method writes to the compressor.
+type compressedWriteCloser struct {
+ sh io.Closer // Stream Header
+ c io.WriteCloser // Compressor
+}
+
+func (cwc compressedWriteCloser) Write(p []byte) (int, error) {
+ return cwc.c.Write(p)
+}
+
+func (cwc compressedWriteCloser) Close() (err error) {
+ err = cwc.c.Close()
+ if err != nil {
+ return err
+ }
+
+ return cwc.sh.Close()
+}
+
+// SerializeCompressed serializes a compressed data packet to w and
+// returns a WriteCloser to which the literal data packets themselves
+// can be written and which MUST be closed on completion. If cc is
+// nil, sensible defaults will be used to configure the compression
+// algorithm.
+func SerializeCompressed(w io.WriteCloser, algo CompressionAlgo, cc *CompressionConfig) (literaldata io.WriteCloser, err error) {
+ compressed, err := serializeStreamHeader(w, packetTypeCompressed)
+ if err != nil {
+ return
+ }
+
+ _, err = compressed.Write([]byte{uint8(algo)})
+ if err != nil {
+ return
+ }
+
+ level := DefaultCompression
+ if cc != nil {
+ level = cc.Level
+ }
+
+ var compressor io.WriteCloser
+ switch algo {
+ case CompressionZIP:
+ compressor, err = flate.NewWriter(compressed, level)
+ case CompressionZLIB:
+ compressor, err = zlib.NewWriterLevel(compressed, level)
+ default:
+ s := strconv.Itoa(int(algo))
+ err = errors.UnsupportedError("Unsupported compression algorithm: " + s)
+ }
+ if err != nil {
+ return
+ }
+
+ literaldata = compressedWriteCloser{compressed, compressor}
+
+ return
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go
new file mode 100644
index 0000000000000000000000000000000000000000..8bf8e6e51f1bbde5dd8f4d53706ab6521c119685
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config.go
@@ -0,0 +1,410 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "crypto"
+ "crypto/rand"
+ "io"
+ "math/big"
+ "time"
+
+ "github.com/ProtonMail/go-crypto/openpgp/s2k"
+)
+
+var (
+ defaultRejectPublicKeyAlgorithms = map[PublicKeyAlgorithm]bool{
+ PubKeyAlgoElGamal: true,
+ PubKeyAlgoDSA: true,
+ }
+ defaultRejectHashAlgorithms = map[crypto.Hash]bool{
+ crypto.MD5: true,
+ crypto.RIPEMD160: true,
+ }
+ defaultRejectMessageHashAlgorithms = map[crypto.Hash]bool{
+ crypto.SHA1: true,
+ crypto.MD5: true,
+ crypto.RIPEMD160: true,
+ }
+ defaultRejectCurves = map[Curve]bool{
+ CurveSecP256k1: true,
+ }
+)
+
+// A global feature flag to indicate v5 support.
+// Can be set via a build tag, e.g.: `go build -tags v5 ./...`
+// If the build tag is missing config_v5.go will set it to true.
+//
+// Disables parsing of v5 keys and v5 signatures.
+// These are non-standard entities, which in the crypto-refresh have been superseded
+// by v6 keys, v6 signatures and SEIPDv2 encrypted data, respectively.
+var V5Disabled = false
+
+// Config collects a number of parameters along with sensible defaults.
+// A nil *Config is valid and results in all default values.
+type Config struct {
+ // Rand provides the source of entropy.
+ // If nil, the crypto/rand Reader is used.
+ Rand io.Reader
+ // DefaultHash is the default hash function to be used.
+ // If zero, SHA-256 is used.
+ DefaultHash crypto.Hash
+ // DefaultCipher is the cipher to be used.
+ // If zero, AES-128 is used.
+ DefaultCipher CipherFunction
+ // Time returns the current time as the number of seconds since the
+ // epoch. If Time is nil, time.Now is used.
+ Time func() time.Time
+ // DefaultCompressionAlgo is the compression algorithm to be
+ // applied to the plaintext before encryption. If zero, no
+ // compression is done.
+ DefaultCompressionAlgo CompressionAlgo
+ // CompressionConfig configures the compression settings.
+ CompressionConfig *CompressionConfig
+ // S2K (String to Key) config, used for key derivation in the context of secret key encryption
+ // and password-encrypted data.
+ // If nil, the default configuration is used
+ S2KConfig *s2k.Config
+ // Iteration count for Iterated S2K (String to Key).
+ // Only used if sk2.Mode is nil.
+ // This value is duplicated here from s2k.Config for backwards compatibility.
+ // It determines the strength of the passphrase stretching when
+ // the said passphrase is hashed to produce a key. S2KCount
+ // should be between 65536 and 65011712, inclusive. If Config
+ // is nil or S2KCount is 0, the value 16777216 used. Not all
+ // values in the above range can be represented. S2KCount will
+ // be rounded up to the next representable value if it cannot
+ // be encoded exactly. When set, it is strongly encrouraged to
+ // use a value that is at least 65536. See RFC 4880 Section
+ // 3.7.1.3.
+ //
+ // Deprecated: SK2Count should be configured in S2KConfig instead.
+ S2KCount int
+ // RSABits is the number of bits in new RSA keys made with NewEntity.
+ // If zero, then 2048 bit keys are created.
+ RSABits int
+ // The public key algorithm to use - will always create a signing primary
+ // key and encryption subkey.
+ Algorithm PublicKeyAlgorithm
+ // Some known primes that are optionally prepopulated by the caller
+ RSAPrimes []*big.Int
+ // Curve configures the desired packet.Curve if the Algorithm is PubKeyAlgoECDSA,
+ // PubKeyAlgoEdDSA, or PubKeyAlgoECDH. If empty Curve25519 is used.
+ Curve Curve
+ // AEADConfig configures the use of the new AEAD Encrypted Data Packet,
+ // defined in the draft of the next version of the OpenPGP specification.
+ // If a non-nil AEADConfig is passed, usage of this packet is enabled. By
+ // default, it is disabled. See the documentation of AEADConfig for more
+ // configuration options related to AEAD.
+ // **Note: using this option may break compatibility with other OpenPGP
+ // implementations, as well as future versions of this library.**
+ AEADConfig *AEADConfig
+ // V6Keys configures version 6 key generation. If false, this package still
+ // supports version 6 keys, but produces version 4 keys.
+ V6Keys bool
+ // Minimum RSA key size allowed for key generation and message signing, verification and encryption.
+ MinRSABits uint16
+ // Reject insecure algorithms, only works with v2 api
+ RejectPublicKeyAlgorithms map[PublicKeyAlgorithm]bool
+ RejectHashAlgorithms map[crypto.Hash]bool
+ RejectMessageHashAlgorithms map[crypto.Hash]bool
+ RejectCurves map[Curve]bool
+ // "The validity period of the key. This is the number of seconds after
+ // the key creation time that the key expires. If this is not present
+ // or has a value of zero, the key never expires. This is found only on
+ // a self-signature.""
+ // https://tools.ietf.org/html/rfc4880#section-5.2.3.6
+ KeyLifetimeSecs uint32
+ // "The validity period of the signature. This is the number of seconds
+ // after the signature creation time that the signature expires. If
+ // this is not present or has a value of zero, it never expires."
+ // https://tools.ietf.org/html/rfc4880#section-5.2.3.10
+ SigLifetimeSecs uint32
+ // SigningKeyId is used to specify the signing key to use (by Key ID).
+ // By default, the signing key is selected automatically, preferring
+ // signing subkeys if available.
+ SigningKeyId uint64
+ // SigningIdentity is used to specify a user ID (packet Signer's User ID, type 28)
+ // when producing a generic certification signature onto an existing user ID.
+ // The identity must be present in the signer Entity.
+ SigningIdentity string
+ // InsecureAllowUnauthenticatedMessages controls, whether it is tolerated to read
+ // encrypted messages without Modification Detection Code (MDC).
+ // MDC is mandated by the IETF OpenPGP Crypto Refresh draft and has long been implemented
+ // in most OpenPGP implementations. Messages without MDC are considered unnecessarily
+ // insecure and should be prevented whenever possible.
+ // In case one needs to deal with messages from very old OpenPGP implementations, there
+ // might be no other way than to tolerate the missing MDC. Setting this flag, allows this
+ // mode of operation. It should be considered a measure of last resort.
+ InsecureAllowUnauthenticatedMessages bool
+ // InsecureAllowDecryptionWithSigningKeys allows decryption with keys marked as signing keys in the v2 API.
+ // This setting is potentially insecure, but it is needed as some libraries
+ // ignored key flags when selecting a key for encryption.
+ // Not relevant for the v1 API, as all keys were allowed in decryption.
+ InsecureAllowDecryptionWithSigningKeys bool
+ // KnownNotations is a map of Notation Data names to bools, which controls
+ // the notation names that are allowed to be present in critical Notation Data
+ // signature subpackets.
+ KnownNotations map[string]bool
+ // SignatureNotations is a list of Notations to be added to any signatures.
+ SignatureNotations []*Notation
+ // CheckIntendedRecipients controls, whether the OpenPGP Intended Recipient Fingerprint feature
+ // should be enabled for encryption and decryption.
+ // (See https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-12.html#name-intended-recipient-fingerpr).
+ // When the flag is set, encryption produces Intended Recipient Fingerprint signature sub-packets and decryption
+ // checks whether the key it was encrypted to is one of the included fingerprints in the signature.
+ // If the flag is disabled, no Intended Recipient Fingerprint sub-packets are created or checked.
+ // The default behavior, when the config or flag is nil, is to enable the feature.
+ CheckIntendedRecipients *bool
+ // CacheSessionKey controls if decryption should return the session key used for decryption.
+ // If the flag is set, the session key is cached in the message details struct.
+ CacheSessionKey bool
+ // CheckPacketSequence is a flag that controls if the pgp message reader should strictly check
+ // that the packet sequence conforms with the grammar mandated by rfc4880.
+ // The default behavior, when the config or flag is nil, is to check the packet sequence.
+ CheckPacketSequence *bool
+ // NonDeterministicSignaturesViaNotation is a flag to enable randomization of signatures.
+ // If true, a salt notation is used to randomize signatures generated by v4 and v5 keys
+ // (v6 signatures are always non-deterministic, by design).
+ // This protects EdDSA signatures from potentially leaking the secret key in case of faults (i.e. bitflips) which, in principle, could occur
+ // during the signing computation. It is added to signatures of any algo for simplicity, and as it may also serve as protection in case of
+ // weaknesses in the hash algo, potentially hindering e.g. some chosen-prefix attacks.
+ // The default behavior, when the config or flag is nil, is to enable the feature.
+ NonDeterministicSignaturesViaNotation *bool
+}
+
+func (c *Config) Random() io.Reader {
+ if c == nil || c.Rand == nil {
+ return rand.Reader
+ }
+ return c.Rand
+}
+
+func (c *Config) Hash() crypto.Hash {
+ if c == nil || uint(c.DefaultHash) == 0 {
+ return crypto.SHA256
+ }
+ return c.DefaultHash
+}
+
+func (c *Config) Cipher() CipherFunction {
+ if c == nil || uint8(c.DefaultCipher) == 0 {
+ return CipherAES128
+ }
+ return c.DefaultCipher
+}
+
+func (c *Config) Now() time.Time {
+ if c == nil || c.Time == nil {
+ return time.Now().Truncate(time.Second)
+ }
+ return c.Time().Truncate(time.Second)
+}
+
+// KeyLifetime returns the validity period of the key.
+func (c *Config) KeyLifetime() uint32 {
+ if c == nil {
+ return 0
+ }
+ return c.KeyLifetimeSecs
+}
+
+// SigLifetime returns the validity period of the signature.
+func (c *Config) SigLifetime() uint32 {
+ if c == nil {
+ return 0
+ }
+ return c.SigLifetimeSecs
+}
+
+func (c *Config) Compression() CompressionAlgo {
+ if c == nil {
+ return CompressionNone
+ }
+ return c.DefaultCompressionAlgo
+}
+
+func (c *Config) RSAModulusBits() int {
+ if c == nil || c.RSABits == 0 {
+ return 2048
+ }
+ return c.RSABits
+}
+
+func (c *Config) PublicKeyAlgorithm() PublicKeyAlgorithm {
+ if c == nil || c.Algorithm == 0 {
+ return PubKeyAlgoRSA
+ }
+ return c.Algorithm
+}
+
+func (c *Config) CurveName() Curve {
+ if c == nil || c.Curve == "" {
+ return Curve25519
+ }
+ return c.Curve
+}
+
+// Deprecated: The hash iterations should now be queried via the S2K() method.
+func (c *Config) PasswordHashIterations() int {
+ if c == nil || c.S2KCount == 0 {
+ return 0
+ }
+ return c.S2KCount
+}
+
+func (c *Config) S2K() *s2k.Config {
+ if c == nil {
+ return nil
+ }
+ // for backwards compatibility
+ if c.S2KCount > 0 && c.S2KConfig == nil {
+ return &s2k.Config{
+ S2KCount: c.S2KCount,
+ }
+ }
+ return c.S2KConfig
+}
+
+func (c *Config) AEAD() *AEADConfig {
+ if c == nil {
+ return nil
+ }
+ return c.AEADConfig
+}
+
+func (c *Config) SigningKey() uint64 {
+ if c == nil {
+ return 0
+ }
+ return c.SigningKeyId
+}
+
+func (c *Config) SigningUserId() string {
+ if c == nil {
+ return ""
+ }
+ return c.SigningIdentity
+}
+
+func (c *Config) AllowUnauthenticatedMessages() bool {
+ if c == nil {
+ return false
+ }
+ return c.InsecureAllowUnauthenticatedMessages
+}
+
+func (c *Config) AllowDecryptionWithSigningKeys() bool {
+ if c == nil {
+ return false
+ }
+ return c.InsecureAllowDecryptionWithSigningKeys
+}
+
+func (c *Config) KnownNotation(notationName string) bool {
+ if c == nil {
+ return false
+ }
+ return c.KnownNotations[notationName]
+}
+
+func (c *Config) Notations() []*Notation {
+ if c == nil {
+ return nil
+ }
+ return c.SignatureNotations
+}
+
+func (c *Config) V6() bool {
+ if c == nil {
+ return false
+ }
+ return c.V6Keys
+}
+
+func (c *Config) IntendedRecipients() bool {
+ if c == nil || c.CheckIntendedRecipients == nil {
+ return true
+ }
+ return *c.CheckIntendedRecipients
+}
+
+func (c *Config) RetrieveSessionKey() bool {
+ if c == nil {
+ return false
+ }
+ return c.CacheSessionKey
+}
+
+func (c *Config) MinimumRSABits() uint16 {
+ if c == nil || c.MinRSABits == 0 {
+ return 2047
+ }
+ return c.MinRSABits
+}
+
+func (c *Config) RejectPublicKeyAlgorithm(alg PublicKeyAlgorithm) bool {
+ var rejectedAlgorithms map[PublicKeyAlgorithm]bool
+ if c == nil || c.RejectPublicKeyAlgorithms == nil {
+ // Default
+ rejectedAlgorithms = defaultRejectPublicKeyAlgorithms
+ } else {
+ rejectedAlgorithms = c.RejectPublicKeyAlgorithms
+ }
+ return rejectedAlgorithms[alg]
+}
+
+func (c *Config) RejectHashAlgorithm(hash crypto.Hash) bool {
+ var rejectedAlgorithms map[crypto.Hash]bool
+ if c == nil || c.RejectHashAlgorithms == nil {
+ // Default
+ rejectedAlgorithms = defaultRejectHashAlgorithms
+ } else {
+ rejectedAlgorithms = c.RejectHashAlgorithms
+ }
+ return rejectedAlgorithms[hash]
+}
+
+func (c *Config) RejectMessageHashAlgorithm(hash crypto.Hash) bool {
+ var rejectedAlgorithms map[crypto.Hash]bool
+ if c == nil || c.RejectMessageHashAlgorithms == nil {
+ // Default
+ rejectedAlgorithms = defaultRejectMessageHashAlgorithms
+ } else {
+ rejectedAlgorithms = c.RejectMessageHashAlgorithms
+ }
+ return rejectedAlgorithms[hash]
+}
+
+func (c *Config) RejectCurve(curve Curve) bool {
+ var rejectedCurve map[Curve]bool
+ if c == nil || c.RejectCurves == nil {
+ // Default
+ rejectedCurve = defaultRejectCurves
+ } else {
+ rejectedCurve = c.RejectCurves
+ }
+ return rejectedCurve[curve]
+}
+
+func (c *Config) StrictPacketSequence() bool {
+ if c == nil || c.CheckPacketSequence == nil {
+ return true
+ }
+ return *c.CheckPacketSequence
+}
+
+func (c *Config) RandomizeSignaturesViaNotation() bool {
+ if c == nil || c.NonDeterministicSignaturesViaNotation == nil {
+ return true
+ }
+ return *c.NonDeterministicSignaturesViaNotation
+}
+
+// BoolPointer is a helper function to set a boolean pointer in the Config.
+// e.g., config.CheckPacketSequence = BoolPointer(true)
+func BoolPointer(value bool) *bool {
+ return &value
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config_v5.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config_v5.go
new file mode 100644
index 0000000000000000000000000000000000000000..f2415906b9d1bea9256bfe0b8c8da611caa688e2
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/config_v5.go
@@ -0,0 +1,7 @@
+//go:build !v5
+
+package packet
+
+func init() {
+ V5Disabled = true
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/encrypted_key.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/encrypted_key.go
new file mode 100644
index 0000000000000000000000000000000000000000..b90bb289119ce69a23a2f943ffb6c708e05f3558
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/encrypted_key.go
@@ -0,0 +1,584 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "bytes"
+ "crypto"
+ "crypto/rsa"
+ "encoding/binary"
+ "encoding/hex"
+ "io"
+ "math/big"
+ "strconv"
+
+ "github.com/ProtonMail/go-crypto/openpgp/ecdh"
+ "github.com/ProtonMail/go-crypto/openpgp/elgamal"
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/encoding"
+ "github.com/ProtonMail/go-crypto/openpgp/x25519"
+ "github.com/ProtonMail/go-crypto/openpgp/x448"
+)
+
+// EncryptedKey represents a public-key encrypted session key. See RFC 4880,
+// section 5.1.
+type EncryptedKey struct {
+ Version int
+ KeyId uint64
+ KeyVersion int // v6
+ KeyFingerprint []byte // v6
+ Algo PublicKeyAlgorithm
+ CipherFunc CipherFunction // only valid after a successful Decrypt for a v3 packet
+ Key []byte // only valid after a successful Decrypt
+
+ encryptedMPI1, encryptedMPI2 encoding.Field
+ ephemeralPublicX25519 *x25519.PublicKey // used for x25519
+ ephemeralPublicX448 *x448.PublicKey // used for x448
+ encryptedSession []byte // used for x25519 and x448
+}
+
+func (e *EncryptedKey) parse(r io.Reader) (err error) {
+ var buf [8]byte
+ _, err = readFull(r, buf[:versionSize])
+ if err != nil {
+ return
+ }
+ e.Version = int(buf[0])
+ if e.Version != 3 && e.Version != 6 {
+ return errors.UnsupportedError("unknown EncryptedKey version " + strconv.Itoa(int(buf[0])))
+ }
+ if e.Version == 6 {
+ //Read a one-octet size of the following two fields.
+ if _, err = readFull(r, buf[:1]); err != nil {
+ return
+ }
+ // The size may also be zero, and the key version and
+ // fingerprint omitted for an "anonymous recipient"
+ if buf[0] != 0 {
+ // non-anonymous case
+ _, err = readFull(r, buf[:versionSize])
+ if err != nil {
+ return
+ }
+ e.KeyVersion = int(buf[0])
+ if e.KeyVersion != 4 && e.KeyVersion != 6 {
+ return errors.UnsupportedError("unknown public key version " + strconv.Itoa(e.KeyVersion))
+ }
+ var fingerprint []byte
+ if e.KeyVersion == 6 {
+ fingerprint = make([]byte, fingerprintSizeV6)
+ } else if e.KeyVersion == 4 {
+ fingerprint = make([]byte, fingerprintSize)
+ }
+ _, err = readFull(r, fingerprint)
+ if err != nil {
+ return
+ }
+ e.KeyFingerprint = fingerprint
+ if e.KeyVersion == 6 {
+ e.KeyId = binary.BigEndian.Uint64(e.KeyFingerprint[:keyIdSize])
+ } else if e.KeyVersion == 4 {
+ e.KeyId = binary.BigEndian.Uint64(e.KeyFingerprint[fingerprintSize-keyIdSize : fingerprintSize])
+ }
+ }
+ } else {
+ _, err = readFull(r, buf[:8])
+ if err != nil {
+ return
+ }
+ e.KeyId = binary.BigEndian.Uint64(buf[:keyIdSize])
+ }
+
+ _, err = readFull(r, buf[:1])
+ if err != nil {
+ return
+ }
+ e.Algo = PublicKeyAlgorithm(buf[0])
+ var cipherFunction byte
+ switch e.Algo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
+ e.encryptedMPI1 = new(encoding.MPI)
+ if _, err = e.encryptedMPI1.ReadFrom(r); err != nil {
+ return
+ }
+ case PubKeyAlgoElGamal:
+ e.encryptedMPI1 = new(encoding.MPI)
+ if _, err = e.encryptedMPI1.ReadFrom(r); err != nil {
+ return
+ }
+
+ e.encryptedMPI2 = new(encoding.MPI)
+ if _, err = e.encryptedMPI2.ReadFrom(r); err != nil {
+ return
+ }
+ case PubKeyAlgoECDH:
+ e.encryptedMPI1 = new(encoding.MPI)
+ if _, err = e.encryptedMPI1.ReadFrom(r); err != nil {
+ return
+ }
+
+ e.encryptedMPI2 = new(encoding.OID)
+ if _, err = e.encryptedMPI2.ReadFrom(r); err != nil {
+ return
+ }
+ case PubKeyAlgoX25519:
+ e.ephemeralPublicX25519, e.encryptedSession, cipherFunction, err = x25519.DecodeFields(r, e.Version == 6)
+ if err != nil {
+ return
+ }
+ case PubKeyAlgoX448:
+ e.ephemeralPublicX448, e.encryptedSession, cipherFunction, err = x448.DecodeFields(r, e.Version == 6)
+ if err != nil {
+ return
+ }
+ }
+ if e.Version < 6 {
+ switch e.Algo {
+ case PubKeyAlgoX25519, PubKeyAlgoX448:
+ e.CipherFunc = CipherFunction(cipherFunction)
+ // Check for validiy is in the Decrypt method
+ }
+ }
+
+ _, err = consumeAll(r)
+ return
+}
+
+// Decrypt decrypts an encrypted session key with the given private key. The
+// private key must have been decrypted first.
+// If config is nil, sensible defaults will be used.
+func (e *EncryptedKey) Decrypt(priv *PrivateKey, config *Config) error {
+ if e.Version < 6 && e.KeyId != 0 && e.KeyId != priv.KeyId {
+ return errors.InvalidArgumentError("cannot decrypt encrypted session key for key id " + strconv.FormatUint(e.KeyId, 16) + " with private key id " + strconv.FormatUint(priv.KeyId, 16))
+ }
+ if e.Version == 6 && e.KeyVersion != 0 && !bytes.Equal(e.KeyFingerprint, priv.Fingerprint) {
+ return errors.InvalidArgumentError("cannot decrypt encrypted session key for key fingerprint " + hex.EncodeToString(e.KeyFingerprint) + " with private key fingerprint " + hex.EncodeToString(priv.Fingerprint))
+ }
+ if e.Algo != priv.PubKeyAlgo {
+ return errors.InvalidArgumentError("cannot decrypt encrypted session key of type " + strconv.Itoa(int(e.Algo)) + " with private key of type " + strconv.Itoa(int(priv.PubKeyAlgo)))
+ }
+ if priv.Dummy() {
+ return errors.ErrDummyPrivateKey("dummy key found")
+ }
+
+ var err error
+ var b []byte
+
+ // TODO(agl): use session key decryption routines here to avoid
+ // padding oracle attacks.
+ switch priv.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
+ // Supports both *rsa.PrivateKey and crypto.Decrypter
+ k := priv.PrivateKey.(crypto.Decrypter)
+ b, err = k.Decrypt(config.Random(), padToKeySize(k.Public().(*rsa.PublicKey), e.encryptedMPI1.Bytes()), nil)
+ case PubKeyAlgoElGamal:
+ c1 := new(big.Int).SetBytes(e.encryptedMPI1.Bytes())
+ c2 := new(big.Int).SetBytes(e.encryptedMPI2.Bytes())
+ b, err = elgamal.Decrypt(priv.PrivateKey.(*elgamal.PrivateKey), c1, c2)
+ case PubKeyAlgoECDH:
+ vsG := e.encryptedMPI1.Bytes()
+ m := e.encryptedMPI2.Bytes()
+ oid := priv.PublicKey.oid.EncodedBytes()
+ fp := priv.PublicKey.Fingerprint[:]
+ if priv.PublicKey.Version == 5 {
+ // For v5 the, the fingerprint must be restricted to 20 bytes
+ fp = fp[:20]
+ }
+ b, err = ecdh.Decrypt(priv.PrivateKey.(*ecdh.PrivateKey), vsG, m, oid, fp)
+ case PubKeyAlgoX25519:
+ b, err = x25519.Decrypt(priv.PrivateKey.(*x25519.PrivateKey), e.ephemeralPublicX25519, e.encryptedSession)
+ case PubKeyAlgoX448:
+ b, err = x448.Decrypt(priv.PrivateKey.(*x448.PrivateKey), e.ephemeralPublicX448, e.encryptedSession)
+ default:
+ err = errors.InvalidArgumentError("cannot decrypt encrypted session key with private key of type " + strconv.Itoa(int(priv.PubKeyAlgo)))
+ }
+ if err != nil {
+ return err
+ }
+
+ var key []byte
+ switch priv.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoElGamal, PubKeyAlgoECDH:
+ keyOffset := 0
+ if e.Version < 6 {
+ e.CipherFunc = CipherFunction(b[0])
+ keyOffset = 1
+ if !e.CipherFunc.IsSupported() {
+ return errors.UnsupportedError("unsupported encryption function")
+ }
+ }
+ key, err = decodeChecksumKey(b[keyOffset:])
+ if err != nil {
+ return err
+ }
+ case PubKeyAlgoX25519, PubKeyAlgoX448:
+ if e.Version < 6 {
+ switch e.CipherFunc {
+ case CipherAES128, CipherAES192, CipherAES256:
+ break
+ default:
+ return errors.StructuralError("v3 PKESK mandates AES as cipher function for x25519 and x448")
+ }
+ }
+ key = b[:]
+ default:
+ return errors.UnsupportedError("unsupported algorithm for decryption")
+ }
+ e.Key = key
+ return nil
+}
+
+// Serialize writes the encrypted key packet, e, to w.
+func (e *EncryptedKey) Serialize(w io.Writer) error {
+ var encodedLength int
+ switch e.Algo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
+ encodedLength = int(e.encryptedMPI1.EncodedLength())
+ case PubKeyAlgoElGamal:
+ encodedLength = int(e.encryptedMPI1.EncodedLength()) + int(e.encryptedMPI2.EncodedLength())
+ case PubKeyAlgoECDH:
+ encodedLength = int(e.encryptedMPI1.EncodedLength()) + int(e.encryptedMPI2.EncodedLength())
+ case PubKeyAlgoX25519:
+ encodedLength = x25519.EncodedFieldsLength(e.encryptedSession, e.Version == 6)
+ case PubKeyAlgoX448:
+ encodedLength = x448.EncodedFieldsLength(e.encryptedSession, e.Version == 6)
+ default:
+ return errors.InvalidArgumentError("don't know how to serialize encrypted key type " + strconv.Itoa(int(e.Algo)))
+ }
+
+ packetLen := versionSize /* version */ + keyIdSize /* key id */ + algorithmSize /* algo */ + encodedLength
+ if e.Version == 6 {
+ packetLen = versionSize /* version */ + algorithmSize /* algo */ + encodedLength + keyVersionSize /* key version */
+ if e.KeyVersion == 6 {
+ packetLen += fingerprintSizeV6
+ } else if e.KeyVersion == 4 {
+ packetLen += fingerprintSize
+ }
+ }
+
+ err := serializeHeader(w, packetTypeEncryptedKey, packetLen)
+ if err != nil {
+ return err
+ }
+
+ _, err = w.Write([]byte{byte(e.Version)})
+ if err != nil {
+ return err
+ }
+ if e.Version == 6 {
+ _, err = w.Write([]byte{byte(e.KeyVersion)})
+ if err != nil {
+ return err
+ }
+ // The key version number may also be zero,
+ // and the fingerprint omitted
+ if e.KeyVersion != 0 {
+ _, err = w.Write(e.KeyFingerprint)
+ if err != nil {
+ return err
+ }
+ }
+ } else {
+ // Write KeyID
+ err = binary.Write(w, binary.BigEndian, e.KeyId)
+ if err != nil {
+ return err
+ }
+ }
+ _, err = w.Write([]byte{byte(e.Algo)})
+ if err != nil {
+ return err
+ }
+
+ switch e.Algo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
+ _, err := w.Write(e.encryptedMPI1.EncodedBytes())
+ return err
+ case PubKeyAlgoElGamal:
+ if _, err := w.Write(e.encryptedMPI1.EncodedBytes()); err != nil {
+ return err
+ }
+ _, err := w.Write(e.encryptedMPI2.EncodedBytes())
+ return err
+ case PubKeyAlgoECDH:
+ if _, err := w.Write(e.encryptedMPI1.EncodedBytes()); err != nil {
+ return err
+ }
+ _, err := w.Write(e.encryptedMPI2.EncodedBytes())
+ return err
+ case PubKeyAlgoX25519:
+ err := x25519.EncodeFields(w, e.ephemeralPublicX25519, e.encryptedSession, byte(e.CipherFunc), e.Version == 6)
+ return err
+ case PubKeyAlgoX448:
+ err := x448.EncodeFields(w, e.ephemeralPublicX448, e.encryptedSession, byte(e.CipherFunc), e.Version == 6)
+ return err
+ default:
+ panic("internal error")
+ }
+}
+
+// SerializeEncryptedKeyAEAD serializes an encrypted key packet to w that contains
+// key, encrypted to pub.
+// If aeadSupported is set, PKESK v6 is used, otherwise v3.
+// Note: aeadSupported MUST match the value passed to SerializeSymmetricallyEncrypted.
+// If config is nil, sensible defaults will be used.
+func SerializeEncryptedKeyAEAD(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, aeadSupported bool, key []byte, config *Config) error {
+ return SerializeEncryptedKeyAEADwithHiddenOption(w, pub, cipherFunc, aeadSupported, key, false, config)
+}
+
+// SerializeEncryptedKeyAEADwithHiddenOption serializes an encrypted key packet to w that contains
+// key, encrypted to pub.
+// Offers the hidden flag option to indicated if the PKESK packet should include a wildcard KeyID.
+// If aeadSupported is set, PKESK v6 is used, otherwise v3.
+// Note: aeadSupported MUST match the value passed to SerializeSymmetricallyEncrypted.
+// If config is nil, sensible defaults will be used.
+func SerializeEncryptedKeyAEADwithHiddenOption(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, aeadSupported bool, key []byte, hidden bool, config *Config) error {
+ var buf [36]byte // max possible header size is v6
+ lenHeaderWritten := versionSize
+ version := 3
+
+ if aeadSupported {
+ version = 6
+ }
+ // An implementation MUST NOT generate ElGamal v6 PKESKs.
+ if version == 6 && pub.PubKeyAlgo == PubKeyAlgoElGamal {
+ return errors.InvalidArgumentError("ElGamal v6 PKESK are not allowed")
+ }
+ // In v3 PKESKs, for x25519 and x448, mandate using AES
+ if version == 3 && (pub.PubKeyAlgo == PubKeyAlgoX25519 || pub.PubKeyAlgo == PubKeyAlgoX448) {
+ switch cipherFunc {
+ case CipherAES128, CipherAES192, CipherAES256:
+ break
+ default:
+ return errors.InvalidArgumentError("v3 PKESK mandates AES for x25519 and x448")
+ }
+ }
+
+ buf[0] = byte(version)
+
+ // If hidden is set, the key should be hidden
+ // An implementation MAY accept or use a Key ID of all zeros,
+ // or a key version of zero and no key fingerprint, to hide the intended decryption key.
+ // See Section 5.1.8. in the open pgp crypto refresh
+ if version == 6 {
+ if !hidden {
+ // A one-octet size of the following two fields.
+ buf[1] = byte(keyVersionSize + len(pub.Fingerprint))
+ // A one octet key version number.
+ buf[2] = byte(pub.Version)
+ lenHeaderWritten += keyVersionSize + 1
+ // The fingerprint of the public key
+ copy(buf[lenHeaderWritten:lenHeaderWritten+len(pub.Fingerprint)], pub.Fingerprint)
+ lenHeaderWritten += len(pub.Fingerprint)
+ } else {
+ // The size may also be zero, and the key version
+ // and fingerprint omitted for an "anonymous recipient"
+ buf[1] = 0
+ lenHeaderWritten += 1
+ }
+ } else {
+ if !hidden {
+ binary.BigEndian.PutUint64(buf[versionSize:(versionSize+keyIdSize)], pub.KeyId)
+ }
+ lenHeaderWritten += keyIdSize
+ }
+ buf[lenHeaderWritten] = byte(pub.PubKeyAlgo)
+ lenHeaderWritten += algorithmSize
+
+ var keyBlock []byte
+ switch pub.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoElGamal, PubKeyAlgoECDH:
+ lenKeyBlock := len(key) + 2
+ if version < 6 {
+ lenKeyBlock += 1 // cipher type included
+ }
+ keyBlock = make([]byte, lenKeyBlock)
+ keyOffset := 0
+ if version < 6 {
+ keyBlock[0] = byte(cipherFunc)
+ keyOffset = 1
+ }
+ encodeChecksumKey(keyBlock[keyOffset:], key)
+ case PubKeyAlgoX25519, PubKeyAlgoX448:
+ // algorithm is added in plaintext below
+ keyBlock = key
+ }
+
+ switch pub.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly:
+ return serializeEncryptedKeyRSA(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*rsa.PublicKey), keyBlock)
+ case PubKeyAlgoElGamal:
+ return serializeEncryptedKeyElGamal(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*elgamal.PublicKey), keyBlock)
+ case PubKeyAlgoECDH:
+ return serializeEncryptedKeyECDH(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*ecdh.PublicKey), keyBlock, pub.oid, pub.Fingerprint)
+ case PubKeyAlgoX25519:
+ return serializeEncryptedKeyX25519(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*x25519.PublicKey), keyBlock, byte(cipherFunc), version)
+ case PubKeyAlgoX448:
+ return serializeEncryptedKeyX448(w, config.Random(), buf[:lenHeaderWritten], pub.PublicKey.(*x448.PublicKey), keyBlock, byte(cipherFunc), version)
+ case PubKeyAlgoDSA, PubKeyAlgoRSASignOnly:
+ return errors.InvalidArgumentError("cannot encrypt to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo)))
+ }
+
+ return errors.UnsupportedError("encrypting a key to public key of type " + strconv.Itoa(int(pub.PubKeyAlgo)))
+}
+
+// SerializeEncryptedKey serializes an encrypted key packet to w that contains
+// key, encrypted to pub.
+// PKESKv6 is used if config.AEAD() is not nil.
+// If config is nil, sensible defaults will be used.
+// Deprecated: Use SerializeEncryptedKeyAEAD instead.
+func SerializeEncryptedKey(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, key []byte, config *Config) error {
+ return SerializeEncryptedKeyAEAD(w, pub, cipherFunc, config.AEAD() != nil, key, config)
+}
+
+// SerializeEncryptedKeyWithHiddenOption serializes an encrypted key packet to w that contains
+// key, encrypted to pub. PKESKv6 is used if config.AEAD() is not nil.
+// The hidden option controls if the packet should be anonymous, i.e., omit key metadata.
+// If config is nil, sensible defaults will be used.
+// Deprecated: Use SerializeEncryptedKeyAEADwithHiddenOption instead.
+func SerializeEncryptedKeyWithHiddenOption(w io.Writer, pub *PublicKey, cipherFunc CipherFunction, key []byte, hidden bool, config *Config) error {
+ return SerializeEncryptedKeyAEADwithHiddenOption(w, pub, cipherFunc, config.AEAD() != nil, key, hidden, config)
+}
+
+func serializeEncryptedKeyRSA(w io.Writer, rand io.Reader, header []byte, pub *rsa.PublicKey, keyBlock []byte) error {
+ cipherText, err := rsa.EncryptPKCS1v15(rand, pub, keyBlock)
+ if err != nil {
+ return errors.InvalidArgumentError("RSA encryption failed: " + err.Error())
+ }
+
+ cipherMPI := encoding.NewMPI(cipherText)
+ packetLen := len(header) /* header length */ + int(cipherMPI.EncodedLength())
+
+ err = serializeHeader(w, packetTypeEncryptedKey, packetLen)
+ if err != nil {
+ return err
+ }
+ _, err = w.Write(header[:])
+ if err != nil {
+ return err
+ }
+ _, err = w.Write(cipherMPI.EncodedBytes())
+ return err
+}
+
+func serializeEncryptedKeyElGamal(w io.Writer, rand io.Reader, header []byte, pub *elgamal.PublicKey, keyBlock []byte) error {
+ c1, c2, err := elgamal.Encrypt(rand, pub, keyBlock)
+ if err != nil {
+ return errors.InvalidArgumentError("ElGamal encryption failed: " + err.Error())
+ }
+
+ packetLen := len(header) /* header length */
+ packetLen += 2 /* mpi size */ + (c1.BitLen()+7)/8
+ packetLen += 2 /* mpi size */ + (c2.BitLen()+7)/8
+
+ err = serializeHeader(w, packetTypeEncryptedKey, packetLen)
+ if err != nil {
+ return err
+ }
+ _, err = w.Write(header[:])
+ if err != nil {
+ return err
+ }
+ if _, err = w.Write(new(encoding.MPI).SetBig(c1).EncodedBytes()); err != nil {
+ return err
+ }
+ _, err = w.Write(new(encoding.MPI).SetBig(c2).EncodedBytes())
+ return err
+}
+
+func serializeEncryptedKeyECDH(w io.Writer, rand io.Reader, header []byte, pub *ecdh.PublicKey, keyBlock []byte, oid encoding.Field, fingerprint []byte) error {
+ vsG, c, err := ecdh.Encrypt(rand, pub, keyBlock, oid.EncodedBytes(), fingerprint)
+ if err != nil {
+ return errors.InvalidArgumentError("ECDH encryption failed: " + err.Error())
+ }
+
+ g := encoding.NewMPI(vsG)
+ m := encoding.NewOID(c)
+
+ packetLen := len(header) /* header length */
+ packetLen += int(g.EncodedLength()) + int(m.EncodedLength())
+
+ err = serializeHeader(w, packetTypeEncryptedKey, packetLen)
+ if err != nil {
+ return err
+ }
+
+ _, err = w.Write(header[:])
+ if err != nil {
+ return err
+ }
+ if _, err = w.Write(g.EncodedBytes()); err != nil {
+ return err
+ }
+ _, err = w.Write(m.EncodedBytes())
+ return err
+}
+
+func serializeEncryptedKeyX25519(w io.Writer, rand io.Reader, header []byte, pub *x25519.PublicKey, keyBlock []byte, cipherFunc byte, version int) error {
+ ephemeralPublicX25519, ciphertext, err := x25519.Encrypt(rand, pub, keyBlock)
+ if err != nil {
+ return errors.InvalidArgumentError("x25519 encryption failed: " + err.Error())
+ }
+
+ packetLen := len(header) /* header length */
+ packetLen += x25519.EncodedFieldsLength(ciphertext, version == 6)
+
+ err = serializeHeader(w, packetTypeEncryptedKey, packetLen)
+ if err != nil {
+ return err
+ }
+
+ _, err = w.Write(header[:])
+ if err != nil {
+ return err
+ }
+ return x25519.EncodeFields(w, ephemeralPublicX25519, ciphertext, cipherFunc, version == 6)
+}
+
+func serializeEncryptedKeyX448(w io.Writer, rand io.Reader, header []byte, pub *x448.PublicKey, keyBlock []byte, cipherFunc byte, version int) error {
+ ephemeralPublicX448, ciphertext, err := x448.Encrypt(rand, pub, keyBlock)
+ if err != nil {
+ return errors.InvalidArgumentError("x448 encryption failed: " + err.Error())
+ }
+
+ packetLen := len(header) /* header length */
+ packetLen += x448.EncodedFieldsLength(ciphertext, version == 6)
+
+ err = serializeHeader(w, packetTypeEncryptedKey, packetLen)
+ if err != nil {
+ return err
+ }
+
+ _, err = w.Write(header[:])
+ if err != nil {
+ return err
+ }
+ return x448.EncodeFields(w, ephemeralPublicX448, ciphertext, cipherFunc, version == 6)
+}
+
+func checksumKeyMaterial(key []byte) uint16 {
+ var checksum uint16
+ for _, v := range key {
+ checksum += uint16(v)
+ }
+ return checksum
+}
+
+func decodeChecksumKey(msg []byte) (key []byte, err error) {
+ key = msg[:len(msg)-2]
+ expectedChecksum := uint16(msg[len(msg)-2])<<8 | uint16(msg[len(msg)-1])
+ checksum := checksumKeyMaterial(key)
+ if checksum != expectedChecksum {
+ err = errors.StructuralError("session key checksum is incorrect")
+ }
+ return
+}
+
+func encodeChecksumKey(buffer []byte, key []byte) {
+ copy(buffer, key)
+ checksum := checksumKeyMaterial(key)
+ buffer[len(key)] = byte(checksum >> 8)
+ buffer[len(key)+1] = byte(checksum)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/literal.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/literal.go
new file mode 100644
index 0000000000000000000000000000000000000000..8a028c8a171a92397326964f0cbec74be1c1fe54
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/literal.go
@@ -0,0 +1,91 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "encoding/binary"
+ "io"
+)
+
+// LiteralData represents an encrypted file. See RFC 4880, section 5.9.
+type LiteralData struct {
+ Format uint8
+ IsBinary bool
+ FileName string
+ Time uint32 // Unix epoch time. Either creation time or modification time. 0 means undefined.
+ Body io.Reader
+}
+
+// ForEyesOnly returns whether the contents of the LiteralData have been marked
+// as especially sensitive.
+func (l *LiteralData) ForEyesOnly() bool {
+ return l.FileName == "_CONSOLE"
+}
+
+func (l *LiteralData) parse(r io.Reader) (err error) {
+ var buf [256]byte
+
+ _, err = readFull(r, buf[:2])
+ if err != nil {
+ return
+ }
+
+ l.Format = buf[0]
+ l.IsBinary = l.Format == 'b'
+ fileNameLen := int(buf[1])
+
+ _, err = readFull(r, buf[:fileNameLen])
+ if err != nil {
+ return
+ }
+
+ l.FileName = string(buf[:fileNameLen])
+
+ _, err = readFull(r, buf[:4])
+ if err != nil {
+ return
+ }
+
+ l.Time = binary.BigEndian.Uint32(buf[:4])
+ l.Body = r
+ return
+}
+
+// SerializeLiteral serializes a literal data packet to w and returns a
+// WriteCloser to which the data itself can be written and which MUST be closed
+// on completion. The fileName is truncated to 255 bytes.
+func SerializeLiteral(w io.WriteCloser, isBinary bool, fileName string, time uint32) (plaintext io.WriteCloser, err error) {
+ var buf [4]byte
+ buf[0] = 'b'
+ if !isBinary {
+ buf[0] = 'u'
+ }
+ if len(fileName) > 255 {
+ fileName = fileName[:255]
+ }
+ buf[1] = byte(len(fileName))
+
+ inner, err := serializeStreamHeader(w, packetTypeLiteralData)
+ if err != nil {
+ return
+ }
+
+ _, err = inner.Write(buf[:2])
+ if err != nil {
+ return
+ }
+ _, err = inner.Write([]byte(fileName))
+ if err != nil {
+ return
+ }
+ binary.BigEndian.PutUint32(buf[:], time)
+ _, err = inner.Write(buf[:])
+ if err != nil {
+ return
+ }
+
+ plaintext = inner
+ return
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/marker.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/marker.go
new file mode 100644
index 0000000000000000000000000000000000000000..1ee378ba3c1f462d0074b4ce22e801114ec87aee
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/marker.go
@@ -0,0 +1,33 @@
+package packet
+
+import (
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+)
+
+type Marker struct{}
+
+const markerString = "PGP"
+
+// parse just checks if the packet contains "PGP".
+func (m *Marker) parse(reader io.Reader) error {
+ var buffer [3]byte
+ if _, err := io.ReadFull(reader, buffer[:]); err != nil {
+ return err
+ }
+ if string(buffer[:]) != markerString {
+ return errors.StructuralError("invalid marker packet")
+ }
+ return nil
+}
+
+// SerializeMarker writes a marker packet to writer.
+func SerializeMarker(writer io.Writer) error {
+ err := serializeHeader(writer, packetTypeMarker, len(markerString))
+ if err != nil {
+ return err
+ }
+ _, err = writer.Write([]byte(markerString))
+ return err
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/notation.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/notation.go
new file mode 100644
index 0000000000000000000000000000000000000000..2c3e3f50b253f336f39d3575612ea7add1fc1bb1
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/notation.go
@@ -0,0 +1,29 @@
+package packet
+
+// Notation type represents a Notation Data subpacket
+// see https://tools.ietf.org/html/rfc4880#section-5.2.3.16
+type Notation struct {
+ Name string
+ Value []byte
+ IsCritical bool
+ IsHumanReadable bool
+}
+
+func (notation *Notation) getData() []byte {
+ nameData := []byte(notation.Name)
+ nameLen := len(nameData)
+ valueLen := len(notation.Value)
+
+ data := make([]byte, 8+nameLen+valueLen)
+ if notation.IsHumanReadable {
+ data[0] = 0x80
+ }
+
+ data[4] = byte(nameLen >> 8)
+ data[5] = byte(nameLen)
+ data[6] = byte(valueLen >> 8)
+ data[7] = byte(valueLen)
+ copy(data[8:8+nameLen], nameData)
+ copy(data[8+nameLen:], notation.Value)
+ return data
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/ocfb.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/ocfb.go
new file mode 100644
index 0000000000000000000000000000000000000000..4f26d0a00b7a4cbe4cc29543e721071361378391
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/ocfb.go
@@ -0,0 +1,137 @@
+// Copyright 2010 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// OpenPGP CFB Mode. http://tools.ietf.org/html/rfc4880#section-13.9
+
+package packet
+
+import (
+ "crypto/cipher"
+)
+
+type ocfbEncrypter struct {
+ b cipher.Block
+ fre []byte
+ outUsed int
+}
+
+// An OCFBResyncOption determines if the "resynchronization step" of OCFB is
+// performed.
+type OCFBResyncOption bool
+
+const (
+ OCFBResync OCFBResyncOption = true
+ OCFBNoResync OCFBResyncOption = false
+)
+
+// NewOCFBEncrypter returns a cipher.Stream which encrypts data with OpenPGP's
+// cipher feedback mode using the given cipher.Block, and an initial amount of
+// ciphertext. randData must be random bytes and be the same length as the
+// cipher.Block's block size. Resync determines if the "resynchronization step"
+// from RFC 4880, 13.9 step 7 is performed. Different parts of OpenPGP vary on
+// this point.
+func NewOCFBEncrypter(block cipher.Block, randData []byte, resync OCFBResyncOption) (cipher.Stream, []byte) {
+ blockSize := block.BlockSize()
+ if len(randData) != blockSize {
+ return nil, nil
+ }
+
+ x := &ocfbEncrypter{
+ b: block,
+ fre: make([]byte, blockSize),
+ outUsed: 0,
+ }
+ prefix := make([]byte, blockSize+2)
+
+ block.Encrypt(x.fre, x.fre)
+ for i := 0; i < blockSize; i++ {
+ prefix[i] = randData[i] ^ x.fre[i]
+ }
+
+ block.Encrypt(x.fre, prefix[:blockSize])
+ prefix[blockSize] = x.fre[0] ^ randData[blockSize-2]
+ prefix[blockSize+1] = x.fre[1] ^ randData[blockSize-1]
+
+ if resync {
+ block.Encrypt(x.fre, prefix[2:])
+ } else {
+ x.fre[0] = prefix[blockSize]
+ x.fre[1] = prefix[blockSize+1]
+ x.outUsed = 2
+ }
+ return x, prefix
+}
+
+func (x *ocfbEncrypter) XORKeyStream(dst, src []byte) {
+ for i := 0; i < len(src); i++ {
+ if x.outUsed == len(x.fre) {
+ x.b.Encrypt(x.fre, x.fre)
+ x.outUsed = 0
+ }
+
+ x.fre[x.outUsed] ^= src[i]
+ dst[i] = x.fre[x.outUsed]
+ x.outUsed++
+ }
+}
+
+type ocfbDecrypter struct {
+ b cipher.Block
+ fre []byte
+ outUsed int
+}
+
+// NewOCFBDecrypter returns a cipher.Stream which decrypts data with OpenPGP's
+// cipher feedback mode using the given cipher.Block. Prefix must be the first
+// blockSize + 2 bytes of the ciphertext, where blockSize is the cipher.Block's
+// block size. On successful exit, blockSize+2 bytes of decrypted data are written into
+// prefix. Resync determines if the "resynchronization step" from RFC 4880,
+// 13.9 step 7 is performed. Different parts of OpenPGP vary on this point.
+func NewOCFBDecrypter(block cipher.Block, prefix []byte, resync OCFBResyncOption) cipher.Stream {
+ blockSize := block.BlockSize()
+ if len(prefix) != blockSize+2 {
+ return nil
+ }
+
+ x := &ocfbDecrypter{
+ b: block,
+ fre: make([]byte, blockSize),
+ outUsed: 0,
+ }
+ prefixCopy := make([]byte, len(prefix))
+ copy(prefixCopy, prefix)
+
+ block.Encrypt(x.fre, x.fre)
+ for i := 0; i < blockSize; i++ {
+ prefixCopy[i] ^= x.fre[i]
+ }
+
+ block.Encrypt(x.fre, prefix[:blockSize])
+ prefixCopy[blockSize] ^= x.fre[0]
+ prefixCopy[blockSize+1] ^= x.fre[1]
+
+ if resync {
+ block.Encrypt(x.fre, prefix[2:])
+ } else {
+ x.fre[0] = prefix[blockSize]
+ x.fre[1] = prefix[blockSize+1]
+ x.outUsed = 2
+ }
+ copy(prefix, prefixCopy)
+ return x
+}
+
+func (x *ocfbDecrypter) XORKeyStream(dst, src []byte) {
+ for i := 0; i < len(src); i++ {
+ if x.outUsed == len(x.fre) {
+ x.b.Encrypt(x.fre, x.fre)
+ x.outUsed = 0
+ }
+
+ c := src[i]
+ dst[i] = x.fre[x.outUsed] ^ src[i]
+ x.fre[x.outUsed] = c
+ x.outUsed++
+ }
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/one_pass_signature.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/one_pass_signature.go
new file mode 100644
index 0000000000000000000000000000000000000000..f393c4063b84d924ce8a7c88c3ac07301350fcc1
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/one_pass_signature.go
@@ -0,0 +1,157 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "crypto"
+ "encoding/binary"
+ "io"
+ "strconv"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
+)
+
+// OnePassSignature represents a one-pass signature packet. See RFC 4880,
+// section 5.4.
+type OnePassSignature struct {
+ Version int
+ SigType SignatureType
+ Hash crypto.Hash
+ PubKeyAlgo PublicKeyAlgorithm
+ KeyId uint64
+ IsLast bool
+ Salt []byte // v6 only
+ KeyFingerprint []byte // v6 only
+}
+
+func (ops *OnePassSignature) parse(r io.Reader) (err error) {
+ var buf [8]byte
+ // Read: version | signature type | hash algorithm | public-key algorithm
+ _, err = readFull(r, buf[:4])
+ if err != nil {
+ return
+ }
+ if buf[0] != 3 && buf[0] != 6 {
+ return errors.UnsupportedError("one-pass-signature packet version " + strconv.Itoa(int(buf[0])))
+ }
+ ops.Version = int(buf[0])
+
+ var ok bool
+ ops.Hash, ok = algorithm.HashIdToHashWithSha1(buf[2])
+ if !ok {
+ return errors.UnsupportedError("hash function: " + strconv.Itoa(int(buf[2])))
+ }
+
+ ops.SigType = SignatureType(buf[1])
+ ops.PubKeyAlgo = PublicKeyAlgorithm(buf[3])
+
+ if ops.Version == 6 {
+ // Only for v6, a variable-length field containing the salt
+ _, err = readFull(r, buf[:1])
+ if err != nil {
+ return
+ }
+ saltLength := int(buf[0])
+ var expectedSaltLength int
+ expectedSaltLength, err = SaltLengthForHash(ops.Hash)
+ if err != nil {
+ return
+ }
+ if saltLength != expectedSaltLength {
+ err = errors.StructuralError("unexpected salt size for the given hash algorithm")
+ return
+ }
+ salt := make([]byte, expectedSaltLength)
+ _, err = readFull(r, salt)
+ if err != nil {
+ return
+ }
+ ops.Salt = salt
+
+ // Only for v6 packets, 32 octets of the fingerprint of the signing key.
+ fingerprint := make([]byte, 32)
+ _, err = readFull(r, fingerprint)
+ if err != nil {
+ return
+ }
+ ops.KeyFingerprint = fingerprint
+ ops.KeyId = binary.BigEndian.Uint64(ops.KeyFingerprint[:8])
+ } else {
+ _, err = readFull(r, buf[:8])
+ if err != nil {
+ return
+ }
+ ops.KeyId = binary.BigEndian.Uint64(buf[:8])
+ }
+
+ _, err = readFull(r, buf[:1])
+ if err != nil {
+ return
+ }
+ ops.IsLast = buf[0] != 0
+ return
+}
+
+// Serialize marshals the given OnePassSignature to w.
+func (ops *OnePassSignature) Serialize(w io.Writer) error {
+ //v3 length 1+1+1+1+8+1 =
+ packetLength := 13
+ if ops.Version == 6 {
+ // v6 length 1+1+1+1+1+len(salt)+32+1 =
+ packetLength = 38 + len(ops.Salt)
+ }
+
+ if err := serializeHeader(w, packetTypeOnePassSignature, packetLength); err != nil {
+ return err
+ }
+
+ var buf [8]byte
+ buf[0] = byte(ops.Version)
+ buf[1] = uint8(ops.SigType)
+ var ok bool
+ buf[2], ok = algorithm.HashToHashIdWithSha1(ops.Hash)
+ if !ok {
+ return errors.UnsupportedError("hash type: " + strconv.Itoa(int(ops.Hash)))
+ }
+ buf[3] = uint8(ops.PubKeyAlgo)
+
+ _, err := w.Write(buf[:4])
+ if err != nil {
+ return err
+ }
+
+ if ops.Version == 6 {
+ // write salt for v6 signatures
+ _, err := w.Write([]byte{uint8(len(ops.Salt))})
+ if err != nil {
+ return err
+ }
+ _, err = w.Write(ops.Salt)
+ if err != nil {
+ return err
+ }
+
+ // write fingerprint v6 signatures
+ _, err = w.Write(ops.KeyFingerprint)
+ if err != nil {
+ return err
+ }
+ } else {
+ binary.BigEndian.PutUint64(buf[:8], ops.KeyId)
+ _, err := w.Write(buf[:8])
+ if err != nil {
+ return err
+ }
+ }
+
+ isLast := []byte{byte(0)}
+ if ops.IsLast {
+ isLast[0] = 1
+ }
+
+ _, err = w.Write(isLast)
+ return err
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/opaque.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/opaque.go
new file mode 100644
index 0000000000000000000000000000000000000000..cef7c661d3fddd81052992f881a7970b389ce264
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/opaque.go
@@ -0,0 +1,170 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "bytes"
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+)
+
+// OpaquePacket represents an OpenPGP packet as raw, unparsed data. This is
+// useful for splitting and storing the original packet contents separately,
+// handling unsupported packet types or accessing parts of the packet not yet
+// implemented by this package.
+type OpaquePacket struct {
+ // Packet type
+ Tag uint8
+ // Reason why the packet was parsed opaquely
+ Reason error
+ // Binary contents of the packet data
+ Contents []byte
+}
+
+func (op *OpaquePacket) parse(r io.Reader) (err error) {
+ op.Contents, err = io.ReadAll(r)
+ return
+}
+
+// Serialize marshals the packet to a writer in its original form, including
+// the packet header.
+func (op *OpaquePacket) Serialize(w io.Writer) (err error) {
+ err = serializeHeader(w, packetType(op.Tag), len(op.Contents))
+ if err == nil {
+ _, err = w.Write(op.Contents)
+ }
+ return
+}
+
+// Parse attempts to parse the opaque contents into a structure supported by
+// this package. If the packet is not known then the result will be another
+// OpaquePacket.
+func (op *OpaquePacket) Parse() (p Packet, err error) {
+ hdr := bytes.NewBuffer(nil)
+ err = serializeHeader(hdr, packetType(op.Tag), len(op.Contents))
+ if err != nil {
+ op.Reason = err
+ return op, err
+ }
+ p, err = Read(io.MultiReader(hdr, bytes.NewBuffer(op.Contents)))
+ if err != nil {
+ op.Reason = err
+ p = op
+ }
+ return
+}
+
+// OpaqueReader reads OpaquePackets from an io.Reader.
+type OpaqueReader struct {
+ r io.Reader
+}
+
+func NewOpaqueReader(r io.Reader) *OpaqueReader {
+ return &OpaqueReader{r: r}
+}
+
+// Read the next OpaquePacket.
+func (or *OpaqueReader) Next() (op *OpaquePacket, err error) {
+ tag, _, contents, err := readHeader(or.r)
+ if err != nil {
+ return
+ }
+ op = &OpaquePacket{Tag: uint8(tag), Reason: err}
+ err = op.parse(contents)
+ if err != nil {
+ consumeAll(contents)
+ }
+ return
+}
+
+// OpaqueSubpacket represents an unparsed OpenPGP subpacket,
+// as found in signature and user attribute packets.
+type OpaqueSubpacket struct {
+ SubType uint8
+ EncodedLength []byte // Store the original encoded length for signature verifications.
+ Contents []byte
+}
+
+// OpaqueSubpackets extracts opaque, unparsed OpenPGP subpackets from
+// their byte representation.
+func OpaqueSubpackets(contents []byte) (result []*OpaqueSubpacket, err error) {
+ var (
+ subHeaderLen int
+ subPacket *OpaqueSubpacket
+ )
+ for len(contents) > 0 {
+ subHeaderLen, subPacket, err = nextSubpacket(contents)
+ if err != nil {
+ break
+ }
+ result = append(result, subPacket)
+ contents = contents[subHeaderLen+len(subPacket.Contents):]
+ }
+ return
+}
+
+func nextSubpacket(contents []byte) (subHeaderLen int, subPacket *OpaqueSubpacket, err error) {
+ // RFC 4880, section 5.2.3.1
+ var subLen uint32
+ var encodedLength []byte
+ if len(contents) < 1 {
+ goto Truncated
+ }
+ subPacket = &OpaqueSubpacket{}
+ switch {
+ case contents[0] < 192:
+ subHeaderLen = 2 // 1 length byte, 1 subtype byte
+ if len(contents) < subHeaderLen {
+ goto Truncated
+ }
+ encodedLength = contents[0:1]
+ subLen = uint32(contents[0])
+ contents = contents[1:]
+ case contents[0] < 255:
+ subHeaderLen = 3 // 2 length bytes, 1 subtype
+ if len(contents) < subHeaderLen {
+ goto Truncated
+ }
+ encodedLength = contents[0:2]
+ subLen = uint32(contents[0]-192)<<8 + uint32(contents[1]) + 192
+ contents = contents[2:]
+ default:
+ subHeaderLen = 6 // 5 length bytes, 1 subtype
+ if len(contents) < subHeaderLen {
+ goto Truncated
+ }
+ encodedLength = contents[0:5]
+ subLen = uint32(contents[1])<<24 |
+ uint32(contents[2])<<16 |
+ uint32(contents[3])<<8 |
+ uint32(contents[4])
+ contents = contents[5:]
+
+ }
+ if subLen > uint32(len(contents)) || subLen == 0 {
+ goto Truncated
+ }
+ subPacket.SubType = contents[0]
+ subPacket.EncodedLength = encodedLength
+ subPacket.Contents = contents[1:subLen]
+ return
+Truncated:
+ err = errors.StructuralError("subpacket truncated")
+ return
+}
+
+func (osp *OpaqueSubpacket) Serialize(w io.Writer) (err error) {
+ buf := make([]byte, 6)
+ copy(buf, osp.EncodedLength)
+ n := len(osp.EncodedLength)
+
+ buf[n] = osp.SubType
+ if _, err = w.Write(buf[:n+1]); err != nil {
+ return
+ }
+ _, err = w.Write(osp.Contents)
+ return
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet.go
new file mode 100644
index 0000000000000000000000000000000000000000..1e92e22c976f4f47614fb5fc2aa5337d9da62e3d
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet.go
@@ -0,0 +1,675 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package packet implements parsing and serialization of OpenPGP packets, as
+// specified in RFC 4880.
+package packet // import "github.com/ProtonMail/go-crypto/openpgp/packet"
+
+import (
+ "bytes"
+ "crypto/cipher"
+ "crypto/rsa"
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
+)
+
+// readFull is the same as io.ReadFull except that reading zero bytes returns
+// ErrUnexpectedEOF rather than EOF.
+func readFull(r io.Reader, buf []byte) (n int, err error) {
+ n, err = io.ReadFull(r, buf)
+ if err == io.EOF {
+ err = io.ErrUnexpectedEOF
+ }
+ return
+}
+
+// readLength reads an OpenPGP length from r. See RFC 4880, section 4.2.2.
+func readLength(r io.Reader) (length int64, isPartial bool, err error) {
+ var buf [4]byte
+ _, err = readFull(r, buf[:1])
+ if err != nil {
+ return
+ }
+ switch {
+ case buf[0] < 192:
+ length = int64(buf[0])
+ case buf[0] < 224:
+ length = int64(buf[0]-192) << 8
+ _, err = readFull(r, buf[0:1])
+ if err != nil {
+ return
+ }
+ length += int64(buf[0]) + 192
+ case buf[0] < 255:
+ length = int64(1) << (buf[0] & 0x1f)
+ isPartial = true
+ default:
+ _, err = readFull(r, buf[0:4])
+ if err != nil {
+ return
+ }
+ length = int64(buf[0])<<24 |
+ int64(buf[1])<<16 |
+ int64(buf[2])<<8 |
+ int64(buf[3])
+ }
+ return
+}
+
+// partialLengthReader wraps an io.Reader and handles OpenPGP partial lengths.
+// The continuation lengths are parsed and removed from the stream and EOF is
+// returned at the end of the packet. See RFC 4880, section 4.2.2.4.
+type partialLengthReader struct {
+ r io.Reader
+ remaining int64
+ isPartial bool
+}
+
+func (r *partialLengthReader) Read(p []byte) (n int, err error) {
+ for r.remaining == 0 {
+ if !r.isPartial {
+ return 0, io.EOF
+ }
+ r.remaining, r.isPartial, err = readLength(r.r)
+ if err != nil {
+ return 0, err
+ }
+ }
+
+ toRead := int64(len(p))
+ if toRead > r.remaining {
+ toRead = r.remaining
+ }
+
+ n, err = r.r.Read(p[:int(toRead)])
+ r.remaining -= int64(n)
+ if n < int(toRead) && err == io.EOF {
+ err = io.ErrUnexpectedEOF
+ }
+ return
+}
+
+// partialLengthWriter writes a stream of data using OpenPGP partial lengths.
+// See RFC 4880, section 4.2.2.4.
+type partialLengthWriter struct {
+ w io.WriteCloser
+ buf bytes.Buffer
+ lengthByte [1]byte
+}
+
+func (w *partialLengthWriter) Write(p []byte) (n int, err error) {
+ bufLen := w.buf.Len()
+ if bufLen > 512 {
+ for power := uint(30); ; power-- {
+ l := 1 << power
+ if bufLen >= l {
+ w.lengthByte[0] = 224 + uint8(power)
+ _, err = w.w.Write(w.lengthByte[:])
+ if err != nil {
+ return
+ }
+ var m int
+ m, err = w.w.Write(w.buf.Next(l))
+ if err != nil {
+ return
+ }
+ if m != l {
+ return 0, io.ErrShortWrite
+ }
+ break
+ }
+ }
+ }
+ return w.buf.Write(p)
+}
+
+func (w *partialLengthWriter) Close() (err error) {
+ len := w.buf.Len()
+ err = serializeLength(w.w, len)
+ if err != nil {
+ return err
+ }
+ _, err = w.buf.WriteTo(w.w)
+ if err != nil {
+ return err
+ }
+ return w.w.Close()
+}
+
+// A spanReader is an io.LimitReader, but it returns ErrUnexpectedEOF if the
+// underlying Reader returns EOF before the limit has been reached.
+type spanReader struct {
+ r io.Reader
+ n int64
+}
+
+func (l *spanReader) Read(p []byte) (n int, err error) {
+ if l.n <= 0 {
+ return 0, io.EOF
+ }
+ if int64(len(p)) > l.n {
+ p = p[0:l.n]
+ }
+ n, err = l.r.Read(p)
+ l.n -= int64(n)
+ if l.n > 0 && err == io.EOF {
+ err = io.ErrUnexpectedEOF
+ }
+ return
+}
+
+// readHeader parses a packet header and returns an io.Reader which will return
+// the contents of the packet. See RFC 4880, section 4.2.
+func readHeader(r io.Reader) (tag packetType, length int64, contents io.Reader, err error) {
+ var buf [4]byte
+ _, err = io.ReadFull(r, buf[:1])
+ if err != nil {
+ return
+ }
+ if buf[0]&0x80 == 0 {
+ err = errors.StructuralError("tag byte does not have MSB set")
+ return
+ }
+ if buf[0]&0x40 == 0 {
+ // Old format packet
+ tag = packetType((buf[0] & 0x3f) >> 2)
+ lengthType := buf[0] & 3
+ if lengthType == 3 {
+ length = -1
+ contents = r
+ return
+ }
+ lengthBytes := 1 << lengthType
+ _, err = readFull(r, buf[0:lengthBytes])
+ if err != nil {
+ return
+ }
+ for i := 0; i < lengthBytes; i++ {
+ length <<= 8
+ length |= int64(buf[i])
+ }
+ contents = &spanReader{r, length}
+ return
+ }
+
+ // New format packet
+ tag = packetType(buf[0] & 0x3f)
+ length, isPartial, err := readLength(r)
+ if err != nil {
+ return
+ }
+ if isPartial {
+ contents = &partialLengthReader{
+ remaining: length,
+ isPartial: true,
+ r: r,
+ }
+ length = -1
+ } else {
+ contents = &spanReader{r, length}
+ }
+ return
+}
+
+// serializeHeader writes an OpenPGP packet header to w. See RFC 4880, section
+// 4.2.
+func serializeHeader(w io.Writer, ptype packetType, length int) (err error) {
+ err = serializeType(w, ptype)
+ if err != nil {
+ return
+ }
+ return serializeLength(w, length)
+}
+
+// serializeType writes an OpenPGP packet type to w. See RFC 4880, section
+// 4.2.
+func serializeType(w io.Writer, ptype packetType) (err error) {
+ var buf [1]byte
+ buf[0] = 0x80 | 0x40 | byte(ptype)
+ _, err = w.Write(buf[:])
+ return
+}
+
+// serializeLength writes an OpenPGP packet length to w. See RFC 4880, section
+// 4.2.2.
+func serializeLength(w io.Writer, length int) (err error) {
+ var buf [5]byte
+ var n int
+
+ if length < 192 {
+ buf[0] = byte(length)
+ n = 1
+ } else if length < 8384 {
+ length -= 192
+ buf[0] = 192 + byte(length>>8)
+ buf[1] = byte(length)
+ n = 2
+ } else {
+ buf[0] = 255
+ buf[1] = byte(length >> 24)
+ buf[2] = byte(length >> 16)
+ buf[3] = byte(length >> 8)
+ buf[4] = byte(length)
+ n = 5
+ }
+
+ _, err = w.Write(buf[:n])
+ return
+}
+
+// serializeStreamHeader writes an OpenPGP packet header to w where the
+// length of the packet is unknown. It returns a io.WriteCloser which can be
+// used to write the contents of the packet. See RFC 4880, section 4.2.
+func serializeStreamHeader(w io.WriteCloser, ptype packetType) (out io.WriteCloser, err error) {
+ err = serializeType(w, ptype)
+ if err != nil {
+ return
+ }
+ out = &partialLengthWriter{w: w}
+ return
+}
+
+// Packet represents an OpenPGP packet. Users are expected to try casting
+// instances of this interface to specific packet types.
+type Packet interface {
+ parse(io.Reader) error
+}
+
+// consumeAll reads from the given Reader until error, returning the number of
+// bytes read.
+func consumeAll(r io.Reader) (n int64, err error) {
+ var m int
+ var buf [1024]byte
+
+ for {
+ m, err = r.Read(buf[:])
+ n += int64(m)
+ if err == io.EOF {
+ err = nil
+ return
+ }
+ if err != nil {
+ return
+ }
+ }
+}
+
+// packetType represents the numeric ids of the different OpenPGP packet types. See
+// http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-2
+type packetType uint8
+
+const (
+ packetTypeEncryptedKey packetType = 1
+ packetTypeSignature packetType = 2
+ packetTypeSymmetricKeyEncrypted packetType = 3
+ packetTypeOnePassSignature packetType = 4
+ packetTypePrivateKey packetType = 5
+ packetTypePublicKey packetType = 6
+ packetTypePrivateSubkey packetType = 7
+ packetTypeCompressed packetType = 8
+ packetTypeSymmetricallyEncrypted packetType = 9
+ packetTypeMarker packetType = 10
+ packetTypeLiteralData packetType = 11
+ packetTypeTrust packetType = 12
+ packetTypeUserId packetType = 13
+ packetTypePublicSubkey packetType = 14
+ packetTypeUserAttribute packetType = 17
+ packetTypeSymmetricallyEncryptedIntegrityProtected packetType = 18
+ packetTypeAEADEncrypted packetType = 20
+ packetPadding packetType = 21
+)
+
+// EncryptedDataPacket holds encrypted data. It is currently implemented by
+// SymmetricallyEncrypted and AEADEncrypted.
+type EncryptedDataPacket interface {
+ Decrypt(CipherFunction, []byte) (io.ReadCloser, error)
+}
+
+// Read reads a single OpenPGP packet from the given io.Reader. If there is an
+// error parsing a packet, the whole packet is consumed from the input.
+func Read(r io.Reader) (p Packet, err error) {
+ tag, len, contents, err := readHeader(r)
+ if err != nil {
+ return
+ }
+
+ switch tag {
+ case packetTypeEncryptedKey:
+ p = new(EncryptedKey)
+ case packetTypeSignature:
+ p = new(Signature)
+ case packetTypeSymmetricKeyEncrypted:
+ p = new(SymmetricKeyEncrypted)
+ case packetTypeOnePassSignature:
+ p = new(OnePassSignature)
+ case packetTypePrivateKey, packetTypePrivateSubkey:
+ pk := new(PrivateKey)
+ if tag == packetTypePrivateSubkey {
+ pk.IsSubkey = true
+ }
+ p = pk
+ case packetTypePublicKey, packetTypePublicSubkey:
+ isSubkey := tag == packetTypePublicSubkey
+ p = &PublicKey{IsSubkey: isSubkey}
+ case packetTypeCompressed:
+ p = new(Compressed)
+ case packetTypeSymmetricallyEncrypted:
+ p = new(SymmetricallyEncrypted)
+ case packetTypeLiteralData:
+ p = new(LiteralData)
+ case packetTypeUserId:
+ p = new(UserId)
+ case packetTypeUserAttribute:
+ p = new(UserAttribute)
+ case packetTypeSymmetricallyEncryptedIntegrityProtected:
+ se := new(SymmetricallyEncrypted)
+ se.IntegrityProtected = true
+ p = se
+ case packetTypeAEADEncrypted:
+ p = new(AEADEncrypted)
+ case packetPadding:
+ p = Padding(len)
+ case packetTypeMarker:
+ p = new(Marker)
+ case packetTypeTrust:
+ // Not implemented, just consume
+ err = errors.UnknownPacketTypeError(tag)
+ default:
+ // Packet Tags from 0 to 39 are critical.
+ // Packet Tags from 40 to 63 are non-critical.
+ if tag < 40 {
+ err = errors.CriticalUnknownPacketTypeError(tag)
+ } else {
+ err = errors.UnknownPacketTypeError(tag)
+ }
+ }
+ if p != nil {
+ err = p.parse(contents)
+ }
+ if err != nil {
+ consumeAll(contents)
+ }
+ return
+}
+
+// ReadWithCheck reads a single OpenPGP message packet from the given io.Reader. If there is an
+// error parsing a packet, the whole packet is consumed from the input.
+// ReadWithCheck additionally checks if the OpenPGP message packet sequence adheres
+// to the packet composition rules in rfc4880, if not throws an error.
+func ReadWithCheck(r io.Reader, sequence *SequenceVerifier) (p Packet, msgErr error, err error) {
+ tag, len, contents, err := readHeader(r)
+ if err != nil {
+ return
+ }
+ switch tag {
+ case packetTypeEncryptedKey:
+ msgErr = sequence.Next(ESKSymbol)
+ p = new(EncryptedKey)
+ case packetTypeSignature:
+ msgErr = sequence.Next(SigSymbol)
+ p = new(Signature)
+ case packetTypeSymmetricKeyEncrypted:
+ msgErr = sequence.Next(ESKSymbol)
+ p = new(SymmetricKeyEncrypted)
+ case packetTypeOnePassSignature:
+ msgErr = sequence.Next(OPSSymbol)
+ p = new(OnePassSignature)
+ case packetTypeCompressed:
+ msgErr = sequence.Next(CompSymbol)
+ p = new(Compressed)
+ case packetTypeSymmetricallyEncrypted:
+ msgErr = sequence.Next(EncSymbol)
+ p = new(SymmetricallyEncrypted)
+ case packetTypeLiteralData:
+ msgErr = sequence.Next(LDSymbol)
+ p = new(LiteralData)
+ case packetTypeSymmetricallyEncryptedIntegrityProtected:
+ msgErr = sequence.Next(EncSymbol)
+ se := new(SymmetricallyEncrypted)
+ se.IntegrityProtected = true
+ p = se
+ case packetTypeAEADEncrypted:
+ msgErr = sequence.Next(EncSymbol)
+ p = new(AEADEncrypted)
+ case packetPadding:
+ p = Padding(len)
+ case packetTypeMarker:
+ p = new(Marker)
+ case packetTypeTrust:
+ // Not implemented, just consume
+ err = errors.UnknownPacketTypeError(tag)
+ case packetTypePrivateKey,
+ packetTypePrivateSubkey,
+ packetTypePublicKey,
+ packetTypePublicSubkey,
+ packetTypeUserId,
+ packetTypeUserAttribute:
+ msgErr = sequence.Next(UnknownSymbol)
+ consumeAll(contents)
+ default:
+ // Packet Tags from 0 to 39 are critical.
+ // Packet Tags from 40 to 63 are non-critical.
+ if tag < 40 {
+ err = errors.CriticalUnknownPacketTypeError(tag)
+ } else {
+ err = errors.UnknownPacketTypeError(tag)
+ }
+ }
+ if p != nil {
+ err = p.parse(contents)
+ }
+ if err != nil {
+ consumeAll(contents)
+ }
+ return
+}
+
+// SignatureType represents the different semantic meanings of an OpenPGP
+// signature. See RFC 4880, section 5.2.1.
+type SignatureType uint8
+
+const (
+ SigTypeBinary SignatureType = 0x00
+ SigTypeText SignatureType = 0x01
+ SigTypeGenericCert SignatureType = 0x10
+ SigTypePersonaCert SignatureType = 0x11
+ SigTypeCasualCert SignatureType = 0x12
+ SigTypePositiveCert SignatureType = 0x13
+ SigTypeSubkeyBinding SignatureType = 0x18
+ SigTypePrimaryKeyBinding SignatureType = 0x19
+ SigTypeDirectSignature SignatureType = 0x1F
+ SigTypeKeyRevocation SignatureType = 0x20
+ SigTypeSubkeyRevocation SignatureType = 0x28
+ SigTypeCertificationRevocation SignatureType = 0x30
+)
+
+// PublicKeyAlgorithm represents the different public key system specified for
+// OpenPGP. See
+// http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-12
+type PublicKeyAlgorithm uint8
+
+const (
+ PubKeyAlgoRSA PublicKeyAlgorithm = 1
+ PubKeyAlgoElGamal PublicKeyAlgorithm = 16
+ PubKeyAlgoDSA PublicKeyAlgorithm = 17
+ // RFC 6637, Section 5.
+ PubKeyAlgoECDH PublicKeyAlgorithm = 18
+ PubKeyAlgoECDSA PublicKeyAlgorithm = 19
+ // https://www.ietf.org/archive/id/draft-koch-eddsa-for-openpgp-04.txt
+ PubKeyAlgoEdDSA PublicKeyAlgorithm = 22
+ // https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh
+ PubKeyAlgoX25519 PublicKeyAlgorithm = 25
+ PubKeyAlgoX448 PublicKeyAlgorithm = 26
+ PubKeyAlgoEd25519 PublicKeyAlgorithm = 27
+ PubKeyAlgoEd448 PublicKeyAlgorithm = 28
+
+ // Deprecated in RFC 4880, Section 13.5. Use key flags instead.
+ PubKeyAlgoRSAEncryptOnly PublicKeyAlgorithm = 2
+ PubKeyAlgoRSASignOnly PublicKeyAlgorithm = 3
+)
+
+// CanEncrypt returns true if it's possible to encrypt a message to a public
+// key of the given type.
+func (pka PublicKeyAlgorithm) CanEncrypt() bool {
+ switch pka {
+ case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoElGamal, PubKeyAlgoECDH, PubKeyAlgoX25519, PubKeyAlgoX448:
+ return true
+ }
+ return false
+}
+
+// CanSign returns true if it's possible for a public key of the given type to
+// sign a message.
+func (pka PublicKeyAlgorithm) CanSign() bool {
+ switch pka {
+ case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoDSA, PubKeyAlgoECDSA, PubKeyAlgoEdDSA, PubKeyAlgoEd25519, PubKeyAlgoEd448:
+ return true
+ }
+ return false
+}
+
+// CipherFunction represents the different block ciphers specified for OpenPGP. See
+// http://www.iana.org/assignments/pgp-parameters/pgp-parameters.xhtml#pgp-parameters-13
+type CipherFunction algorithm.CipherFunction
+
+const (
+ Cipher3DES CipherFunction = 2
+ CipherCAST5 CipherFunction = 3
+ CipherAES128 CipherFunction = 7
+ CipherAES192 CipherFunction = 8
+ CipherAES256 CipherFunction = 9
+)
+
+// KeySize returns the key size, in bytes, of cipher.
+func (cipher CipherFunction) KeySize() int {
+ return algorithm.CipherFunction(cipher).KeySize()
+}
+
+// IsSupported returns true if the cipher is supported from the library
+func (cipher CipherFunction) IsSupported() bool {
+ return algorithm.CipherFunction(cipher).KeySize() > 0
+}
+
+// blockSize returns the block size, in bytes, of cipher.
+func (cipher CipherFunction) blockSize() int {
+ return algorithm.CipherFunction(cipher).BlockSize()
+}
+
+// new returns a fresh instance of the given cipher.
+func (cipher CipherFunction) new(key []byte) (block cipher.Block) {
+ return algorithm.CipherFunction(cipher).New(key)
+}
+
+// padToKeySize left-pads a MPI with zeroes to match the length of the
+// specified RSA public.
+func padToKeySize(pub *rsa.PublicKey, b []byte) []byte {
+ k := (pub.N.BitLen() + 7) / 8
+ if len(b) >= k {
+ return b
+ }
+ bb := make([]byte, k)
+ copy(bb[len(bb)-len(b):], b)
+ return bb
+}
+
+// CompressionAlgo Represents the different compression algorithms
+// supported by OpenPGP (except for BZIP2, which is not currently
+// supported). See Section 9.3 of RFC 4880.
+type CompressionAlgo uint8
+
+const (
+ CompressionNone CompressionAlgo = 0
+ CompressionZIP CompressionAlgo = 1
+ CompressionZLIB CompressionAlgo = 2
+)
+
+// AEADMode represents the different Authenticated Encryption with Associated
+// Data specified for OpenPGP.
+// See https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-9.6
+type AEADMode algorithm.AEADMode
+
+const (
+ AEADModeEAX AEADMode = 1
+ AEADModeOCB AEADMode = 2
+ AEADModeGCM AEADMode = 3
+)
+
+func (mode AEADMode) IvLength() int {
+ return algorithm.AEADMode(mode).NonceLength()
+}
+
+func (mode AEADMode) TagLength() int {
+ return algorithm.AEADMode(mode).TagLength()
+}
+
+// IsSupported returns true if the aead mode is supported from the library
+func (mode AEADMode) IsSupported() bool {
+ return algorithm.AEADMode(mode).TagLength() > 0
+}
+
+// new returns a fresh instance of the given mode.
+func (mode AEADMode) new(block cipher.Block) cipher.AEAD {
+ return algorithm.AEADMode(mode).New(block)
+}
+
+// ReasonForRevocation represents a revocation reason code as per RFC4880
+// section 5.2.3.23.
+type ReasonForRevocation uint8
+
+const (
+ NoReason ReasonForRevocation = 0
+ KeySuperseded ReasonForRevocation = 1
+ KeyCompromised ReasonForRevocation = 2
+ KeyRetired ReasonForRevocation = 3
+ UserIDNotValid ReasonForRevocation = 32
+ Unknown ReasonForRevocation = 200
+)
+
+func NewReasonForRevocation(value byte) ReasonForRevocation {
+ if value < 4 || value == 32 {
+ return ReasonForRevocation(value)
+ }
+ return Unknown
+}
+
+// Curve is a mapping to supported ECC curves for key generation.
+// See https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-06.html#name-curve-specific-wire-formats
+type Curve string
+
+const (
+ Curve25519 Curve = "Curve25519"
+ Curve448 Curve = "Curve448"
+ CurveNistP256 Curve = "P256"
+ CurveNistP384 Curve = "P384"
+ CurveNistP521 Curve = "P521"
+ CurveSecP256k1 Curve = "SecP256k1"
+ CurveBrainpoolP256 Curve = "BrainpoolP256"
+ CurveBrainpoolP384 Curve = "BrainpoolP384"
+ CurveBrainpoolP512 Curve = "BrainpoolP512"
+)
+
+// TrustLevel represents a trust level per RFC4880 5.2.3.13
+type TrustLevel uint8
+
+// TrustAmount represents a trust amount per RFC4880 5.2.3.13
+type TrustAmount uint8
+
+const (
+ // versionSize is the length in bytes of the version value.
+ versionSize = 1
+ // algorithmSize is the length in bytes of the key algorithm value.
+ algorithmSize = 1
+ // keyVersionSize is the length in bytes of the key version value
+ keyVersionSize = 1
+ // keyIdSize is the length in bytes of the key identifier value.
+ keyIdSize = 8
+ // timestampSize is the length in bytes of encoded timestamps.
+ timestampSize = 4
+ // fingerprintSizeV6 is the length in bytes of the key fingerprint in v6.
+ fingerprintSizeV6 = 32
+ // fingerprintSize is the length in bytes of the key fingerprint.
+ fingerprintSize = 20
+)
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_sequence.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_sequence.go
new file mode 100644
index 0000000000000000000000000000000000000000..55a8a56c2d19210e4145dc37c9eeedddf288339e
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_sequence.go
@@ -0,0 +1,222 @@
+package packet
+
+// This file implements the pushdown automata (PDA) from PGPainless (Paul Schaub)
+// to verify pgp packet sequences. See Paul's blogpost for more details:
+// https://blog.jabberhead.tk/2022/10/26/implementing-packet-sequence-validation-using-pushdown-automata/
+import (
+ "fmt"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+)
+
+func NewErrMalformedMessage(from State, input InputSymbol, stackSymbol StackSymbol) errors.ErrMalformedMessage {
+ return errors.ErrMalformedMessage(fmt.Sprintf("state %d, input symbol %d, stack symbol %d ", from, input, stackSymbol))
+}
+
+// InputSymbol defines the input alphabet of the PDA
+type InputSymbol uint8
+
+const (
+ LDSymbol InputSymbol = iota
+ SigSymbol
+ OPSSymbol
+ CompSymbol
+ ESKSymbol
+ EncSymbol
+ EOSSymbol
+ UnknownSymbol
+)
+
+// StackSymbol defines the stack alphabet of the PDA
+type StackSymbol int8
+
+const (
+ MsgStackSymbol StackSymbol = iota
+ OpsStackSymbol
+ KeyStackSymbol
+ EndStackSymbol
+ EmptyStackSymbol
+)
+
+// State defines the states of the PDA
+type State int8
+
+const (
+ OpenPGPMessage State = iota
+ ESKMessage
+ LiteralMessage
+ CompressedMessage
+ EncryptedMessage
+ ValidMessage
+)
+
+// transition represents a state transition in the PDA
+type transition func(input InputSymbol, stackSymbol StackSymbol) (State, []StackSymbol, bool, error)
+
+// SequenceVerifier is a pushdown automata to verify
+// PGP messages packet sequences according to rfc4880.
+type SequenceVerifier struct {
+ stack []StackSymbol
+ state State
+}
+
+// Next performs a state transition with the given input symbol.
+// If the transition fails a ErrMalformedMessage is returned.
+func (sv *SequenceVerifier) Next(input InputSymbol) error {
+ for {
+ stackSymbol := sv.popStack()
+ transitionFunc := getTransition(sv.state)
+ nextState, newStackSymbols, redo, err := transitionFunc(input, stackSymbol)
+ if err != nil {
+ return err
+ }
+ if redo {
+ sv.pushStack(stackSymbol)
+ }
+ for _, newStackSymbol := range newStackSymbols {
+ sv.pushStack(newStackSymbol)
+ }
+ sv.state = nextState
+ if !redo {
+ break
+ }
+ }
+ return nil
+}
+
+// Valid returns true if RDA is in a valid state.
+func (sv *SequenceVerifier) Valid() bool {
+ return sv.state == ValidMessage && len(sv.stack) == 0
+}
+
+func (sv *SequenceVerifier) AssertValid() error {
+ if !sv.Valid() {
+ return errors.ErrMalformedMessage("invalid message")
+ }
+ return nil
+}
+
+func NewSequenceVerifier() *SequenceVerifier {
+ return &SequenceVerifier{
+ stack: []StackSymbol{EndStackSymbol, MsgStackSymbol},
+ state: OpenPGPMessage,
+ }
+}
+
+func (sv *SequenceVerifier) popStack() StackSymbol {
+ if len(sv.stack) == 0 {
+ return EmptyStackSymbol
+ }
+ elemIndex := len(sv.stack) - 1
+ stackSymbol := sv.stack[elemIndex]
+ sv.stack = sv.stack[:elemIndex]
+ return stackSymbol
+}
+
+func (sv *SequenceVerifier) pushStack(stackSymbol StackSymbol) {
+ sv.stack = append(sv.stack, stackSymbol)
+}
+
+func getTransition(from State) transition {
+ switch from {
+ case OpenPGPMessage:
+ return fromOpenPGPMessage
+ case LiteralMessage:
+ return fromLiteralMessage
+ case CompressedMessage:
+ return fromCompressedMessage
+ case EncryptedMessage:
+ return fromEncryptedMessage
+ case ESKMessage:
+ return fromESKMessage
+ case ValidMessage:
+ return fromValidMessage
+ }
+ return nil
+}
+
+// fromOpenPGPMessage is the transition for the state OpenPGPMessage.
+func fromOpenPGPMessage(input InputSymbol, stackSymbol StackSymbol) (State, []StackSymbol, bool, error) {
+ if stackSymbol != MsgStackSymbol {
+ return 0, nil, false, NewErrMalformedMessage(OpenPGPMessage, input, stackSymbol)
+ }
+ switch input {
+ case LDSymbol:
+ return LiteralMessage, nil, false, nil
+ case SigSymbol:
+ return OpenPGPMessage, []StackSymbol{MsgStackSymbol}, false, nil
+ case OPSSymbol:
+ return OpenPGPMessage, []StackSymbol{OpsStackSymbol, MsgStackSymbol}, false, nil
+ case CompSymbol:
+ return CompressedMessage, nil, false, nil
+ case ESKSymbol:
+ return ESKMessage, []StackSymbol{KeyStackSymbol}, false, nil
+ case EncSymbol:
+ return EncryptedMessage, nil, false, nil
+ }
+ return 0, nil, false, NewErrMalformedMessage(OpenPGPMessage, input, stackSymbol)
+}
+
+// fromESKMessage is the transition for the state ESKMessage.
+func fromESKMessage(input InputSymbol, stackSymbol StackSymbol) (State, []StackSymbol, bool, error) {
+ if stackSymbol != KeyStackSymbol {
+ return 0, nil, false, NewErrMalformedMessage(ESKMessage, input, stackSymbol)
+ }
+ switch input {
+ case ESKSymbol:
+ return ESKMessage, []StackSymbol{KeyStackSymbol}, false, nil
+ case EncSymbol:
+ return EncryptedMessage, nil, false, nil
+ }
+ return 0, nil, false, NewErrMalformedMessage(ESKMessage, input, stackSymbol)
+}
+
+// fromLiteralMessage is the transition for the state LiteralMessage.
+func fromLiteralMessage(input InputSymbol, stackSymbol StackSymbol) (State, []StackSymbol, bool, error) {
+ switch input {
+ case SigSymbol:
+ if stackSymbol == OpsStackSymbol {
+ return LiteralMessage, nil, false, nil
+ }
+ case EOSSymbol:
+ if stackSymbol == EndStackSymbol {
+ return ValidMessage, nil, false, nil
+ }
+ }
+ return 0, nil, false, NewErrMalformedMessage(LiteralMessage, input, stackSymbol)
+}
+
+// fromLiteralMessage is the transition for the state CompressedMessage.
+func fromCompressedMessage(input InputSymbol, stackSymbol StackSymbol) (State, []StackSymbol, bool, error) {
+ switch input {
+ case SigSymbol:
+ if stackSymbol == OpsStackSymbol {
+ return CompressedMessage, nil, false, nil
+ }
+ case EOSSymbol:
+ if stackSymbol == EndStackSymbol {
+ return ValidMessage, nil, false, nil
+ }
+ }
+ return OpenPGPMessage, []StackSymbol{MsgStackSymbol}, true, nil
+}
+
+// fromEncryptedMessage is the transition for the state EncryptedMessage.
+func fromEncryptedMessage(input InputSymbol, stackSymbol StackSymbol) (State, []StackSymbol, bool, error) {
+ switch input {
+ case SigSymbol:
+ if stackSymbol == OpsStackSymbol {
+ return EncryptedMessage, nil, false, nil
+ }
+ case EOSSymbol:
+ if stackSymbol == EndStackSymbol {
+ return ValidMessage, nil, false, nil
+ }
+ }
+ return OpenPGPMessage, []StackSymbol{MsgStackSymbol}, true, nil
+}
+
+// fromValidMessage is the transition for the state ValidMessage.
+func fromValidMessage(input InputSymbol, stackSymbol StackSymbol) (State, []StackSymbol, bool, error) {
+ return 0, nil, false, NewErrMalformedMessage(ValidMessage, input, stackSymbol)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_unsupported.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_unsupported.go
new file mode 100644
index 0000000000000000000000000000000000000000..2d714723cf8fe9ea0666e35aba496238190e4c40
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/packet_unsupported.go
@@ -0,0 +1,24 @@
+package packet
+
+import (
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+)
+
+// UnsupportedPackage represents a OpenPGP packet with a known packet type
+// but with unsupported content.
+type UnsupportedPacket struct {
+ IncompletePacket Packet
+ Error errors.UnsupportedError
+}
+
+// Implements the Packet interface
+func (up *UnsupportedPacket) parse(read io.Reader) error {
+ err := up.IncompletePacket.parse(read)
+ if castedErr, ok := err.(errors.UnsupportedError); ok {
+ up.Error = castedErr
+ return nil
+ }
+ return err
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/padding.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/padding.go
new file mode 100644
index 0000000000000000000000000000000000000000..3b6a7045d148ef2910f269ea0ff12908346b1518
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/padding.go
@@ -0,0 +1,26 @@
+package packet
+
+import (
+ "io"
+)
+
+// Padding type represents a Padding Packet (Tag 21).
+// The padding type is represented by the length of its padding.
+// see https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-padding-packet-tag-21
+type Padding int
+
+// parse just ignores the padding content.
+func (pad Padding) parse(reader io.Reader) error {
+ _, err := io.CopyN(io.Discard, reader, int64(pad))
+ return err
+}
+
+// SerializePadding writes the padding to writer.
+func (pad Padding) SerializePadding(writer io.Writer, rand io.Reader) error {
+ err := serializeHeader(writer, packetPadding, int(pad))
+ if err != nil {
+ return err
+ }
+ _, err = io.CopyN(writer, rand, int64(pad))
+ return err
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go
new file mode 100644
index 0000000000000000000000000000000000000000..f04e6c6b8715efc653193b382c0c73b1fe83f356
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key.go
@@ -0,0 +1,1191 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "bytes"
+ "crypto"
+ "crypto/cipher"
+ "crypto/dsa"
+ "crypto/rsa"
+ "crypto/sha1"
+ "crypto/sha256"
+ "crypto/subtle"
+ "fmt"
+ "io"
+ "math/big"
+ "strconv"
+ "time"
+
+ "github.com/ProtonMail/go-crypto/openpgp/ecdh"
+ "github.com/ProtonMail/go-crypto/openpgp/ecdsa"
+ "github.com/ProtonMail/go-crypto/openpgp/ed25519"
+ "github.com/ProtonMail/go-crypto/openpgp/ed448"
+ "github.com/ProtonMail/go-crypto/openpgp/eddsa"
+ "github.com/ProtonMail/go-crypto/openpgp/elgamal"
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/encoding"
+ "github.com/ProtonMail/go-crypto/openpgp/s2k"
+ "github.com/ProtonMail/go-crypto/openpgp/x25519"
+ "github.com/ProtonMail/go-crypto/openpgp/x448"
+ "golang.org/x/crypto/hkdf"
+)
+
+// PrivateKey represents a possibly encrypted private key. See RFC 4880,
+// section 5.5.3.
+type PrivateKey struct {
+ PublicKey
+ Encrypted bool // if true then the private key is unavailable until Decrypt has been called.
+ encryptedData []byte
+ cipher CipherFunction
+ s2k func(out, in []byte)
+ aead AEADMode // only relevant if S2KAEAD is enabled
+ // An *{rsa|dsa|elgamal|ecdh|ecdsa|ed25519|ed448}.PrivateKey or
+ // crypto.Signer/crypto.Decrypter (Decryptor RSA only).
+ PrivateKey interface{}
+ iv []byte
+
+ // Type of encryption of the S2K packet
+ // Allowed values are 0 (Not encrypted), 253 (AEAD), 254 (SHA1), or
+ // 255 (2-byte checksum)
+ s2kType S2KType
+ // Full parameters of the S2K packet
+ s2kParams *s2k.Params
+}
+
+// S2KType s2k packet type
+type S2KType uint8
+
+const (
+ // S2KNON unencrypt
+ S2KNON S2KType = 0
+ // S2KAEAD use authenticated encryption
+ S2KAEAD S2KType = 253
+ // S2KSHA1 sha1 sum check
+ S2KSHA1 S2KType = 254
+ // S2KCHECKSUM sum check
+ S2KCHECKSUM S2KType = 255
+)
+
+func NewRSAPrivateKey(creationTime time.Time, priv *rsa.PrivateKey) *PrivateKey {
+ pk := new(PrivateKey)
+ pk.PublicKey = *NewRSAPublicKey(creationTime, &priv.PublicKey)
+ pk.PrivateKey = priv
+ return pk
+}
+
+func NewDSAPrivateKey(creationTime time.Time, priv *dsa.PrivateKey) *PrivateKey {
+ pk := new(PrivateKey)
+ pk.PublicKey = *NewDSAPublicKey(creationTime, &priv.PublicKey)
+ pk.PrivateKey = priv
+ return pk
+}
+
+func NewElGamalPrivateKey(creationTime time.Time, priv *elgamal.PrivateKey) *PrivateKey {
+ pk := new(PrivateKey)
+ pk.PublicKey = *NewElGamalPublicKey(creationTime, &priv.PublicKey)
+ pk.PrivateKey = priv
+ return pk
+}
+
+func NewECDSAPrivateKey(creationTime time.Time, priv *ecdsa.PrivateKey) *PrivateKey {
+ pk := new(PrivateKey)
+ pk.PublicKey = *NewECDSAPublicKey(creationTime, &priv.PublicKey)
+ pk.PrivateKey = priv
+ return pk
+}
+
+func NewEdDSAPrivateKey(creationTime time.Time, priv *eddsa.PrivateKey) *PrivateKey {
+ pk := new(PrivateKey)
+ pk.PublicKey = *NewEdDSAPublicKey(creationTime, &priv.PublicKey)
+ pk.PrivateKey = priv
+ return pk
+}
+
+func NewECDHPrivateKey(creationTime time.Time, priv *ecdh.PrivateKey) *PrivateKey {
+ pk := new(PrivateKey)
+ pk.PublicKey = *NewECDHPublicKey(creationTime, &priv.PublicKey)
+ pk.PrivateKey = priv
+ return pk
+}
+
+func NewX25519PrivateKey(creationTime time.Time, priv *x25519.PrivateKey) *PrivateKey {
+ pk := new(PrivateKey)
+ pk.PublicKey = *NewX25519PublicKey(creationTime, &priv.PublicKey)
+ pk.PrivateKey = priv
+ return pk
+}
+
+func NewX448PrivateKey(creationTime time.Time, priv *x448.PrivateKey) *PrivateKey {
+ pk := new(PrivateKey)
+ pk.PublicKey = *NewX448PublicKey(creationTime, &priv.PublicKey)
+ pk.PrivateKey = priv
+ return pk
+}
+
+func NewEd25519PrivateKey(creationTime time.Time, priv *ed25519.PrivateKey) *PrivateKey {
+ pk := new(PrivateKey)
+ pk.PublicKey = *NewEd25519PublicKey(creationTime, &priv.PublicKey)
+ pk.PrivateKey = priv
+ return pk
+}
+
+func NewEd448PrivateKey(creationTime time.Time, priv *ed448.PrivateKey) *PrivateKey {
+ pk := new(PrivateKey)
+ pk.PublicKey = *NewEd448PublicKey(creationTime, &priv.PublicKey)
+ pk.PrivateKey = priv
+ return pk
+}
+
+// NewSignerPrivateKey creates a PrivateKey from a crypto.Signer that
+// implements RSA, ECDSA or EdDSA.
+func NewSignerPrivateKey(creationTime time.Time, signer interface{}) *PrivateKey {
+ pk := new(PrivateKey)
+ // In general, the public Keys should be used as pointers. We still
+ // type-switch on the values, for backwards-compatibility.
+ switch pubkey := signer.(type) {
+ case *rsa.PrivateKey:
+ pk.PublicKey = *NewRSAPublicKey(creationTime, &pubkey.PublicKey)
+ case rsa.PrivateKey:
+ pk.PublicKey = *NewRSAPublicKey(creationTime, &pubkey.PublicKey)
+ case *ecdsa.PrivateKey:
+ pk.PublicKey = *NewECDSAPublicKey(creationTime, &pubkey.PublicKey)
+ case ecdsa.PrivateKey:
+ pk.PublicKey = *NewECDSAPublicKey(creationTime, &pubkey.PublicKey)
+ case *eddsa.PrivateKey:
+ pk.PublicKey = *NewEdDSAPublicKey(creationTime, &pubkey.PublicKey)
+ case eddsa.PrivateKey:
+ pk.PublicKey = *NewEdDSAPublicKey(creationTime, &pubkey.PublicKey)
+ case *ed25519.PrivateKey:
+ pk.PublicKey = *NewEd25519PublicKey(creationTime, &pubkey.PublicKey)
+ case ed25519.PrivateKey:
+ pk.PublicKey = *NewEd25519PublicKey(creationTime, &pubkey.PublicKey)
+ case *ed448.PrivateKey:
+ pk.PublicKey = *NewEd448PublicKey(creationTime, &pubkey.PublicKey)
+ case ed448.PrivateKey:
+ pk.PublicKey = *NewEd448PublicKey(creationTime, &pubkey.PublicKey)
+ default:
+ panic("openpgp: unknown signer type in NewSignerPrivateKey")
+ }
+ pk.PrivateKey = signer
+ return pk
+}
+
+// NewDecrypterPrivateKey creates a PrivateKey from a *{rsa|elgamal|ecdh|x25519|x448}.PrivateKey.
+func NewDecrypterPrivateKey(creationTime time.Time, decrypter interface{}) *PrivateKey {
+ pk := new(PrivateKey)
+ switch priv := decrypter.(type) {
+ case *rsa.PrivateKey:
+ pk.PublicKey = *NewRSAPublicKey(creationTime, &priv.PublicKey)
+ case *elgamal.PrivateKey:
+ pk.PublicKey = *NewElGamalPublicKey(creationTime, &priv.PublicKey)
+ case *ecdh.PrivateKey:
+ pk.PublicKey = *NewECDHPublicKey(creationTime, &priv.PublicKey)
+ case *x25519.PrivateKey:
+ pk.PublicKey = *NewX25519PublicKey(creationTime, &priv.PublicKey)
+ case *x448.PrivateKey:
+ pk.PublicKey = *NewX448PublicKey(creationTime, &priv.PublicKey)
+ default:
+ panic("openpgp: unknown decrypter type in NewDecrypterPrivateKey")
+ }
+ pk.PrivateKey = decrypter
+ return pk
+}
+
+func (pk *PrivateKey) parse(r io.Reader) (err error) {
+ err = (&pk.PublicKey).parse(r)
+ if err != nil {
+ return
+ }
+ v5 := pk.PublicKey.Version == 5
+ v6 := pk.PublicKey.Version == 6
+
+ if V5Disabled && v5 {
+ return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed")
+ }
+
+ var buf [1]byte
+ _, err = readFull(r, buf[:])
+ if err != nil {
+ return
+ }
+ pk.s2kType = S2KType(buf[0])
+ var optCount [1]byte
+ if v5 || (v6 && pk.s2kType != S2KNON) {
+ if _, err = readFull(r, optCount[:]); err != nil {
+ return
+ }
+ }
+
+ switch pk.s2kType {
+ case S2KNON:
+ pk.s2k = nil
+ pk.Encrypted = false
+ case S2KSHA1, S2KCHECKSUM, S2KAEAD:
+ if (v5 || v6) && pk.s2kType == S2KCHECKSUM {
+ return errors.StructuralError(fmt.Sprintf("wrong s2k identifier for version %d", pk.Version))
+ }
+ _, err = readFull(r, buf[:])
+ if err != nil {
+ return
+ }
+ pk.cipher = CipherFunction(buf[0])
+ if pk.cipher != 0 && !pk.cipher.IsSupported() {
+ return errors.UnsupportedError("unsupported cipher function in private key")
+ }
+ // [Optional] If string-to-key usage octet was 253,
+ // a one-octet AEAD algorithm.
+ if pk.s2kType == S2KAEAD {
+ _, err = readFull(r, buf[:])
+ if err != nil {
+ return
+ }
+ pk.aead = AEADMode(buf[0])
+ if !pk.aead.IsSupported() {
+ return errors.UnsupportedError("unsupported aead mode in private key")
+ }
+ }
+
+ // [Optional] Only for a version 6 packet,
+ // and if string-to-key usage octet was 255, 254, or 253,
+ // an one-octet count of the following field.
+ if v6 {
+ _, err = readFull(r, buf[:])
+ if err != nil {
+ return
+ }
+ }
+
+ pk.s2kParams, err = s2k.ParseIntoParams(r)
+ if err != nil {
+ return
+ }
+ if pk.s2kParams.Dummy() {
+ return
+ }
+ if pk.s2kParams.Mode() == s2k.Argon2S2K && pk.s2kType != S2KAEAD {
+ return errors.StructuralError("using Argon2 S2K without AEAD is not allowed")
+ }
+ if pk.s2kParams.Mode() == s2k.SimpleS2K && pk.Version == 6 {
+ return errors.StructuralError("using Simple S2K with version 6 keys is not allowed")
+ }
+ pk.s2k, err = pk.s2kParams.Function()
+ if err != nil {
+ return
+ }
+ pk.Encrypted = true
+ default:
+ return errors.UnsupportedError("deprecated s2k function in private key")
+ }
+
+ if pk.Encrypted {
+ var ivSize int
+ // If the S2K usage octet was 253, the IV is of the size expected by the AEAD mode,
+ // unless it's a version 5 key, in which case it's the size of the symmetric cipher's block size.
+ // For all other S2K modes, it's always the block size.
+ if !v5 && pk.s2kType == S2KAEAD {
+ ivSize = pk.aead.IvLength()
+ } else {
+ ivSize = pk.cipher.blockSize()
+ }
+
+ if ivSize == 0 {
+ return errors.UnsupportedError("unsupported cipher in private key: " + strconv.Itoa(int(pk.cipher)))
+ }
+ pk.iv = make([]byte, ivSize)
+ _, err = readFull(r, pk.iv)
+ if err != nil {
+ return
+ }
+ if v5 && pk.s2kType == S2KAEAD {
+ pk.iv = pk.iv[:pk.aead.IvLength()]
+ }
+ }
+
+ var privateKeyData []byte
+ if v5 {
+ var n [4]byte /* secret material four octet count */
+ _, err = readFull(r, n[:])
+ if err != nil {
+ return
+ }
+ count := uint32(uint32(n[0])<<24 | uint32(n[1])<<16 | uint32(n[2])<<8 | uint32(n[3]))
+ if !pk.Encrypted {
+ count = count + 2 /* two octet checksum */
+ }
+ privateKeyData = make([]byte, count)
+ _, err = readFull(r, privateKeyData)
+ if err != nil {
+ return
+ }
+ } else {
+ privateKeyData, err = io.ReadAll(r)
+ if err != nil {
+ return
+ }
+ }
+ if !pk.Encrypted {
+ if len(privateKeyData) < 2 {
+ return errors.StructuralError("truncated private key data")
+ }
+ if pk.Version != 6 {
+ // checksum
+ var sum uint16
+ for i := 0; i < len(privateKeyData)-2; i++ {
+ sum += uint16(privateKeyData[i])
+ }
+ if privateKeyData[len(privateKeyData)-2] != uint8(sum>>8) ||
+ privateKeyData[len(privateKeyData)-1] != uint8(sum) {
+ return errors.StructuralError("private key checksum failure")
+ }
+ privateKeyData = privateKeyData[:len(privateKeyData)-2]
+ return pk.parsePrivateKey(privateKeyData)
+ } else {
+ // No checksum
+ return pk.parsePrivateKey(privateKeyData)
+ }
+ }
+
+ pk.encryptedData = privateKeyData
+ return
+}
+
+// Dummy returns true if the private key is a dummy key. This is a GNU extension.
+func (pk *PrivateKey) Dummy() bool {
+ return pk.s2kParams.Dummy()
+}
+
+func mod64kHash(d []byte) uint16 {
+ var h uint16
+ for _, b := range d {
+ h += uint16(b)
+ }
+ return h
+}
+
+func (pk *PrivateKey) Serialize(w io.Writer) (err error) {
+ contents := bytes.NewBuffer(nil)
+ err = pk.PublicKey.serializeWithoutHeaders(contents)
+ if err != nil {
+ return
+ }
+ if _, err = contents.Write([]byte{uint8(pk.s2kType)}); err != nil {
+ return
+ }
+
+ optional := bytes.NewBuffer(nil)
+ if pk.Encrypted || pk.Dummy() {
+ // [Optional] If string-to-key usage octet was 255, 254, or 253,
+ // a one-octet symmetric encryption algorithm.
+ if _, err = optional.Write([]byte{uint8(pk.cipher)}); err != nil {
+ return
+ }
+ // [Optional] If string-to-key usage octet was 253,
+ // a one-octet AEAD algorithm.
+ if pk.s2kType == S2KAEAD {
+ if _, err = optional.Write([]byte{uint8(pk.aead)}); err != nil {
+ return
+ }
+ }
+
+ s2kBuffer := bytes.NewBuffer(nil)
+ if err := pk.s2kParams.Serialize(s2kBuffer); err != nil {
+ return err
+ }
+ // [Optional] Only for a version 6 packet, and if string-to-key
+ // usage octet was 255, 254, or 253, an one-octet
+ // count of the following field.
+ if pk.Version == 6 {
+ if _, err = optional.Write([]byte{uint8(s2kBuffer.Len())}); err != nil {
+ return
+ }
+ }
+ // [Optional] If string-to-key usage octet was 255, 254, or 253,
+ // a string-to-key (S2K) specifier. The length of the string-to-key specifier
+ // depends on its type
+ if _, err = io.Copy(optional, s2kBuffer); err != nil {
+ return
+ }
+
+ // IV
+ if pk.Encrypted {
+ if _, err = optional.Write(pk.iv); err != nil {
+ return
+ }
+ if pk.Version == 5 && pk.s2kType == S2KAEAD {
+ // Add padding for version 5
+ padding := make([]byte, pk.cipher.blockSize()-len(pk.iv))
+ if _, err = optional.Write(padding); err != nil {
+ return
+ }
+ }
+ }
+ }
+ if pk.Version == 5 || (pk.Version == 6 && pk.s2kType != S2KNON) {
+ contents.Write([]byte{uint8(optional.Len())})
+ }
+
+ if _, err := io.Copy(contents, optional); err != nil {
+ return err
+ }
+
+ if !pk.Dummy() {
+ l := 0
+ var priv []byte
+ if !pk.Encrypted {
+ buf := bytes.NewBuffer(nil)
+ err = pk.serializePrivateKey(buf)
+ if err != nil {
+ return err
+ }
+ l = buf.Len()
+ if pk.Version != 6 {
+ checksum := mod64kHash(buf.Bytes())
+ buf.Write([]byte{byte(checksum >> 8), byte(checksum)})
+ }
+ priv = buf.Bytes()
+ } else {
+ priv, l = pk.encryptedData, len(pk.encryptedData)
+ }
+
+ if pk.Version == 5 {
+ contents.Write([]byte{byte(l >> 24), byte(l >> 16), byte(l >> 8), byte(l)})
+ }
+ contents.Write(priv)
+ }
+
+ ptype := packetTypePrivateKey
+ if pk.IsSubkey {
+ ptype = packetTypePrivateSubkey
+ }
+ err = serializeHeader(w, ptype, contents.Len())
+ if err != nil {
+ return
+ }
+ _, err = io.Copy(w, contents)
+ if err != nil {
+ return
+ }
+ return
+}
+
+func serializeRSAPrivateKey(w io.Writer, priv *rsa.PrivateKey) error {
+ if _, err := w.Write(new(encoding.MPI).SetBig(priv.D).EncodedBytes()); err != nil {
+ return err
+ }
+ if _, err := w.Write(new(encoding.MPI).SetBig(priv.Primes[1]).EncodedBytes()); err != nil {
+ return err
+ }
+ if _, err := w.Write(new(encoding.MPI).SetBig(priv.Primes[0]).EncodedBytes()); err != nil {
+ return err
+ }
+ _, err := w.Write(new(encoding.MPI).SetBig(priv.Precomputed.Qinv).EncodedBytes())
+ return err
+}
+
+func serializeDSAPrivateKey(w io.Writer, priv *dsa.PrivateKey) error {
+ _, err := w.Write(new(encoding.MPI).SetBig(priv.X).EncodedBytes())
+ return err
+}
+
+func serializeElGamalPrivateKey(w io.Writer, priv *elgamal.PrivateKey) error {
+ _, err := w.Write(new(encoding.MPI).SetBig(priv.X).EncodedBytes())
+ return err
+}
+
+func serializeECDSAPrivateKey(w io.Writer, priv *ecdsa.PrivateKey) error {
+ _, err := w.Write(encoding.NewMPI(priv.MarshalIntegerSecret()).EncodedBytes())
+ return err
+}
+
+func serializeEdDSAPrivateKey(w io.Writer, priv *eddsa.PrivateKey) error {
+ _, err := w.Write(encoding.NewMPI(priv.MarshalByteSecret()).EncodedBytes())
+ return err
+}
+
+func serializeECDHPrivateKey(w io.Writer, priv *ecdh.PrivateKey) error {
+ _, err := w.Write(encoding.NewMPI(priv.MarshalByteSecret()).EncodedBytes())
+ return err
+}
+
+func serializeX25519PrivateKey(w io.Writer, priv *x25519.PrivateKey) error {
+ _, err := w.Write(priv.Secret)
+ return err
+}
+
+func serializeX448PrivateKey(w io.Writer, priv *x448.PrivateKey) error {
+ _, err := w.Write(priv.Secret)
+ return err
+}
+
+func serializeEd25519PrivateKey(w io.Writer, priv *ed25519.PrivateKey) error {
+ _, err := w.Write(priv.MarshalByteSecret())
+ return err
+}
+
+func serializeEd448PrivateKey(w io.Writer, priv *ed448.PrivateKey) error {
+ _, err := w.Write(priv.MarshalByteSecret())
+ return err
+}
+
+// decrypt decrypts an encrypted private key using a decryption key.
+func (pk *PrivateKey) decrypt(decryptionKey []byte) error {
+ if pk.Dummy() {
+ return errors.ErrDummyPrivateKey("dummy key found")
+ }
+ if !pk.Encrypted {
+ return nil
+ }
+ block := pk.cipher.new(decryptionKey)
+ var data []byte
+ switch pk.s2kType {
+ case S2KAEAD:
+ aead := pk.aead.new(block)
+ additionalData, err := pk.additionalData()
+ if err != nil {
+ return err
+ }
+ // Decrypt the encrypted key material with aead
+ data, err = aead.Open(nil, pk.iv, pk.encryptedData, additionalData)
+ if err != nil {
+ return err
+ }
+ case S2KSHA1, S2KCHECKSUM:
+ cfb := cipher.NewCFBDecrypter(block, pk.iv)
+ data = make([]byte, len(pk.encryptedData))
+ cfb.XORKeyStream(data, pk.encryptedData)
+ if pk.s2kType == S2KSHA1 {
+ if len(data) < sha1.Size {
+ return errors.StructuralError("truncated private key data")
+ }
+ h := sha1.New()
+ h.Write(data[:len(data)-sha1.Size])
+ sum := h.Sum(nil)
+ if !bytes.Equal(sum, data[len(data)-sha1.Size:]) {
+ return errors.StructuralError("private key checksum failure")
+ }
+ data = data[:len(data)-sha1.Size]
+ } else {
+ if len(data) < 2 {
+ return errors.StructuralError("truncated private key data")
+ }
+ var sum uint16
+ for i := 0; i < len(data)-2; i++ {
+ sum += uint16(data[i])
+ }
+ if data[len(data)-2] != uint8(sum>>8) ||
+ data[len(data)-1] != uint8(sum) {
+ return errors.StructuralError("private key checksum failure")
+ }
+ data = data[:len(data)-2]
+ }
+ default:
+ return errors.InvalidArgumentError("invalid s2k type")
+ }
+
+ err := pk.parsePrivateKey(data)
+ if _, ok := err.(errors.KeyInvalidError); ok {
+ return errors.KeyInvalidError("invalid key parameters")
+ }
+ if err != nil {
+ return err
+ }
+
+ // Mark key as unencrypted
+ pk.s2kType = S2KNON
+ pk.s2k = nil
+ pk.Encrypted = false
+ pk.encryptedData = nil
+ return nil
+}
+
+func (pk *PrivateKey) decryptWithCache(passphrase []byte, keyCache *s2k.Cache) error {
+ if pk.Dummy() {
+ return errors.ErrDummyPrivateKey("dummy key found")
+ }
+ if !pk.Encrypted {
+ return nil
+ }
+
+ key, err := keyCache.GetOrComputeDerivedKey(passphrase, pk.s2kParams, pk.cipher.KeySize())
+ if err != nil {
+ return err
+ }
+ if pk.s2kType == S2KAEAD {
+ key = pk.applyHKDF(key)
+ }
+ return pk.decrypt(key)
+}
+
+// Decrypt decrypts an encrypted private key using a passphrase.
+func (pk *PrivateKey) Decrypt(passphrase []byte) error {
+ if pk.Dummy() {
+ return errors.ErrDummyPrivateKey("dummy key found")
+ }
+ if !pk.Encrypted {
+ return nil
+ }
+
+ key := make([]byte, pk.cipher.KeySize())
+ pk.s2k(key, passphrase)
+ if pk.s2kType == S2KAEAD {
+ key = pk.applyHKDF(key)
+ }
+ return pk.decrypt(key)
+}
+
+// DecryptPrivateKeys decrypts all encrypted keys with the given config and passphrase.
+// Avoids recomputation of similar s2k key derivations.
+func DecryptPrivateKeys(keys []*PrivateKey, passphrase []byte) error {
+ // Create a cache to avoid recomputation of key derviations for the same passphrase.
+ s2kCache := &s2k.Cache{}
+ for _, key := range keys {
+ if key != nil && !key.Dummy() && key.Encrypted {
+ err := key.decryptWithCache(passphrase, s2kCache)
+ if err != nil {
+ return err
+ }
+ }
+ }
+ return nil
+}
+
+// encrypt encrypts an unencrypted private key.
+func (pk *PrivateKey) encrypt(key []byte, params *s2k.Params, s2kType S2KType, cipherFunction CipherFunction, rand io.Reader) error {
+ if pk.Dummy() {
+ return errors.ErrDummyPrivateKey("dummy key found")
+ }
+ if pk.Encrypted {
+ return nil
+ }
+ // check if encryptionKey has the correct size
+ if len(key) != cipherFunction.KeySize() {
+ return errors.InvalidArgumentError("supplied encryption key has the wrong size")
+ }
+
+ if params.Mode() == s2k.Argon2S2K && s2kType != S2KAEAD {
+ return errors.InvalidArgumentError("using Argon2 S2K without AEAD is not allowed")
+ }
+ if params.Mode() != s2k.Argon2S2K && params.Mode() != s2k.IteratedSaltedS2K &&
+ params.Mode() != s2k.SaltedS2K { // only allowed for high-entropy passphrases
+ return errors.InvalidArgumentError("insecure S2K mode")
+ }
+
+ priv := bytes.NewBuffer(nil)
+ err := pk.serializePrivateKey(priv)
+ if err != nil {
+ return err
+ }
+
+ pk.cipher = cipherFunction
+ pk.s2kParams = params
+ pk.s2k, err = pk.s2kParams.Function()
+ if err != nil {
+ return err
+ }
+
+ privateKeyBytes := priv.Bytes()
+ pk.s2kType = s2kType
+ block := pk.cipher.new(key)
+ switch s2kType {
+ case S2KAEAD:
+ if pk.aead == 0 {
+ return errors.StructuralError("aead mode is not set on key")
+ }
+ aead := pk.aead.new(block)
+ additionalData, err := pk.additionalData()
+ if err != nil {
+ return err
+ }
+ pk.iv = make([]byte, aead.NonceSize())
+ _, err = io.ReadFull(rand, pk.iv)
+ if err != nil {
+ return err
+ }
+ // Decrypt the encrypted key material with aead
+ pk.encryptedData = aead.Seal(nil, pk.iv, privateKeyBytes, additionalData)
+ case S2KSHA1, S2KCHECKSUM:
+ pk.iv = make([]byte, pk.cipher.blockSize())
+ _, err = io.ReadFull(rand, pk.iv)
+ if err != nil {
+ return err
+ }
+ cfb := cipher.NewCFBEncrypter(block, pk.iv)
+ if s2kType == S2KSHA1 {
+ h := sha1.New()
+ h.Write(privateKeyBytes)
+ sum := h.Sum(nil)
+ privateKeyBytes = append(privateKeyBytes, sum...)
+ } else {
+ var sum uint16
+ for _, b := range privateKeyBytes {
+ sum += uint16(b)
+ }
+ privateKeyBytes = append(privateKeyBytes, []byte{uint8(sum >> 8), uint8(sum)}...)
+ }
+ pk.encryptedData = make([]byte, len(privateKeyBytes))
+ cfb.XORKeyStream(pk.encryptedData, privateKeyBytes)
+ default:
+ return errors.InvalidArgumentError("invalid s2k type for encryption")
+ }
+
+ pk.Encrypted = true
+ pk.PrivateKey = nil
+ return err
+}
+
+// EncryptWithConfig encrypts an unencrypted private key using the passphrase and the config.
+func (pk *PrivateKey) EncryptWithConfig(passphrase []byte, config *Config) error {
+ params, err := s2k.Generate(config.Random(), config.S2K())
+ if err != nil {
+ return err
+ }
+ // Derive an encryption key with the configured s2k function.
+ key := make([]byte, config.Cipher().KeySize())
+ s2k, err := params.Function()
+ if err != nil {
+ return err
+ }
+ s2k(key, passphrase)
+ s2kType := S2KSHA1
+ if config.AEAD() != nil {
+ s2kType = S2KAEAD
+ pk.aead = config.AEAD().Mode()
+ pk.cipher = config.Cipher()
+ key = pk.applyHKDF(key)
+ }
+ // Encrypt the private key with the derived encryption key.
+ return pk.encrypt(key, params, s2kType, config.Cipher(), config.Random())
+}
+
+// EncryptPrivateKeys encrypts all unencrypted keys with the given config and passphrase.
+// Only derives one key from the passphrase, which is then used to encrypt each key.
+func EncryptPrivateKeys(keys []*PrivateKey, passphrase []byte, config *Config) error {
+ params, err := s2k.Generate(config.Random(), config.S2K())
+ if err != nil {
+ return err
+ }
+ // Derive an encryption key with the configured s2k function.
+ encryptionKey := make([]byte, config.Cipher().KeySize())
+ s2k, err := params.Function()
+ if err != nil {
+ return err
+ }
+ s2k(encryptionKey, passphrase)
+ for _, key := range keys {
+ if key != nil && !key.Dummy() && !key.Encrypted {
+ s2kType := S2KSHA1
+ if config.AEAD() != nil {
+ s2kType = S2KAEAD
+ key.aead = config.AEAD().Mode()
+ key.cipher = config.Cipher()
+ derivedKey := key.applyHKDF(encryptionKey)
+ err = key.encrypt(derivedKey, params, s2kType, config.Cipher(), config.Random())
+ } else {
+ err = key.encrypt(encryptionKey, params, s2kType, config.Cipher(), config.Random())
+ }
+ if err != nil {
+ return err
+ }
+ }
+ }
+ return nil
+}
+
+// Encrypt encrypts an unencrypted private key using a passphrase.
+func (pk *PrivateKey) Encrypt(passphrase []byte) error {
+ // Default config of private key encryption
+ config := &Config{
+ S2KConfig: &s2k.Config{
+ S2KMode: s2k.IteratedSaltedS2K,
+ S2KCount: 65536,
+ Hash: crypto.SHA256,
+ },
+ DefaultCipher: CipherAES256,
+ }
+ return pk.EncryptWithConfig(passphrase, config)
+}
+
+func (pk *PrivateKey) serializePrivateKey(w io.Writer) (err error) {
+ switch priv := pk.PrivateKey.(type) {
+ case *rsa.PrivateKey:
+ err = serializeRSAPrivateKey(w, priv)
+ case *dsa.PrivateKey:
+ err = serializeDSAPrivateKey(w, priv)
+ case *elgamal.PrivateKey:
+ err = serializeElGamalPrivateKey(w, priv)
+ case *ecdsa.PrivateKey:
+ err = serializeECDSAPrivateKey(w, priv)
+ case *eddsa.PrivateKey:
+ err = serializeEdDSAPrivateKey(w, priv)
+ case *ecdh.PrivateKey:
+ err = serializeECDHPrivateKey(w, priv)
+ case *x25519.PrivateKey:
+ err = serializeX25519PrivateKey(w, priv)
+ case *x448.PrivateKey:
+ err = serializeX448PrivateKey(w, priv)
+ case *ed25519.PrivateKey:
+ err = serializeEd25519PrivateKey(w, priv)
+ case *ed448.PrivateKey:
+ err = serializeEd448PrivateKey(w, priv)
+ default:
+ err = errors.InvalidArgumentError("unknown private key type")
+ }
+ return
+}
+
+func (pk *PrivateKey) parsePrivateKey(data []byte) (err error) {
+ switch pk.PublicKey.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoRSAEncryptOnly:
+ return pk.parseRSAPrivateKey(data)
+ case PubKeyAlgoDSA:
+ return pk.parseDSAPrivateKey(data)
+ case PubKeyAlgoElGamal:
+ return pk.parseElGamalPrivateKey(data)
+ case PubKeyAlgoECDSA:
+ return pk.parseECDSAPrivateKey(data)
+ case PubKeyAlgoECDH:
+ return pk.parseECDHPrivateKey(data)
+ case PubKeyAlgoEdDSA:
+ return pk.parseEdDSAPrivateKey(data)
+ case PubKeyAlgoX25519:
+ return pk.parseX25519PrivateKey(data)
+ case PubKeyAlgoX448:
+ return pk.parseX448PrivateKey(data)
+ case PubKeyAlgoEd25519:
+ return pk.parseEd25519PrivateKey(data)
+ case PubKeyAlgoEd448:
+ return pk.parseEd448PrivateKey(data)
+ default:
+ err = errors.StructuralError("unknown private key type")
+ return
+ }
+}
+
+func (pk *PrivateKey) parseRSAPrivateKey(data []byte) (err error) {
+ rsaPub := pk.PublicKey.PublicKey.(*rsa.PublicKey)
+ rsaPriv := new(rsa.PrivateKey)
+ rsaPriv.PublicKey = *rsaPub
+
+ buf := bytes.NewBuffer(data)
+ d := new(encoding.MPI)
+ if _, err := d.ReadFrom(buf); err != nil {
+ return err
+ }
+
+ p := new(encoding.MPI)
+ if _, err := p.ReadFrom(buf); err != nil {
+ return err
+ }
+
+ q := new(encoding.MPI)
+ if _, err := q.ReadFrom(buf); err != nil {
+ return err
+ }
+
+ rsaPriv.D = new(big.Int).SetBytes(d.Bytes())
+ rsaPriv.Primes = make([]*big.Int, 2)
+ rsaPriv.Primes[0] = new(big.Int).SetBytes(p.Bytes())
+ rsaPriv.Primes[1] = new(big.Int).SetBytes(q.Bytes())
+ if err := rsaPriv.Validate(); err != nil {
+ return errors.KeyInvalidError(err.Error())
+ }
+ rsaPriv.Precompute()
+ pk.PrivateKey = rsaPriv
+
+ return nil
+}
+
+func (pk *PrivateKey) parseDSAPrivateKey(data []byte) (err error) {
+ dsaPub := pk.PublicKey.PublicKey.(*dsa.PublicKey)
+ dsaPriv := new(dsa.PrivateKey)
+ dsaPriv.PublicKey = *dsaPub
+
+ buf := bytes.NewBuffer(data)
+ x := new(encoding.MPI)
+ if _, err := x.ReadFrom(buf); err != nil {
+ return err
+ }
+
+ dsaPriv.X = new(big.Int).SetBytes(x.Bytes())
+ if err := validateDSAParameters(dsaPriv); err != nil {
+ return err
+ }
+ pk.PrivateKey = dsaPriv
+
+ return nil
+}
+
+func (pk *PrivateKey) parseElGamalPrivateKey(data []byte) (err error) {
+ pub := pk.PublicKey.PublicKey.(*elgamal.PublicKey)
+ priv := new(elgamal.PrivateKey)
+ priv.PublicKey = *pub
+
+ buf := bytes.NewBuffer(data)
+ x := new(encoding.MPI)
+ if _, err := x.ReadFrom(buf); err != nil {
+ return err
+ }
+
+ priv.X = new(big.Int).SetBytes(x.Bytes())
+ if err := validateElGamalParameters(priv); err != nil {
+ return err
+ }
+ pk.PrivateKey = priv
+
+ return nil
+}
+
+func (pk *PrivateKey) parseECDSAPrivateKey(data []byte) (err error) {
+ ecdsaPub := pk.PublicKey.PublicKey.(*ecdsa.PublicKey)
+ ecdsaPriv := ecdsa.NewPrivateKey(*ecdsaPub)
+
+ buf := bytes.NewBuffer(data)
+ d := new(encoding.MPI)
+ if _, err := d.ReadFrom(buf); err != nil {
+ return err
+ }
+
+ if err := ecdsaPriv.UnmarshalIntegerSecret(d.Bytes()); err != nil {
+ return err
+ }
+ if err := ecdsa.Validate(ecdsaPriv); err != nil {
+ return err
+ }
+ pk.PrivateKey = ecdsaPriv
+
+ return nil
+}
+
+func (pk *PrivateKey) parseECDHPrivateKey(data []byte) (err error) {
+ ecdhPub := pk.PublicKey.PublicKey.(*ecdh.PublicKey)
+ ecdhPriv := ecdh.NewPrivateKey(*ecdhPub)
+
+ buf := bytes.NewBuffer(data)
+ d := new(encoding.MPI)
+ if _, err := d.ReadFrom(buf); err != nil {
+ return err
+ }
+
+ if err := ecdhPriv.UnmarshalByteSecret(d.Bytes()); err != nil {
+ return err
+ }
+
+ if err := ecdh.Validate(ecdhPriv); err != nil {
+ return err
+ }
+
+ pk.PrivateKey = ecdhPriv
+
+ return nil
+}
+
+func (pk *PrivateKey) parseX25519PrivateKey(data []byte) (err error) {
+ publicKey := pk.PublicKey.PublicKey.(*x25519.PublicKey)
+ privateKey := x25519.NewPrivateKey(*publicKey)
+ privateKey.PublicKey = *publicKey
+
+ privateKey.Secret = make([]byte, x25519.KeySize)
+
+ if len(data) != x25519.KeySize {
+ err = errors.StructuralError("wrong x25519 key size")
+ return err
+ }
+ subtle.ConstantTimeCopy(1, privateKey.Secret, data)
+ if err = x25519.Validate(privateKey); err != nil {
+ return err
+ }
+ pk.PrivateKey = privateKey
+ return nil
+}
+
+func (pk *PrivateKey) parseX448PrivateKey(data []byte) (err error) {
+ publicKey := pk.PublicKey.PublicKey.(*x448.PublicKey)
+ privateKey := x448.NewPrivateKey(*publicKey)
+ privateKey.PublicKey = *publicKey
+
+ privateKey.Secret = make([]byte, x448.KeySize)
+
+ if len(data) != x448.KeySize {
+ err = errors.StructuralError("wrong x448 key size")
+ return err
+ }
+ subtle.ConstantTimeCopy(1, privateKey.Secret, data)
+ if err = x448.Validate(privateKey); err != nil {
+ return err
+ }
+ pk.PrivateKey = privateKey
+ return nil
+}
+
+func (pk *PrivateKey) parseEd25519PrivateKey(data []byte) (err error) {
+ publicKey := pk.PublicKey.PublicKey.(*ed25519.PublicKey)
+ privateKey := ed25519.NewPrivateKey(*publicKey)
+ privateKey.PublicKey = *publicKey
+
+ if len(data) != ed25519.SeedSize {
+ err = errors.StructuralError("wrong ed25519 key size")
+ return err
+ }
+ err = privateKey.UnmarshalByteSecret(data)
+ if err != nil {
+ return err
+ }
+ err = ed25519.Validate(privateKey)
+ if err != nil {
+ return err
+ }
+ pk.PrivateKey = privateKey
+ return nil
+}
+
+func (pk *PrivateKey) parseEd448PrivateKey(data []byte) (err error) {
+ publicKey := pk.PublicKey.PublicKey.(*ed448.PublicKey)
+ privateKey := ed448.NewPrivateKey(*publicKey)
+ privateKey.PublicKey = *publicKey
+
+ if len(data) != ed448.SeedSize {
+ err = errors.StructuralError("wrong ed448 key size")
+ return err
+ }
+ err = privateKey.UnmarshalByteSecret(data)
+ if err != nil {
+ return err
+ }
+ err = ed448.Validate(privateKey)
+ if err != nil {
+ return err
+ }
+ pk.PrivateKey = privateKey
+ return nil
+}
+
+func (pk *PrivateKey) parseEdDSAPrivateKey(data []byte) (err error) {
+ eddsaPub := pk.PublicKey.PublicKey.(*eddsa.PublicKey)
+ eddsaPriv := eddsa.NewPrivateKey(*eddsaPub)
+ eddsaPriv.PublicKey = *eddsaPub
+
+ buf := bytes.NewBuffer(data)
+ d := new(encoding.MPI)
+ if _, err := d.ReadFrom(buf); err != nil {
+ return err
+ }
+
+ if err = eddsaPriv.UnmarshalByteSecret(d.Bytes()); err != nil {
+ return err
+ }
+
+ if err := eddsa.Validate(eddsaPriv); err != nil {
+ return err
+ }
+
+ pk.PrivateKey = eddsaPriv
+
+ return nil
+}
+
+func (pk *PrivateKey) additionalData() ([]byte, error) {
+ additionalData := bytes.NewBuffer(nil)
+ // Write additional data prefix based on packet type
+ var packetByte byte
+ if pk.PublicKey.IsSubkey {
+ packetByte = 0xc7
+ } else {
+ packetByte = 0xc5
+ }
+ // Write public key to additional data
+ _, err := additionalData.Write([]byte{packetByte})
+ if err != nil {
+ return nil, err
+ }
+ err = pk.PublicKey.serializeWithoutHeaders(additionalData)
+ if err != nil {
+ return nil, err
+ }
+ return additionalData.Bytes(), nil
+}
+
+func (pk *PrivateKey) applyHKDF(inputKey []byte) []byte {
+ var packetByte byte
+ if pk.PublicKey.IsSubkey {
+ packetByte = 0xc7
+ } else {
+ packetByte = 0xc5
+ }
+ associatedData := []byte{packetByte, byte(pk.Version), byte(pk.cipher), byte(pk.aead)}
+ hkdfReader := hkdf.New(sha256.New, inputKey, []byte{}, associatedData)
+ encryptionKey := make([]byte, pk.cipher.KeySize())
+ _, _ = readFull(hkdfReader, encryptionKey)
+ return encryptionKey
+}
+
+func validateDSAParameters(priv *dsa.PrivateKey) error {
+ p := priv.P // group prime
+ q := priv.Q // subgroup order
+ g := priv.G // g has order q mod p
+ x := priv.X // secret
+ y := priv.Y // y == g**x mod p
+ one := big.NewInt(1)
+ // expect g, y >= 2 and g < p
+ if g.Cmp(one) <= 0 || y.Cmp(one) <= 0 || g.Cmp(p) > 0 {
+ return errors.KeyInvalidError("dsa: invalid group")
+ }
+ // expect p > q
+ if p.Cmp(q) <= 0 {
+ return errors.KeyInvalidError("dsa: invalid group prime")
+ }
+ // q should be large enough and divide p-1
+ pSub1 := new(big.Int).Sub(p, one)
+ if q.BitLen() < 150 || new(big.Int).Mod(pSub1, q).Cmp(big.NewInt(0)) != 0 {
+ return errors.KeyInvalidError("dsa: invalid order")
+ }
+ // confirm that g has order q mod p
+ if !q.ProbablyPrime(32) || new(big.Int).Exp(g, q, p).Cmp(one) != 0 {
+ return errors.KeyInvalidError("dsa: invalid order")
+ }
+ // check y
+ if new(big.Int).Exp(g, x, p).Cmp(y) != 0 {
+ return errors.KeyInvalidError("dsa: mismatching values")
+ }
+
+ return nil
+}
+
+func validateElGamalParameters(priv *elgamal.PrivateKey) error {
+ p := priv.P // group prime
+ g := priv.G // g has order p-1 mod p
+ x := priv.X // secret
+ y := priv.Y // y == g**x mod p
+ one := big.NewInt(1)
+ // Expect g, y >= 2 and g < p
+ if g.Cmp(one) <= 0 || y.Cmp(one) <= 0 || g.Cmp(p) > 0 {
+ return errors.KeyInvalidError("elgamal: invalid group")
+ }
+ if p.BitLen() < 1024 {
+ return errors.KeyInvalidError("elgamal: group order too small")
+ }
+ pSub1 := new(big.Int).Sub(p, one)
+ if new(big.Int).Exp(g, pSub1, p).Cmp(one) != 0 {
+ return errors.KeyInvalidError("elgamal: invalid group")
+ }
+ // Since p-1 is not prime, g might have a smaller order that divides p-1.
+ // We cannot confirm the exact order of g, but we make sure it is not too small.
+ gExpI := new(big.Int).Set(g)
+ i := 1
+ threshold := 2 << 17 // we want order > threshold
+ for i < threshold {
+ i++ // we check every order to make sure key validation is not easily bypassed by guessing y'
+ gExpI.Mod(new(big.Int).Mul(gExpI, g), p)
+ if gExpI.Cmp(one) == 0 {
+ return errors.KeyInvalidError("elgamal: order too small")
+ }
+ }
+ // Check y
+ if new(big.Int).Exp(g, x, p).Cmp(y) != 0 {
+ return errors.KeyInvalidError("elgamal: mismatching values")
+ }
+
+ return nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key_test_data.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key_test_data.go
new file mode 100644
index 0000000000000000000000000000000000000000..029b8f1aab2eef7307b4e6e7b2442b1e0e7927b9
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/private_key_test_data.go
@@ -0,0 +1,12 @@
+package packet
+
+// Generated with `gpg --export-secret-keys "Test Key 2"`
+const privKeyRSAHex = "9501fe044cc349a8010400b70ca0010e98c090008d45d1ee8f9113bd5861fd57b88bacb7c68658747663f1e1a3b5a98f32fda6472373c024b97359cd2efc88ff60f77751adfbf6af5e615e6a1408cfad8bf0cea30b0d5f53aa27ad59089ba9b15b7ebc2777a25d7b436144027e3bcd203909f147d0e332b240cf63d3395f5dfe0df0a6c04e8655af7eacdf0011010001fe0303024a252e7d475fd445607de39a265472aa74a9320ba2dac395faa687e9e0336aeb7e9a7397e511b5afd9dc84557c80ac0f3d4d7bfec5ae16f20d41c8c84a04552a33870b930420e230e179564f6d19bb153145e76c33ae993886c388832b0fa042ddda7f133924f3854481533e0ede31d51278c0519b29abc3bf53da673e13e3e1214b52413d179d7f66deee35cac8eacb060f78379d70ef4af8607e68131ff529439668fc39c9ce6dfef8a5ac234d234802cbfb749a26107db26406213ae5c06d4673253a3cbee1fcbae58d6ab77e38d6e2c0e7c6317c48e054edadb5a40d0d48acb44643d998139a8a66bb820be1f3f80185bc777d14b5954b60effe2448a036d565c6bc0b915fcea518acdd20ab07bc1529f561c58cd044f723109b93f6fd99f876ff891d64306b5d08f48bab59f38695e9109c4dec34013ba3153488ce070268381ba923ee1eb77125b36afcb4347ec3478c8f2735b06ef17351d872e577fa95d0c397c88c71b59629a36aec"
+
+// Generated by `gpg --export-secret-keys` followed by a manual extraction of
+// the ElGamal subkey from the packets.
+const privKeyElGamalHex = "9d0157044df9ee1a100400eb8e136a58ec39b582629cdadf830bc64e0a94ed8103ca8bb247b27b11b46d1d25297ef4bcc3071785ba0c0bedfe89eabc5287fcc0edf81ab5896c1c8e4b20d27d79813c7aede75320b33eaeeaa586edc00fd1036c10133e6ba0ff277245d0d59d04b2b3421b7244aca5f4a8d870c6f1c1fbff9e1c26699a860b9504f35ca1d700030503fd1ededd3b840795be6d9ccbe3c51ee42e2f39233c432b831ddd9c4e72b7025a819317e47bf94f9ee316d7273b05d5fcf2999c3a681f519b1234bbfa6d359b4752bd9c3f77d6b6456cde152464763414ca130f4e91d91041432f90620fec0e6d6b5116076c2985d5aeaae13be492b9b329efcaf7ee25120159a0a30cd976b42d7afe030302dae7eb80db744d4960c4df930d57e87fe81412eaace9f900e6c839817a614ddb75ba6603b9417c33ea7b6c93967dfa2bcff3fa3c74a5ce2c962db65b03aece14c96cbd0038fc"
+
+// pkcs1PrivKeyHex is a PKCS#1, RSA private key.
+// Generated by `openssl genrsa 1024 | openssl rsa -outform DER | xxd -p`
+const pkcs1PrivKeyHex = "3082025d02010002818100e98edfa1c3b35884a54d0b36a6a603b0290fa85e49e30fa23fc94fef9c6790bc4849928607aa48d809da326fb42a969d06ad756b98b9c1a90f5d4a2b6d0ac05953c97f4da3120164a21a679793ce181c906dc01d235cc085ddcdf6ea06c389b6ab8885dfd685959e693138856a68a7e5db263337ff82a088d583a897cf2d59e9020301000102818100b6d5c9eb70b02d5369b3ee5b520a14490b5bde8a317d36f7e4c74b7460141311d1e5067735f8f01d6f5908b2b96fbd881f7a1ab9a84d82753e39e19e2d36856be960d05ac9ef8e8782ea1b6d65aee28fdfe1d61451e8cff0adfe84322f12cf455028b581cf60eb9e0e140ba5d21aeba6c2634d7c65318b9a665fc01c3191ca21024100fa5e818da3705b0fa33278bb28d4b6f6050388af2d4b75ec9375dd91ccf2e7d7068086a8b82a8f6282e4fbbdb8a7f2622eb97295249d87acea7f5f816f54d347024100eecf9406d7dc49cdfb95ab1eff4064de84c7a30f64b2798936a0d2018ba9eb52e4b636f82e96c49cc63b80b675e91e40d1b2e4017d4b9adaf33ab3d9cf1c214f024100c173704ace742c082323066226a4655226819a85304c542b9dacbeacbf5d1881ee863485fcf6f59f3a604f9b42289282067447f2b13dfeed3eab7851fc81e0550240741fc41f3fc002b382eed8730e33c5d8de40256e4accee846667f536832f711ab1d4590e7db91a8a116ac5bff3be13d3f9243ff2e976662aa9b395d907f8e9c9024046a5696c9ef882363e06c9fa4e2f5b580906452befba03f4a99d0f873697ef1f851d2226ca7934b30b7c3e80cb634a67172bbbf4781735fe3e09263e2dd723e7"
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go
new file mode 100644
index 0000000000000000000000000000000000000000..f8da781bbe620a59dc066bd10d0f27fc353dc343
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key.go
@@ -0,0 +1,1120 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "crypto/dsa"
+ "crypto/rsa"
+ "crypto/sha1"
+ "crypto/sha256"
+ _ "crypto/sha512"
+ "encoding/binary"
+ "fmt"
+ "hash"
+ "io"
+ "math/big"
+ "strconv"
+ "time"
+
+ "github.com/ProtonMail/go-crypto/openpgp/ecdh"
+ "github.com/ProtonMail/go-crypto/openpgp/ecdsa"
+ "github.com/ProtonMail/go-crypto/openpgp/ed25519"
+ "github.com/ProtonMail/go-crypto/openpgp/ed448"
+ "github.com/ProtonMail/go-crypto/openpgp/eddsa"
+ "github.com/ProtonMail/go-crypto/openpgp/elgamal"
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/ecc"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/encoding"
+ "github.com/ProtonMail/go-crypto/openpgp/x25519"
+ "github.com/ProtonMail/go-crypto/openpgp/x448"
+)
+
+// PublicKey represents an OpenPGP public key. See RFC 4880, section 5.5.2.
+type PublicKey struct {
+ Version int
+ CreationTime time.Time
+ PubKeyAlgo PublicKeyAlgorithm
+ PublicKey interface{} // *rsa.PublicKey, *dsa.PublicKey, *ecdsa.PublicKey or *eddsa.PublicKey, *x25519.PublicKey, *x448.PublicKey, *ed25519.PublicKey, *ed448.PublicKey
+ Fingerprint []byte
+ KeyId uint64
+ IsSubkey bool
+
+ // RFC 4880 fields
+ n, e, p, q, g, y encoding.Field
+
+ // RFC 6637 fields
+ // oid contains the OID byte sequence identifying the elliptic curve used
+ oid encoding.Field
+
+ // kdf stores key derivation function parameters
+ // used for ECDH encryption. See RFC 6637, Section 9.
+ kdf encoding.Field
+}
+
+// UpgradeToV5 updates the version of the key to v5, and updates all necessary
+// fields.
+func (pk *PublicKey) UpgradeToV5() {
+ pk.Version = 5
+ pk.setFingerprintAndKeyId()
+}
+
+// UpgradeToV6 updates the version of the key to v6, and updates all necessary
+// fields.
+func (pk *PublicKey) UpgradeToV6() error {
+ pk.Version = 6
+ pk.setFingerprintAndKeyId()
+ return pk.checkV6Compatibility()
+}
+
+// signingKey provides a convenient abstraction over signature verification
+// for v3 and v4 public keys.
+type signingKey interface {
+ SerializeForHash(io.Writer) error
+ SerializeSignaturePrefix(io.Writer) error
+ serializeWithoutHeaders(io.Writer) error
+}
+
+// NewRSAPublicKey returns a PublicKey that wraps the given rsa.PublicKey.
+func NewRSAPublicKey(creationTime time.Time, pub *rsa.PublicKey) *PublicKey {
+ pk := &PublicKey{
+ Version: 4,
+ CreationTime: creationTime,
+ PubKeyAlgo: PubKeyAlgoRSA,
+ PublicKey: pub,
+ n: new(encoding.MPI).SetBig(pub.N),
+ e: new(encoding.MPI).SetBig(big.NewInt(int64(pub.E))),
+ }
+
+ pk.setFingerprintAndKeyId()
+ return pk
+}
+
+// NewDSAPublicKey returns a PublicKey that wraps the given dsa.PublicKey.
+func NewDSAPublicKey(creationTime time.Time, pub *dsa.PublicKey) *PublicKey {
+ pk := &PublicKey{
+ Version: 4,
+ CreationTime: creationTime,
+ PubKeyAlgo: PubKeyAlgoDSA,
+ PublicKey: pub,
+ p: new(encoding.MPI).SetBig(pub.P),
+ q: new(encoding.MPI).SetBig(pub.Q),
+ g: new(encoding.MPI).SetBig(pub.G),
+ y: new(encoding.MPI).SetBig(pub.Y),
+ }
+
+ pk.setFingerprintAndKeyId()
+ return pk
+}
+
+// NewElGamalPublicKey returns a PublicKey that wraps the given elgamal.PublicKey.
+func NewElGamalPublicKey(creationTime time.Time, pub *elgamal.PublicKey) *PublicKey {
+ pk := &PublicKey{
+ Version: 4,
+ CreationTime: creationTime,
+ PubKeyAlgo: PubKeyAlgoElGamal,
+ PublicKey: pub,
+ p: new(encoding.MPI).SetBig(pub.P),
+ g: new(encoding.MPI).SetBig(pub.G),
+ y: new(encoding.MPI).SetBig(pub.Y),
+ }
+
+ pk.setFingerprintAndKeyId()
+ return pk
+}
+
+func NewECDSAPublicKey(creationTime time.Time, pub *ecdsa.PublicKey) *PublicKey {
+ pk := &PublicKey{
+ Version: 4,
+ CreationTime: creationTime,
+ PubKeyAlgo: PubKeyAlgoECDSA,
+ PublicKey: pub,
+ p: encoding.NewMPI(pub.MarshalPoint()),
+ }
+
+ curveInfo := ecc.FindByCurve(pub.GetCurve())
+ if curveInfo == nil {
+ panic("unknown elliptic curve")
+ }
+ pk.oid = curveInfo.Oid
+ pk.setFingerprintAndKeyId()
+ return pk
+}
+
+func NewECDHPublicKey(creationTime time.Time, pub *ecdh.PublicKey) *PublicKey {
+ var pk *PublicKey
+ var kdf = encoding.NewOID([]byte{0x1, pub.Hash.Id(), pub.Cipher.Id()})
+ pk = &PublicKey{
+ Version: 4,
+ CreationTime: creationTime,
+ PubKeyAlgo: PubKeyAlgoECDH,
+ PublicKey: pub,
+ p: encoding.NewMPI(pub.MarshalPoint()),
+ kdf: kdf,
+ }
+
+ curveInfo := ecc.FindByCurve(pub.GetCurve())
+
+ if curveInfo == nil {
+ panic("unknown elliptic curve")
+ }
+
+ pk.oid = curveInfo.Oid
+ pk.setFingerprintAndKeyId()
+ return pk
+}
+
+func NewEdDSAPublicKey(creationTime time.Time, pub *eddsa.PublicKey) *PublicKey {
+ curveInfo := ecc.FindByCurve(pub.GetCurve())
+ pk := &PublicKey{
+ Version: 4,
+ CreationTime: creationTime,
+ PubKeyAlgo: PubKeyAlgoEdDSA,
+ PublicKey: pub,
+ oid: curveInfo.Oid,
+ // Native point format, see draft-koch-eddsa-for-openpgp-04, Appendix B
+ p: encoding.NewMPI(pub.MarshalPoint()),
+ }
+
+ pk.setFingerprintAndKeyId()
+ return pk
+}
+
+func NewX25519PublicKey(creationTime time.Time, pub *x25519.PublicKey) *PublicKey {
+ pk := &PublicKey{
+ Version: 4,
+ CreationTime: creationTime,
+ PubKeyAlgo: PubKeyAlgoX25519,
+ PublicKey: pub,
+ }
+
+ pk.setFingerprintAndKeyId()
+ return pk
+}
+
+func NewX448PublicKey(creationTime time.Time, pub *x448.PublicKey) *PublicKey {
+ pk := &PublicKey{
+ Version: 4,
+ CreationTime: creationTime,
+ PubKeyAlgo: PubKeyAlgoX448,
+ PublicKey: pub,
+ }
+
+ pk.setFingerprintAndKeyId()
+ return pk
+}
+
+func NewEd25519PublicKey(creationTime time.Time, pub *ed25519.PublicKey) *PublicKey {
+ pk := &PublicKey{
+ Version: 4,
+ CreationTime: creationTime,
+ PubKeyAlgo: PubKeyAlgoEd25519,
+ PublicKey: pub,
+ }
+
+ pk.setFingerprintAndKeyId()
+ return pk
+}
+
+func NewEd448PublicKey(creationTime time.Time, pub *ed448.PublicKey) *PublicKey {
+ pk := &PublicKey{
+ Version: 4,
+ CreationTime: creationTime,
+ PubKeyAlgo: PubKeyAlgoEd448,
+ PublicKey: pub,
+ }
+
+ pk.setFingerprintAndKeyId()
+ return pk
+}
+
+func (pk *PublicKey) parse(r io.Reader) (err error) {
+ // RFC 4880, section 5.5.2
+ var buf [6]byte
+ _, err = readFull(r, buf[:])
+ if err != nil {
+ return
+ }
+
+ pk.Version = int(buf[0])
+ if pk.Version != 4 && pk.Version != 5 && pk.Version != 6 {
+ return errors.UnsupportedError("public key version " + strconv.Itoa(int(buf[0])))
+ }
+
+ if V5Disabled && pk.Version == 5 {
+ return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed")
+ }
+
+ if pk.Version >= 5 {
+ // Read the four-octet scalar octet count
+ // The count is not used in this implementation
+ var n [4]byte
+ _, err = readFull(r, n[:])
+ if err != nil {
+ return
+ }
+ }
+ pk.CreationTime = time.Unix(int64(uint32(buf[1])<<24|uint32(buf[2])<<16|uint32(buf[3])<<8|uint32(buf[4])), 0)
+ pk.PubKeyAlgo = PublicKeyAlgorithm(buf[5])
+ // Ignore four-ocet length
+ switch pk.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:
+ err = pk.parseRSA(r)
+ case PubKeyAlgoDSA:
+ err = pk.parseDSA(r)
+ case PubKeyAlgoElGamal:
+ err = pk.parseElGamal(r)
+ case PubKeyAlgoECDSA:
+ err = pk.parseECDSA(r)
+ case PubKeyAlgoECDH:
+ err = pk.parseECDH(r)
+ case PubKeyAlgoEdDSA:
+ err = pk.parseEdDSA(r)
+ case PubKeyAlgoX25519:
+ err = pk.parseX25519(r)
+ case PubKeyAlgoX448:
+ err = pk.parseX448(r)
+ case PubKeyAlgoEd25519:
+ err = pk.parseEd25519(r)
+ case PubKeyAlgoEd448:
+ err = pk.parseEd448(r)
+ default:
+ err = errors.UnsupportedError("public key type: " + strconv.Itoa(int(pk.PubKeyAlgo)))
+ }
+ if err != nil {
+ return
+ }
+
+ pk.setFingerprintAndKeyId()
+ return
+}
+
+func (pk *PublicKey) setFingerprintAndKeyId() {
+ // RFC 4880, section 12.2
+ if pk.Version >= 5 {
+ fingerprint := sha256.New()
+ if err := pk.SerializeForHash(fingerprint); err != nil {
+ // Should not happen for a hash.
+ panic(err)
+ }
+ pk.Fingerprint = make([]byte, 32)
+ copy(pk.Fingerprint, fingerprint.Sum(nil))
+ pk.KeyId = binary.BigEndian.Uint64(pk.Fingerprint[:8])
+ } else {
+ fingerprint := sha1.New()
+ if err := pk.SerializeForHash(fingerprint); err != nil {
+ // Should not happen for a hash.
+ panic(err)
+ }
+ pk.Fingerprint = make([]byte, 20)
+ copy(pk.Fingerprint, fingerprint.Sum(nil))
+ pk.KeyId = binary.BigEndian.Uint64(pk.Fingerprint[12:20])
+ }
+}
+
+func (pk *PublicKey) checkV6Compatibility() error {
+ // Implementations MUST NOT accept or generate version 6 key material using the deprecated OIDs.
+ switch pk.PubKeyAlgo {
+ case PubKeyAlgoECDH:
+ curveInfo := ecc.FindByOid(pk.oid)
+ if curveInfo == nil {
+ return errors.UnsupportedError(fmt.Sprintf("unknown oid: %x", pk.oid))
+ }
+ if curveInfo.GenName == ecc.Curve25519GenName {
+ return errors.StructuralError("cannot generate v6 key with deprecated OID: Curve25519Legacy")
+ }
+ case PubKeyAlgoEdDSA:
+ return errors.StructuralError("cannot generate v6 key with deprecated algorithm: EdDSALegacy")
+ }
+ return nil
+}
+
+// parseRSA parses RSA public key material from the given Reader. See RFC 4880,
+// section 5.5.2.
+func (pk *PublicKey) parseRSA(r io.Reader) (err error) {
+ pk.n = new(encoding.MPI)
+ if _, err = pk.n.ReadFrom(r); err != nil {
+ return
+ }
+ pk.e = new(encoding.MPI)
+ if _, err = pk.e.ReadFrom(r); err != nil {
+ return
+ }
+
+ if len(pk.e.Bytes()) > 3 {
+ err = errors.UnsupportedError("large public exponent")
+ return
+ }
+ rsa := &rsa.PublicKey{
+ N: new(big.Int).SetBytes(pk.n.Bytes()),
+ E: 0,
+ }
+ for i := 0; i < len(pk.e.Bytes()); i++ {
+ rsa.E <<= 8
+ rsa.E |= int(pk.e.Bytes()[i])
+ }
+ pk.PublicKey = rsa
+ return
+}
+
+// parseDSA parses DSA public key material from the given Reader. See RFC 4880,
+// section 5.5.2.
+func (pk *PublicKey) parseDSA(r io.Reader) (err error) {
+ pk.p = new(encoding.MPI)
+ if _, err = pk.p.ReadFrom(r); err != nil {
+ return
+ }
+ pk.q = new(encoding.MPI)
+ if _, err = pk.q.ReadFrom(r); err != nil {
+ return
+ }
+ pk.g = new(encoding.MPI)
+ if _, err = pk.g.ReadFrom(r); err != nil {
+ return
+ }
+ pk.y = new(encoding.MPI)
+ if _, err = pk.y.ReadFrom(r); err != nil {
+ return
+ }
+
+ dsa := new(dsa.PublicKey)
+ dsa.P = new(big.Int).SetBytes(pk.p.Bytes())
+ dsa.Q = new(big.Int).SetBytes(pk.q.Bytes())
+ dsa.G = new(big.Int).SetBytes(pk.g.Bytes())
+ dsa.Y = new(big.Int).SetBytes(pk.y.Bytes())
+ pk.PublicKey = dsa
+ return
+}
+
+// parseElGamal parses ElGamal public key material from the given Reader. See
+// RFC 4880, section 5.5.2.
+func (pk *PublicKey) parseElGamal(r io.Reader) (err error) {
+ pk.p = new(encoding.MPI)
+ if _, err = pk.p.ReadFrom(r); err != nil {
+ return
+ }
+ pk.g = new(encoding.MPI)
+ if _, err = pk.g.ReadFrom(r); err != nil {
+ return
+ }
+ pk.y = new(encoding.MPI)
+ if _, err = pk.y.ReadFrom(r); err != nil {
+ return
+ }
+
+ elgamal := new(elgamal.PublicKey)
+ elgamal.P = new(big.Int).SetBytes(pk.p.Bytes())
+ elgamal.G = new(big.Int).SetBytes(pk.g.Bytes())
+ elgamal.Y = new(big.Int).SetBytes(pk.y.Bytes())
+ pk.PublicKey = elgamal
+ return
+}
+
+// parseECDSA parses ECDSA public key material from the given Reader. See
+// RFC 6637, Section 9.
+func (pk *PublicKey) parseECDSA(r io.Reader) (err error) {
+ pk.oid = new(encoding.OID)
+ if _, err = pk.oid.ReadFrom(r); err != nil {
+ return
+ }
+
+ curveInfo := ecc.FindByOid(pk.oid)
+ if curveInfo == nil {
+ return errors.UnsupportedError(fmt.Sprintf("unknown oid: %x", pk.oid))
+ }
+
+ pk.p = new(encoding.MPI)
+ if _, err = pk.p.ReadFrom(r); err != nil {
+ return
+ }
+
+ c, ok := curveInfo.Curve.(ecc.ECDSACurve)
+ if !ok {
+ return errors.UnsupportedError(fmt.Sprintf("unsupported oid: %x", pk.oid))
+ }
+
+ ecdsaKey := ecdsa.NewPublicKey(c)
+ err = ecdsaKey.UnmarshalPoint(pk.p.Bytes())
+ pk.PublicKey = ecdsaKey
+
+ return
+}
+
+// parseECDH parses ECDH public key material from the given Reader. See
+// RFC 6637, Section 9.
+func (pk *PublicKey) parseECDH(r io.Reader) (err error) {
+ pk.oid = new(encoding.OID)
+ if _, err = pk.oid.ReadFrom(r); err != nil {
+ return
+ }
+
+ curveInfo := ecc.FindByOid(pk.oid)
+ if curveInfo == nil {
+ return errors.UnsupportedError(fmt.Sprintf("unknown oid: %x", pk.oid))
+ }
+
+ if pk.Version == 6 && curveInfo.GenName == ecc.Curve25519GenName {
+ // Implementations MUST NOT accept or generate version 6 key material using the deprecated OIDs.
+ return errors.StructuralError("cannot read v6 key with deprecated OID: Curve25519Legacy")
+ }
+
+ pk.p = new(encoding.MPI)
+ if _, err = pk.p.ReadFrom(r); err != nil {
+ return
+ }
+ pk.kdf = new(encoding.OID)
+ if _, err = pk.kdf.ReadFrom(r); err != nil {
+ return
+ }
+
+ c, ok := curveInfo.Curve.(ecc.ECDHCurve)
+ if !ok {
+ return errors.UnsupportedError(fmt.Sprintf("unsupported oid: %x", pk.oid))
+ }
+
+ if kdfLen := len(pk.kdf.Bytes()); kdfLen < 3 {
+ return errors.UnsupportedError("unsupported ECDH KDF length: " + strconv.Itoa(kdfLen))
+ }
+ if reserved := pk.kdf.Bytes()[0]; reserved != 0x01 {
+ return errors.UnsupportedError("unsupported KDF reserved field: " + strconv.Itoa(int(reserved)))
+ }
+ kdfHash, ok := algorithm.HashById[pk.kdf.Bytes()[1]]
+ if !ok {
+ return errors.UnsupportedError("unsupported ECDH KDF hash: " + strconv.Itoa(int(pk.kdf.Bytes()[1])))
+ }
+ kdfCipher, ok := algorithm.CipherById[pk.kdf.Bytes()[2]]
+ if !ok {
+ return errors.UnsupportedError("unsupported ECDH KDF cipher: " + strconv.Itoa(int(pk.kdf.Bytes()[2])))
+ }
+
+ ecdhKey := ecdh.NewPublicKey(c, kdfHash, kdfCipher)
+ err = ecdhKey.UnmarshalPoint(pk.p.Bytes())
+ pk.PublicKey = ecdhKey
+
+ return
+}
+
+func (pk *PublicKey) parseEdDSA(r io.Reader) (err error) {
+ if pk.Version == 6 {
+ // Implementations MUST NOT accept or generate version 6 key material using the deprecated OIDs.
+ return errors.StructuralError("cannot generate v6 key with deprecated algorithm: EdDSALegacy")
+ }
+
+ pk.oid = new(encoding.OID)
+ if _, err = pk.oid.ReadFrom(r); err != nil {
+ return
+ }
+
+ curveInfo := ecc.FindByOid(pk.oid)
+ if curveInfo == nil {
+ return errors.UnsupportedError(fmt.Sprintf("unknown oid: %x", pk.oid))
+ }
+
+ c, ok := curveInfo.Curve.(ecc.EdDSACurve)
+ if !ok {
+ return errors.UnsupportedError(fmt.Sprintf("unsupported oid: %x", pk.oid))
+ }
+
+ pk.p = new(encoding.MPI)
+ if _, err = pk.p.ReadFrom(r); err != nil {
+ return
+ }
+
+ if len(pk.p.Bytes()) == 0 {
+ return errors.StructuralError("empty EdDSA public key")
+ }
+
+ pub := eddsa.NewPublicKey(c)
+
+ switch flag := pk.p.Bytes()[0]; flag {
+ case 0x04:
+ // TODO: see _grcy_ecc_eddsa_ensure_compact in grcypt
+ return errors.UnsupportedError("unsupported EdDSA compression: " + strconv.Itoa(int(flag)))
+ case 0x40:
+ err = pub.UnmarshalPoint(pk.p.Bytes())
+ default:
+ return errors.UnsupportedError("unsupported EdDSA compression: " + strconv.Itoa(int(flag)))
+ }
+
+ pk.PublicKey = pub
+ return
+}
+
+func (pk *PublicKey) parseX25519(r io.Reader) (err error) {
+ point := make([]byte, x25519.KeySize)
+ _, err = io.ReadFull(r, point)
+ if err != nil {
+ return
+ }
+ pub := &x25519.PublicKey{
+ Point: point,
+ }
+ pk.PublicKey = pub
+ return
+}
+
+func (pk *PublicKey) parseX448(r io.Reader) (err error) {
+ point := make([]byte, x448.KeySize)
+ _, err = io.ReadFull(r, point)
+ if err != nil {
+ return
+ }
+ pub := &x448.PublicKey{
+ Point: point,
+ }
+ pk.PublicKey = pub
+ return
+}
+
+func (pk *PublicKey) parseEd25519(r io.Reader) (err error) {
+ point := make([]byte, ed25519.PublicKeySize)
+ _, err = io.ReadFull(r, point)
+ if err != nil {
+ return
+ }
+ pub := &ed25519.PublicKey{
+ Point: point,
+ }
+ pk.PublicKey = pub
+ return
+}
+
+func (pk *PublicKey) parseEd448(r io.Reader) (err error) {
+ point := make([]byte, ed448.PublicKeySize)
+ _, err = io.ReadFull(r, point)
+ if err != nil {
+ return
+ }
+ pub := &ed448.PublicKey{
+ Point: point,
+ }
+ pk.PublicKey = pub
+ return
+}
+
+// SerializeForHash serializes the PublicKey to w with the special packet
+// header format needed for hashing.
+func (pk *PublicKey) SerializeForHash(w io.Writer) error {
+ if err := pk.SerializeSignaturePrefix(w); err != nil {
+ return err
+ }
+ return pk.serializeWithoutHeaders(w)
+}
+
+// SerializeSignaturePrefix writes the prefix for this public key to the given Writer.
+// The prefix is used when calculating a signature over this public key. See
+// RFC 4880, section 5.2.4.
+func (pk *PublicKey) SerializeSignaturePrefix(w io.Writer) error {
+ var pLength = pk.algorithmSpecificByteCount()
+ // version, timestamp, algorithm
+ pLength += versionSize + timestampSize + algorithmSize
+ if pk.Version >= 5 {
+ // key octet count (4).
+ pLength += 4
+ _, err := w.Write([]byte{
+ // When a v4 signature is made over a key, the hash data starts with the octet 0x99, followed by a two-octet length
+ // of the key, and then the body of the key packet. When a v6 signature is made over a key, the hash data starts
+ // with the salt, then octet 0x9B, followed by a four-octet length of the key, and then the body of the key packet.
+ 0x95 + byte(pk.Version),
+ byte(pLength >> 24),
+ byte(pLength >> 16),
+ byte(pLength >> 8),
+ byte(pLength),
+ })
+ return err
+ }
+ if _, err := w.Write([]byte{0x99, byte(pLength >> 8), byte(pLength)}); err != nil {
+ return err
+ }
+ return nil
+}
+
+func (pk *PublicKey) Serialize(w io.Writer) (err error) {
+ length := uint32(versionSize + timestampSize + algorithmSize) // 6 byte header
+ length += pk.algorithmSpecificByteCount()
+ if pk.Version >= 5 {
+ length += 4 // octet key count
+ }
+ packetType := packetTypePublicKey
+ if pk.IsSubkey {
+ packetType = packetTypePublicSubkey
+ }
+ err = serializeHeader(w, packetType, int(length))
+ if err != nil {
+ return
+ }
+ return pk.serializeWithoutHeaders(w)
+}
+
+func (pk *PublicKey) algorithmSpecificByteCount() uint32 {
+ length := uint32(0)
+ switch pk.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:
+ length += uint32(pk.n.EncodedLength())
+ length += uint32(pk.e.EncodedLength())
+ case PubKeyAlgoDSA:
+ length += uint32(pk.p.EncodedLength())
+ length += uint32(pk.q.EncodedLength())
+ length += uint32(pk.g.EncodedLength())
+ length += uint32(pk.y.EncodedLength())
+ case PubKeyAlgoElGamal:
+ length += uint32(pk.p.EncodedLength())
+ length += uint32(pk.g.EncodedLength())
+ length += uint32(pk.y.EncodedLength())
+ case PubKeyAlgoECDSA:
+ length += uint32(pk.oid.EncodedLength())
+ length += uint32(pk.p.EncodedLength())
+ case PubKeyAlgoECDH:
+ length += uint32(pk.oid.EncodedLength())
+ length += uint32(pk.p.EncodedLength())
+ length += uint32(pk.kdf.EncodedLength())
+ case PubKeyAlgoEdDSA:
+ length += uint32(pk.oid.EncodedLength())
+ length += uint32(pk.p.EncodedLength())
+ case PubKeyAlgoX25519:
+ length += x25519.KeySize
+ case PubKeyAlgoX448:
+ length += x448.KeySize
+ case PubKeyAlgoEd25519:
+ length += ed25519.PublicKeySize
+ case PubKeyAlgoEd448:
+ length += ed448.PublicKeySize
+ default:
+ panic("unknown public key algorithm")
+ }
+ return length
+}
+
+// serializeWithoutHeaders marshals the PublicKey to w in the form of an
+// OpenPGP public key packet, not including the packet header.
+func (pk *PublicKey) serializeWithoutHeaders(w io.Writer) (err error) {
+ t := uint32(pk.CreationTime.Unix())
+ if _, err = w.Write([]byte{
+ byte(pk.Version),
+ byte(t >> 24), byte(t >> 16), byte(t >> 8), byte(t),
+ byte(pk.PubKeyAlgo),
+ }); err != nil {
+ return
+ }
+
+ if pk.Version >= 5 {
+ n := pk.algorithmSpecificByteCount()
+ if _, err = w.Write([]byte{
+ byte(n >> 24), byte(n >> 16), byte(n >> 8), byte(n),
+ }); err != nil {
+ return
+ }
+ }
+
+ switch pk.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:
+ if _, err = w.Write(pk.n.EncodedBytes()); err != nil {
+ return
+ }
+ _, err = w.Write(pk.e.EncodedBytes())
+ return
+ case PubKeyAlgoDSA:
+ if _, err = w.Write(pk.p.EncodedBytes()); err != nil {
+ return
+ }
+ if _, err = w.Write(pk.q.EncodedBytes()); err != nil {
+ return
+ }
+ if _, err = w.Write(pk.g.EncodedBytes()); err != nil {
+ return
+ }
+ _, err = w.Write(pk.y.EncodedBytes())
+ return
+ case PubKeyAlgoElGamal:
+ if _, err = w.Write(pk.p.EncodedBytes()); err != nil {
+ return
+ }
+ if _, err = w.Write(pk.g.EncodedBytes()); err != nil {
+ return
+ }
+ _, err = w.Write(pk.y.EncodedBytes())
+ return
+ case PubKeyAlgoECDSA:
+ if _, err = w.Write(pk.oid.EncodedBytes()); err != nil {
+ return
+ }
+ _, err = w.Write(pk.p.EncodedBytes())
+ return
+ case PubKeyAlgoECDH:
+ if _, err = w.Write(pk.oid.EncodedBytes()); err != nil {
+ return
+ }
+ if _, err = w.Write(pk.p.EncodedBytes()); err != nil {
+ return
+ }
+ _, err = w.Write(pk.kdf.EncodedBytes())
+ return
+ case PubKeyAlgoEdDSA:
+ if _, err = w.Write(pk.oid.EncodedBytes()); err != nil {
+ return
+ }
+ _, err = w.Write(pk.p.EncodedBytes())
+ return
+ case PubKeyAlgoX25519:
+ publicKey := pk.PublicKey.(*x25519.PublicKey)
+ _, err = w.Write(publicKey.Point)
+ return
+ case PubKeyAlgoX448:
+ publicKey := pk.PublicKey.(*x448.PublicKey)
+ _, err = w.Write(publicKey.Point)
+ return
+ case PubKeyAlgoEd25519:
+ publicKey := pk.PublicKey.(*ed25519.PublicKey)
+ _, err = w.Write(publicKey.Point)
+ return
+ case PubKeyAlgoEd448:
+ publicKey := pk.PublicKey.(*ed448.PublicKey)
+ _, err = w.Write(publicKey.Point)
+ return
+ }
+ return errors.InvalidArgumentError("bad public-key algorithm")
+}
+
+// CanSign returns true iff this public key can generate signatures
+func (pk *PublicKey) CanSign() bool {
+ return pk.PubKeyAlgo != PubKeyAlgoRSAEncryptOnly && pk.PubKeyAlgo != PubKeyAlgoElGamal && pk.PubKeyAlgo != PubKeyAlgoECDH
+}
+
+// VerifyHashTag returns nil iff sig appears to be a plausible signature of the data
+// hashed into signed, based solely on its HashTag. signed is mutated by this call.
+func VerifyHashTag(signed hash.Hash, sig *Signature) (err error) {
+ if sig.Version == 5 && (sig.SigType == 0x00 || sig.SigType == 0x01) {
+ sig.AddMetadataToHashSuffix()
+ }
+ signed.Write(sig.HashSuffix)
+ hashBytes := signed.Sum(nil)
+ if hashBytes[0] != sig.HashTag[0] || hashBytes[1] != sig.HashTag[1] {
+ return errors.SignatureError("hash tag doesn't match")
+ }
+ return nil
+}
+
+// VerifySignature returns nil iff sig is a valid signature, made by this
+// public key, of the data hashed into signed. signed is mutated by this call.
+func (pk *PublicKey) VerifySignature(signed hash.Hash, sig *Signature) (err error) {
+ if !pk.CanSign() {
+ return errors.InvalidArgumentError("public key cannot generate signatures")
+ }
+ if sig.Version == 5 && (sig.SigType == 0x00 || sig.SigType == 0x01) {
+ sig.AddMetadataToHashSuffix()
+ }
+ signed.Write(sig.HashSuffix)
+ hashBytes := signed.Sum(nil)
+ // see discussion https://github.com/ProtonMail/go-crypto/issues/107
+ if sig.Version >= 5 && (hashBytes[0] != sig.HashTag[0] || hashBytes[1] != sig.HashTag[1]) {
+ return errors.SignatureError("hash tag doesn't match")
+ }
+
+ if pk.PubKeyAlgo != sig.PubKeyAlgo {
+ return errors.InvalidArgumentError("public key and signature use different algorithms")
+ }
+
+ switch pk.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
+ rsaPublicKey, _ := pk.PublicKey.(*rsa.PublicKey)
+ err = rsa.VerifyPKCS1v15(rsaPublicKey, sig.Hash, hashBytes, padToKeySize(rsaPublicKey, sig.RSASignature.Bytes()))
+ if err != nil {
+ return errors.SignatureError("RSA verification failure")
+ }
+ return nil
+ case PubKeyAlgoDSA:
+ dsaPublicKey, _ := pk.PublicKey.(*dsa.PublicKey)
+ // Need to truncate hashBytes to match FIPS 186-3 section 4.6.
+ subgroupSize := (dsaPublicKey.Q.BitLen() + 7) / 8
+ if len(hashBytes) > subgroupSize {
+ hashBytes = hashBytes[:subgroupSize]
+ }
+ if !dsa.Verify(dsaPublicKey, hashBytes, new(big.Int).SetBytes(sig.DSASigR.Bytes()), new(big.Int).SetBytes(sig.DSASigS.Bytes())) {
+ return errors.SignatureError("DSA verification failure")
+ }
+ return nil
+ case PubKeyAlgoECDSA:
+ ecdsaPublicKey := pk.PublicKey.(*ecdsa.PublicKey)
+ if !ecdsa.Verify(ecdsaPublicKey, hashBytes, new(big.Int).SetBytes(sig.ECDSASigR.Bytes()), new(big.Int).SetBytes(sig.ECDSASigS.Bytes())) {
+ return errors.SignatureError("ECDSA verification failure")
+ }
+ return nil
+ case PubKeyAlgoEdDSA:
+ eddsaPublicKey := pk.PublicKey.(*eddsa.PublicKey)
+ if !eddsa.Verify(eddsaPublicKey, hashBytes, sig.EdDSASigR.Bytes(), sig.EdDSASigS.Bytes()) {
+ return errors.SignatureError("EdDSA verification failure")
+ }
+ return nil
+ case PubKeyAlgoEd25519:
+ ed25519PublicKey := pk.PublicKey.(*ed25519.PublicKey)
+ if !ed25519.Verify(ed25519PublicKey, hashBytes, sig.EdSig) {
+ return errors.SignatureError("Ed25519 verification failure")
+ }
+ return nil
+ case PubKeyAlgoEd448:
+ ed448PublicKey := pk.PublicKey.(*ed448.PublicKey)
+ if !ed448.Verify(ed448PublicKey, hashBytes, sig.EdSig) {
+ return errors.SignatureError("ed448 verification failure")
+ }
+ return nil
+ default:
+ return errors.SignatureError("Unsupported public key algorithm used in signature")
+ }
+}
+
+// keySignatureHash returns a Hash of the message that needs to be signed for
+// pk to assert a subkey relationship to signed.
+func keySignatureHash(pk, signed signingKey, hashFunc hash.Hash) (h hash.Hash, err error) {
+ h = hashFunc
+
+ // RFC 4880, section 5.2.4
+ err = pk.SerializeForHash(h)
+ if err != nil {
+ return nil, err
+ }
+
+ err = signed.SerializeForHash(h)
+ return
+}
+
+// VerifyKeyHashTag returns nil iff sig appears to be a plausible signature over this
+// primary key and subkey, based solely on its HashTag.
+func (pk *PublicKey) VerifyKeyHashTag(signed *PublicKey, sig *Signature) error {
+ preparedHash, err := sig.PrepareVerify()
+ if err != nil {
+ return err
+ }
+ h, err := keySignatureHash(pk, signed, preparedHash)
+ if err != nil {
+ return err
+ }
+ return VerifyHashTag(h, sig)
+}
+
+// VerifyKeySignature returns nil iff sig is a valid signature, made by this
+// public key, of signed.
+func (pk *PublicKey) VerifyKeySignature(signed *PublicKey, sig *Signature) error {
+ preparedHash, err := sig.PrepareVerify()
+ if err != nil {
+ return err
+ }
+ h, err := keySignatureHash(pk, signed, preparedHash)
+ if err != nil {
+ return err
+ }
+ if err = pk.VerifySignature(h, sig); err != nil {
+ return err
+ }
+
+ if sig.FlagSign {
+ // Signing subkeys must be cross-signed. See
+ // https://www.gnupg.org/faq/subkey-cross-certify.html.
+ if sig.EmbeddedSignature == nil {
+ return errors.StructuralError("signing subkey is missing cross-signature")
+ }
+ preparedHashEmbedded, err := sig.EmbeddedSignature.PrepareVerify()
+ if err != nil {
+ return err
+ }
+ // Verify the cross-signature. This is calculated over the same
+ // data as the main signature, so we cannot just recursively
+ // call signed.VerifyKeySignature(...)
+ if h, err = keySignatureHash(pk, signed, preparedHashEmbedded); err != nil {
+ return errors.StructuralError("error while hashing for cross-signature: " + err.Error())
+ }
+ if err := signed.VerifySignature(h, sig.EmbeddedSignature); err != nil {
+ return errors.StructuralError("error while verifying cross-signature: " + err.Error())
+ }
+ }
+
+ return nil
+}
+
+func keyRevocationHash(pk signingKey, hashFunc hash.Hash) (err error) {
+ return pk.SerializeForHash(hashFunc)
+}
+
+// VerifyRevocationHashTag returns nil iff sig appears to be a plausible signature
+// over this public key, based solely on its HashTag.
+func (pk *PublicKey) VerifyRevocationHashTag(sig *Signature) (err error) {
+ preparedHash, err := sig.PrepareVerify()
+ if err != nil {
+ return err
+ }
+ if err = keyRevocationHash(pk, preparedHash); err != nil {
+ return err
+ }
+ return VerifyHashTag(preparedHash, sig)
+}
+
+// VerifyRevocationSignature returns nil iff sig is a valid signature, made by this
+// public key.
+func (pk *PublicKey) VerifyRevocationSignature(sig *Signature) (err error) {
+ preparedHash, err := sig.PrepareVerify()
+ if err != nil {
+ return err
+ }
+ if err = keyRevocationHash(pk, preparedHash); err != nil {
+ return err
+ }
+ return pk.VerifySignature(preparedHash, sig)
+}
+
+// VerifySubkeyRevocationSignature returns nil iff sig is a valid subkey revocation signature,
+// made by this public key, of signed.
+func (pk *PublicKey) VerifySubkeyRevocationSignature(sig *Signature, signed *PublicKey) (err error) {
+ preparedHash, err := sig.PrepareVerify()
+ if err != nil {
+ return err
+ }
+ h, err := keySignatureHash(pk, signed, preparedHash)
+ if err != nil {
+ return err
+ }
+ return pk.VerifySignature(h, sig)
+}
+
+// userIdSignatureHash returns a Hash of the message that needs to be signed
+// to assert that pk is a valid key for id.
+func userIdSignatureHash(id string, pk *PublicKey, h hash.Hash) (err error) {
+
+ // RFC 4880, section 5.2.4
+ if err := pk.SerializeSignaturePrefix(h); err != nil {
+ return err
+ }
+ if err := pk.serializeWithoutHeaders(h); err != nil {
+ return err
+ }
+
+ var buf [5]byte
+ buf[0] = 0xb4
+ buf[1] = byte(len(id) >> 24)
+ buf[2] = byte(len(id) >> 16)
+ buf[3] = byte(len(id) >> 8)
+ buf[4] = byte(len(id))
+ h.Write(buf[:])
+ h.Write([]byte(id))
+
+ return nil
+}
+
+// directKeySignatureHash returns a Hash of the message that needs to be signed.
+func directKeySignatureHash(pk *PublicKey, h hash.Hash) (err error) {
+ return pk.SerializeForHash(h)
+}
+
+// VerifyUserIdHashTag returns nil iff sig appears to be a plausible signature over this
+// public key and UserId, based solely on its HashTag
+func (pk *PublicKey) VerifyUserIdHashTag(id string, sig *Signature) (err error) {
+ preparedHash, err := sig.PrepareVerify()
+ if err != nil {
+ return err
+ }
+ err = userIdSignatureHash(id, pk, preparedHash)
+ if err != nil {
+ return err
+ }
+ return VerifyHashTag(preparedHash, sig)
+}
+
+// VerifyUserIdSignature returns nil iff sig is a valid signature, made by this
+// public key, that id is the identity of pub.
+func (pk *PublicKey) VerifyUserIdSignature(id string, pub *PublicKey, sig *Signature) (err error) {
+ h, err := sig.PrepareVerify()
+ if err != nil {
+ return err
+ }
+ if err := userIdSignatureHash(id, pub, h); err != nil {
+ return err
+ }
+ return pk.VerifySignature(h, sig)
+}
+
+// VerifyDirectKeySignature returns nil iff sig is a valid signature, made by this
+// public key.
+func (pk *PublicKey) VerifyDirectKeySignature(sig *Signature) (err error) {
+ h, err := sig.PrepareVerify()
+ if err != nil {
+ return err
+ }
+ if err := directKeySignatureHash(pk, h); err != nil {
+ return err
+ }
+ return pk.VerifySignature(h, sig)
+}
+
+// KeyIdString returns the public key's fingerprint in capital hex
+// (e.g. "6C7EE1B8621CC013").
+func (pk *PublicKey) KeyIdString() string {
+ return fmt.Sprintf("%X", pk.Fingerprint[12:20])
+}
+
+// KeyIdShortString returns the short form of public key's fingerprint
+// in capital hex, as shown by gpg --list-keys (e.g. "621CC013").
+func (pk *PublicKey) KeyIdShortString() string {
+ return fmt.Sprintf("%X", pk.Fingerprint[16:20])
+}
+
+// BitLength returns the bit length for the given public key.
+func (pk *PublicKey) BitLength() (bitLength uint16, err error) {
+ switch pk.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSAEncryptOnly, PubKeyAlgoRSASignOnly:
+ bitLength = pk.n.BitLength()
+ case PubKeyAlgoDSA:
+ bitLength = pk.p.BitLength()
+ case PubKeyAlgoElGamal:
+ bitLength = pk.p.BitLength()
+ case PubKeyAlgoECDSA:
+ bitLength = pk.p.BitLength()
+ case PubKeyAlgoECDH:
+ bitLength = pk.p.BitLength()
+ case PubKeyAlgoEdDSA:
+ bitLength = pk.p.BitLength()
+ case PubKeyAlgoX25519:
+ bitLength = x25519.KeySize * 8
+ case PubKeyAlgoX448:
+ bitLength = x448.KeySize * 8
+ case PubKeyAlgoEd25519:
+ bitLength = ed25519.PublicKeySize * 8
+ case PubKeyAlgoEd448:
+ bitLength = ed448.PublicKeySize * 8
+ default:
+ err = errors.InvalidArgumentError("bad public-key algorithm")
+ }
+ return
+}
+
+// Curve returns the used elliptic curve of this public key.
+// Returns an error if no elliptic curve is used.
+func (pk *PublicKey) Curve() (curve Curve, err error) {
+ switch pk.PubKeyAlgo {
+ case PubKeyAlgoECDSA, PubKeyAlgoECDH, PubKeyAlgoEdDSA:
+ curveInfo := ecc.FindByOid(pk.oid)
+ if curveInfo == nil {
+ return "", errors.UnsupportedError(fmt.Sprintf("unknown oid: %x", pk.oid))
+ }
+ curve = Curve(curveInfo.GenName)
+ case PubKeyAlgoEd25519, PubKeyAlgoX25519:
+ curve = Curve25519
+ case PubKeyAlgoEd448, PubKeyAlgoX448:
+ curve = Curve448
+ default:
+ err = errors.InvalidArgumentError("public key does not operate with an elliptic curve")
+ }
+ return
+}
+
+// KeyExpired returns whether sig is a self-signature of a key that has
+// expired or is created in the future.
+func (pk *PublicKey) KeyExpired(sig *Signature, currentTime time.Time) bool {
+ if pk.CreationTime.Unix() > currentTime.Unix() {
+ return true
+ }
+ if sig.KeyLifetimeSecs == nil || *sig.KeyLifetimeSecs == 0 {
+ return false
+ }
+ expiry := pk.CreationTime.Add(time.Duration(*sig.KeyLifetimeSecs) * time.Second)
+ return currentTime.Unix() > expiry.Unix()
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key_test_data.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key_test_data.go
new file mode 100644
index 0000000000000000000000000000000000000000..b255f1f6f8f5fce74d946ea72d0ebb04364f5304
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/public_key_test_data.go
@@ -0,0 +1,24 @@
+package packet
+
+const rsaFingerprintHex = "5fb74b1d03b1e3cb31bc2f8aa34d7e18c20c31bb"
+
+const rsaPkDataHex = "988d044d3c5c10010400b1d13382944bd5aba23a4312968b5095d14f947f600eb478e14a6fcb16b0e0cac764884909c020bc495cfcc39a935387c661507bdb236a0612fb582cac3af9b29cc2c8c70090616c41b662f4da4c1201e195472eb7f4ae1ccbcbf9940fe21d985e379a5563dde5b9a23d35f1cfaa5790da3b79db26f23695107bfaca8e7b5bcd0011010001"
+
+const dsaFingerprintHex = "eece4c094db002103714c63c8e8fbe54062f19ed"
+
+const dsaPkDataHex = "9901a2044d432f89110400cd581334f0d7a1e1bdc8b9d6d8c0baf68793632735d2bb0903224cbaa1dfbf35a60ee7a13b92643421e1eb41aa8d79bea19a115a677f6b8ba3c7818ce53a6c2a24a1608bd8b8d6e55c5090cbde09dd26e356267465ae25e69ec8bdd57c7bbb2623e4d73336f73a0a9098f7f16da2e25252130fd694c0e8070c55a812a423ae7f00a0ebf50e70c2f19c3520a551bd4b08d30f23530d3d03ff7d0bf4a53a64a09dc5e6e6e35854b7d70c882b0c60293401958b1bd9e40abec3ea05ba87cf64899299d4bd6aa7f459c201d3fbbd6c82004bdc5e8a9eb8082d12054cc90fa9d4ec251a843236a588bf49552441817436c4f43326966fe85447d4e6d0acf8fa1ef0f014730770603ad7634c3088dc52501c237328417c31c89ed70400b2f1a98b0bf42f11fefc430704bebbaa41d9f355600c3facee1e490f64208e0e094ea55e3a598a219a58500bf78ac677b670a14f4e47e9cf8eab4f368cc1ddcaa18cc59309d4cc62dd4f680e73e6cc3e1ce87a84d0925efbcb26c575c093fc42eecf45135fabf6403a25c2016e1774c0484e440a18319072c617cc97ac0a3bb0"
+
+const ecdsaFingerprintHex = "9892270b38b8980b05c8d56d43fe956c542ca00b"
+
+const ecdsaPkDataHex = "9893045071c29413052b8104002304230401f4867769cedfa52c325018896245443968e52e51d0c2df8d939949cb5b330f2921711fbee1c9b9dddb95d15cb0255e99badeddda7cc23d9ddcaacbc290969b9f24019375d61c2e4e3b36953a28d8b2bc95f78c3f1d592fb24499be348656a7b17e3963187b4361afe497bc5f9f81213f04069f8e1fb9e6a6290ae295ca1a92b894396cb4"
+
+const ecdhFingerprintHex = "722354df2475a42164d1d49faa8b938f9a201946"
+
+const ecdhPkDataHex = "b90073044d53059212052b810400220303042faa84024a20b6735c4897efa5bfb41bf85b7eefeab5ca0cb9ffc8ea04a46acb25534a577694f9e25340a4ab5223a9dd1eda530c8aa2e6718db10d7e672558c7736fe09369ea5739a2a3554bf16d41faa50562f11c6d39bbd5dffb6b9a9ec91803010909"
+
+const eddsaFingerprintHex = "b2d5e5ec0e6deca6bc8eeeb00907e75e1dd99ad8"
+
+const eddsaPkDataHex = "98330456e2132b16092b06010401da470f01010740bbda39266affa511a8c2d02edf690fb784b0499c4406185811a163539ef11dc1b41d74657374696e67203c74657374696e674074657374696e672e636f6d3e8879041316080021050256e2132b021b03050b09080702061508090a0b020416020301021e01021780000a09100907e75e1dd99ad86d0c00fe39d2008359352782bc9b61ac382584cd8eff3f57a18c2287e3afeeb05d1f04ba00fe2d0bc1ddf3ff8adb9afa3e7d9287244b4ec567f3db4d60b74a9b5465ed528203"
+
+// Source: https://sites.google.com/site/brainhub/pgpecckeys#TOC-ECC-NIST-P-384-key
+const ecc384PubHex = `99006f044d53059213052b81040022030304f6b8c5aced5b84ef9f4a209db2e4a9dfb70d28cb8c10ecd57674a9fa5a67389942b62d5e51367df4c7bfd3f8e500feecf07ed265a621a8ebbbe53e947ec78c677eba143bd1533c2b350e1c29f82313e1e1108eba063be1e64b10e6950e799c2db42465635f6473615f64685f333834203c6f70656e70677040627261696e6875622e6f72673e8900cb04101309005305024d530592301480000000002000077072656665727265642d656d61696c2d656e636f64696e67407067702e636f6d7067706d696d65040b090807021901051b03000000021602051e010000000415090a08000a0910098033880f54719fca2b0180aa37350968bd5f115afd8ce7bc7b103822152dbff06d0afcda835329510905b98cb469ba208faab87c7412b799e7b633017f58364ea480e8a1a3f253a0c5f22c446e8be9a9fce6210136ee30811abbd49139de28b5bdf8dc36d06ae748579e9ff503b90073044d53059212052b810400220303042faa84024a20b6735c4897efa5bfb41bf85b7eefeab5ca0cb9ffc8ea04a46acb25534a577694f9e25340a4ab5223a9dd1eda530c8aa2e6718db10d7e672558c7736fe09369ea5739a2a3554bf16d41faa50562f11c6d39bbd5dffb6b9a9ec9180301090989008404181309000c05024d530592051b0c000000000a0910098033880f54719f80970180eee7a6d8fcee41ee4f9289df17f9bcf9d955dca25c583b94336f3a2b2d4986dc5cf417b8d2dc86f741a9e1a6d236c0e3017d1c76575458a0cfb93ae8a2b274fcc65ceecd7a91eec83656ba13219969f06945b48c56bd04152c3a0553c5f2f4bd1267`
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/reader.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/reader.go
new file mode 100644
index 0000000000000000000000000000000000000000..dd84092392aed5b049f3725e71345ce66455a5a7
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/reader.go
@@ -0,0 +1,209 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+)
+
+type PacketReader interface {
+ Next() (p Packet, err error)
+ Push(reader io.Reader) (err error)
+ Unread(p Packet)
+}
+
+// Reader reads packets from an io.Reader and allows packets to be 'unread' so
+// that they result from the next call to Next.
+type Reader struct {
+ q []Packet
+ readers []io.Reader
+}
+
+// New io.Readers are pushed when a compressed or encrypted packet is processed
+// and recursively treated as a new source of packets. However, a carefully
+// crafted packet can trigger an infinite recursive sequence of packets. See
+// http://mumble.net/~campbell/misc/pgp-quine
+// https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4402
+// This constant limits the number of recursive packets that may be pushed.
+const maxReaders = 32
+
+// Next returns the most recently unread Packet, or reads another packet from
+// the top-most io.Reader. Unknown/unsupported/Marker packet types are skipped.
+func (r *Reader) Next() (p Packet, err error) {
+ for {
+ p, err := r.read()
+ if err == io.EOF {
+ break
+ } else if err != nil {
+ if _, ok := err.(errors.UnknownPacketTypeError); ok {
+ continue
+ }
+ if _, ok := err.(errors.UnsupportedError); ok {
+ switch p.(type) {
+ case *SymmetricallyEncrypted, *AEADEncrypted, *Compressed, *LiteralData:
+ return nil, err
+ }
+ continue
+ }
+ return nil, err
+ } else {
+ //A marker packet MUST be ignored when received
+ switch p.(type) {
+ case *Marker:
+ continue
+ }
+ return p, nil
+ }
+ }
+ return nil, io.EOF
+}
+
+// Next returns the most recently unread Packet, or reads another packet from
+// the top-most io.Reader. Unknown/Marker packet types are skipped while unsupported
+// packets are returned as UnsupportedPacket type.
+func (r *Reader) NextWithUnsupported() (p Packet, err error) {
+ for {
+ p, err = r.read()
+ if err == io.EOF {
+ break
+ } else if err != nil {
+ if _, ok := err.(errors.UnknownPacketTypeError); ok {
+ continue
+ }
+ if casteErr, ok := err.(errors.UnsupportedError); ok {
+ return &UnsupportedPacket{
+ IncompletePacket: p,
+ Error: casteErr,
+ }, nil
+ }
+ return
+ } else {
+ //A marker packet MUST be ignored when received
+ switch p.(type) {
+ case *Marker:
+ continue
+ }
+ return
+ }
+ }
+ return nil, io.EOF
+}
+
+func (r *Reader) read() (p Packet, err error) {
+ if len(r.q) > 0 {
+ p = r.q[len(r.q)-1]
+ r.q = r.q[:len(r.q)-1]
+ return
+ }
+ for len(r.readers) > 0 {
+ p, err = Read(r.readers[len(r.readers)-1])
+ if err == io.EOF {
+ r.readers = r.readers[:len(r.readers)-1]
+ continue
+ }
+ return p, err
+ }
+ return nil, io.EOF
+}
+
+// Push causes the Reader to start reading from a new io.Reader. When an EOF
+// error is seen from the new io.Reader, it is popped and the Reader continues
+// to read from the next most recent io.Reader. Push returns a StructuralError
+// if pushing the reader would exceed the maximum recursion level, otherwise it
+// returns nil.
+func (r *Reader) Push(reader io.Reader) (err error) {
+ if len(r.readers) >= maxReaders {
+ return errors.StructuralError("too many layers of packets")
+ }
+ r.readers = append(r.readers, reader)
+ return nil
+}
+
+// Unread causes the given Packet to be returned from the next call to Next.
+func (r *Reader) Unread(p Packet) {
+ r.q = append(r.q, p)
+}
+
+func NewReader(r io.Reader) *Reader {
+ return &Reader{
+ q: nil,
+ readers: []io.Reader{r},
+ }
+}
+
+// CheckReader is similar to Reader but additionally
+// uses the pushdown automata to verify the read packet sequence.
+type CheckReader struct {
+ Reader
+ verifier *SequenceVerifier
+ fullyRead bool
+}
+
+// Next returns the most recently unread Packet, or reads another packet from
+// the top-most io.Reader. Unknown packet types are skipped.
+// If the read packet sequence does not conform to the packet composition
+// rules in rfc4880, it returns an error.
+func (r *CheckReader) Next() (p Packet, err error) {
+ if r.fullyRead {
+ return nil, io.EOF
+ }
+ if len(r.q) > 0 {
+ p = r.q[len(r.q)-1]
+ r.q = r.q[:len(r.q)-1]
+ return
+ }
+ var errMsg error
+ for len(r.readers) > 0 {
+ p, errMsg, err = ReadWithCheck(r.readers[len(r.readers)-1], r.verifier)
+ if errMsg != nil {
+ err = errMsg
+ return
+ }
+ if err == nil {
+ return
+ }
+ if err == io.EOF {
+ r.readers = r.readers[:len(r.readers)-1]
+ continue
+ }
+ //A marker packet MUST be ignored when received
+ switch p.(type) {
+ case *Marker:
+ continue
+ }
+ if _, ok := err.(errors.UnknownPacketTypeError); ok {
+ continue
+ }
+ if _, ok := err.(errors.UnsupportedError); ok {
+ switch p.(type) {
+ case *SymmetricallyEncrypted, *AEADEncrypted, *Compressed, *LiteralData:
+ return nil, err
+ }
+ continue
+ }
+ return nil, err
+ }
+ if errMsg = r.verifier.Next(EOSSymbol); errMsg != nil {
+ return nil, errMsg
+ }
+ if errMsg = r.verifier.AssertValid(); errMsg != nil {
+ return nil, errMsg
+ }
+ r.fullyRead = true
+ return nil, io.EOF
+}
+
+func NewCheckReader(r io.Reader) *CheckReader {
+ return &CheckReader{
+ Reader: Reader{
+ q: nil,
+ readers: []io.Reader{r},
+ },
+ verifier: NewSequenceVerifier(),
+ fullyRead: false,
+ }
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/recipient.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/recipient.go
new file mode 100644
index 0000000000000000000000000000000000000000..fb2e362e4a8822da7aa6236c21cd274d965fd086
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/recipient.go
@@ -0,0 +1,15 @@
+package packet
+
+// Recipient type represents a Intended Recipient Fingerprint subpacket
+// See https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#name-intended-recipient-fingerpr
+type Recipient struct {
+ KeyVersion int
+ Fingerprint []byte
+}
+
+func (r *Recipient) Serialize() []byte {
+ packet := make([]byte, len(r.Fingerprint)+1)
+ packet[0] = byte(r.KeyVersion)
+ copy(packet[1:], r.Fingerprint)
+ return packet
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go
new file mode 100644
index 0000000000000000000000000000000000000000..3a4b366d870bae3712686fb6acd00dd60b36957d
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/signature.go
@@ -0,0 +1,1509 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "bytes"
+ "crypto"
+ "crypto/dsa"
+ "encoding/asn1"
+ "encoding/binary"
+ "hash"
+ "io"
+ "math/big"
+ "strconv"
+ "time"
+
+ "github.com/ProtonMail/go-crypto/openpgp/ecdsa"
+ "github.com/ProtonMail/go-crypto/openpgp/ed25519"
+ "github.com/ProtonMail/go-crypto/openpgp/ed448"
+ "github.com/ProtonMail/go-crypto/openpgp/eddsa"
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/encoding"
+)
+
+const (
+ // First octet of key flags.
+ // See RFC 9580, section 5.2.3.29 for details.
+ KeyFlagCertify = 1 << iota
+ KeyFlagSign
+ KeyFlagEncryptCommunications
+ KeyFlagEncryptStorage
+ KeyFlagSplitKey
+ KeyFlagAuthenticate
+ _
+ KeyFlagGroupKey
+)
+
+const (
+ // First octet of keyserver preference flags.
+ // See RFC 9580, section 5.2.3.25 for details.
+ _ = 1 << iota
+ _
+ _
+ _
+ _
+ _
+ _
+ KeyserverPrefNoModify
+)
+
+const SaltNotationName = "salt@notations.openpgpjs.org"
+
+// Signature represents a signature. See RFC 9580, section 5.2.
+type Signature struct {
+ Version int
+ SigType SignatureType
+ PubKeyAlgo PublicKeyAlgorithm
+ Hash crypto.Hash
+ // salt contains a random salt value for v6 signatures
+ // See RFC 9580 Section 5.2.4.
+ salt []byte
+
+ // HashSuffix is extra data that is hashed in after the signed data.
+ HashSuffix []byte
+ // HashTag contains the first two bytes of the hash for fast rejection
+ // of bad signed data.
+ HashTag [2]byte
+
+ // Metadata includes format, filename and time, and is protected by v5
+ // signatures of type 0x00 or 0x01. This metadata is included into the hash
+ // computation; if nil, six 0x00 bytes are used instead. See section 5.2.4.
+ Metadata *LiteralData
+
+ CreationTime time.Time
+
+ RSASignature encoding.Field
+ DSASigR, DSASigS encoding.Field
+ ECDSASigR, ECDSASigS encoding.Field
+ EdDSASigR, EdDSASigS encoding.Field
+ EdSig []byte
+
+ // rawSubpackets contains the unparsed subpackets, in order.
+ rawSubpackets []outputSubpacket
+
+ // The following are optional so are nil when not included in the
+ // signature.
+
+ SigLifetimeSecs, KeyLifetimeSecs *uint32
+ PreferredSymmetric, PreferredHash, PreferredCompression []uint8
+ PreferredCipherSuites [][2]uint8
+ IssuerKeyId *uint64
+ IssuerFingerprint []byte
+ SignerUserId *string
+ IsPrimaryId *bool
+ Notations []*Notation
+ IntendedRecipients []*Recipient
+
+ // TrustLevel and TrustAmount can be set by the signer to assert that
+ // the key is not only valid but also trustworthy at the specified
+ // level.
+ // See RFC 9580, section 5.2.3.21 for details.
+ TrustLevel TrustLevel
+ TrustAmount TrustAmount
+
+ // TrustRegularExpression can be used in conjunction with trust Signature
+ // packets to limit the scope of the trust that is extended.
+ // See RFC 9580, section 5.2.3.22 for details.
+ TrustRegularExpression *string
+
+ // KeyserverPrefsValid is set if any keyserver preferences were given. See RFC 9580, section
+ // 5.2.3.25 for details.
+ KeyserverPrefsValid bool
+ KeyserverPrefNoModify bool
+
+ // PreferredKeyserver can be set to a URI where the latest version of the
+ // key that this signature is made over can be found. See RFC 9580, section
+ // 5.2.3.26 for details.
+ PreferredKeyserver string
+
+ // PolicyURI can be set to the URI of a document that describes the
+ // policy under which the signature was issued. See RFC 9580, section
+ // 5.2.3.28 for details.
+ PolicyURI string
+
+ // FlagsValid is set if any flags were given. See RFC 9580, section
+ // 5.2.3.29 for details.
+ FlagsValid bool
+ FlagCertify, FlagSign, FlagEncryptCommunications, FlagEncryptStorage, FlagSplitKey, FlagAuthenticate, FlagGroupKey bool
+
+ // RevocationReason is set if this signature has been revoked.
+ // See RFC 9580, section 5.2.3.31 for details.
+ RevocationReason *ReasonForRevocation
+ RevocationReasonText string
+
+ // In a self-signature, these flags are set there is a features subpacket
+ // indicating that the issuer implementation supports these features
+ // see https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh#features-subpacket
+ SEIPDv1, SEIPDv2 bool
+
+ // EmbeddedSignature, if non-nil, is a signature of the parent key, by
+ // this key. This prevents an attacker from claiming another's signing
+ // subkey as their own.
+ EmbeddedSignature *Signature
+
+ outSubpackets []outputSubpacket
+}
+
+// VerifiableSignature internally keeps state if the
+// the signature has been verified before.
+type VerifiableSignature struct {
+ Valid *bool // nil if it has not been verified yet
+ Packet *Signature
+}
+
+// NewVerifiableSig returns a struct of type VerifiableSignature referencing the input signature.
+func NewVerifiableSig(signature *Signature) *VerifiableSignature {
+ return &VerifiableSignature{
+ Packet: signature,
+ }
+}
+
+// Salt returns the signature salt for v6 signatures.
+func (sig *Signature) Salt() []byte {
+ if sig == nil {
+ return nil
+ }
+ return sig.salt
+}
+
+func (sig *Signature) parse(r io.Reader) (err error) {
+ // RFC 9580, section 5.2.3
+ var buf [7]byte
+ _, err = readFull(r, buf[:1])
+ if err != nil {
+ return
+ }
+ sig.Version = int(buf[0])
+ if sig.Version != 4 && sig.Version != 5 && sig.Version != 6 {
+ err = errors.UnsupportedError("signature packet version " + strconv.Itoa(int(buf[0])))
+ return
+ }
+
+ if V5Disabled && sig.Version == 5 {
+ return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed")
+ }
+
+ if sig.Version == 6 {
+ _, err = readFull(r, buf[:7])
+ } else {
+ _, err = readFull(r, buf[:5])
+ }
+ if err != nil {
+ return
+ }
+ sig.SigType = SignatureType(buf[0])
+ sig.PubKeyAlgo = PublicKeyAlgorithm(buf[1])
+ switch sig.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly, PubKeyAlgoDSA, PubKeyAlgoECDSA, PubKeyAlgoEdDSA, PubKeyAlgoEd25519, PubKeyAlgoEd448:
+ default:
+ err = errors.UnsupportedError("public key algorithm " + strconv.Itoa(int(sig.PubKeyAlgo)))
+ return
+ }
+
+ var ok bool
+
+ if sig.Version < 5 {
+ sig.Hash, ok = algorithm.HashIdToHashWithSha1(buf[2])
+ } else {
+ sig.Hash, ok = algorithm.HashIdToHash(buf[2])
+ }
+
+ if !ok {
+ return errors.UnsupportedError("hash function " + strconv.Itoa(int(buf[2])))
+ }
+
+ var hashedSubpacketsLength int
+ if sig.Version == 6 {
+ // For a v6 signature, a four-octet length is used.
+ hashedSubpacketsLength =
+ int(buf[3])<<24 |
+ int(buf[4])<<16 |
+ int(buf[5])<<8 |
+ int(buf[6])
+ } else {
+ hashedSubpacketsLength = int(buf[3])<<8 | int(buf[4])
+ }
+ hashedSubpackets := make([]byte, hashedSubpacketsLength)
+ _, err = readFull(r, hashedSubpackets)
+ if err != nil {
+ return
+ }
+ err = sig.buildHashSuffix(hashedSubpackets)
+ if err != nil {
+ return
+ }
+
+ err = parseSignatureSubpackets(sig, hashedSubpackets, true)
+ if err != nil {
+ return
+ }
+
+ if sig.Version == 6 {
+ _, err = readFull(r, buf[:4])
+ } else {
+ _, err = readFull(r, buf[:2])
+ }
+
+ if err != nil {
+ return
+ }
+ var unhashedSubpacketsLength uint32
+ if sig.Version == 6 {
+ unhashedSubpacketsLength = uint32(buf[0])<<24 | uint32(buf[1])<<16 | uint32(buf[2])<<8 | uint32(buf[3])
+ } else {
+ unhashedSubpacketsLength = uint32(buf[0])<<8 | uint32(buf[1])
+ }
+ unhashedSubpackets := make([]byte, unhashedSubpacketsLength)
+ _, err = readFull(r, unhashedSubpackets)
+ if err != nil {
+ return
+ }
+ err = parseSignatureSubpackets(sig, unhashedSubpackets, false)
+ if err != nil {
+ return
+ }
+
+ _, err = readFull(r, sig.HashTag[:2])
+ if err != nil {
+ return
+ }
+
+ if sig.Version == 6 {
+ // Only for v6 signatures, a variable-length field containing the salt
+ _, err = readFull(r, buf[:1])
+ if err != nil {
+ return
+ }
+ saltLength := int(buf[0])
+ var expectedSaltLength int
+ expectedSaltLength, err = SaltLengthForHash(sig.Hash)
+ if err != nil {
+ return
+ }
+ if saltLength != expectedSaltLength {
+ err = errors.StructuralError("unexpected salt size for the given hash algorithm")
+ return
+ }
+ salt := make([]byte, expectedSaltLength)
+ _, err = readFull(r, salt)
+ if err != nil {
+ return
+ }
+ sig.salt = salt
+ }
+
+ switch sig.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
+ sig.RSASignature = new(encoding.MPI)
+ _, err = sig.RSASignature.ReadFrom(r)
+ case PubKeyAlgoDSA:
+ sig.DSASigR = new(encoding.MPI)
+ if _, err = sig.DSASigR.ReadFrom(r); err != nil {
+ return
+ }
+
+ sig.DSASigS = new(encoding.MPI)
+ _, err = sig.DSASigS.ReadFrom(r)
+ case PubKeyAlgoECDSA:
+ sig.ECDSASigR = new(encoding.MPI)
+ if _, err = sig.ECDSASigR.ReadFrom(r); err != nil {
+ return
+ }
+
+ sig.ECDSASigS = new(encoding.MPI)
+ _, err = sig.ECDSASigS.ReadFrom(r)
+ case PubKeyAlgoEdDSA:
+ sig.EdDSASigR = new(encoding.MPI)
+ if _, err = sig.EdDSASigR.ReadFrom(r); err != nil {
+ return
+ }
+
+ sig.EdDSASigS = new(encoding.MPI)
+ if _, err = sig.EdDSASigS.ReadFrom(r); err != nil {
+ return
+ }
+ case PubKeyAlgoEd25519:
+ sig.EdSig, err = ed25519.ReadSignature(r)
+ if err != nil {
+ return
+ }
+ case PubKeyAlgoEd448:
+ sig.EdSig, err = ed448.ReadSignature(r)
+ if err != nil {
+ return
+ }
+ default:
+ panic("unreachable")
+ }
+ return
+}
+
+// parseSignatureSubpackets parses subpackets of the main signature packet. See
+// RFC 9580, section 5.2.3.1.
+func parseSignatureSubpackets(sig *Signature, subpackets []byte, isHashed bool) (err error) {
+ for len(subpackets) > 0 {
+ subpackets, err = parseSignatureSubpacket(sig, subpackets, isHashed)
+ if err != nil {
+ return
+ }
+ }
+
+ if sig.CreationTime.IsZero() {
+ err = errors.StructuralError("no creation time in signature")
+ }
+
+ return
+}
+
+type signatureSubpacketType uint8
+
+const (
+ creationTimeSubpacket signatureSubpacketType = 2
+ signatureExpirationSubpacket signatureSubpacketType = 3
+ exportableCertSubpacket signatureSubpacketType = 4
+ trustSubpacket signatureSubpacketType = 5
+ regularExpressionSubpacket signatureSubpacketType = 6
+ keyExpirationSubpacket signatureSubpacketType = 9
+ prefSymmetricAlgosSubpacket signatureSubpacketType = 11
+ issuerSubpacket signatureSubpacketType = 16
+ notationDataSubpacket signatureSubpacketType = 20
+ prefHashAlgosSubpacket signatureSubpacketType = 21
+ prefCompressionSubpacket signatureSubpacketType = 22
+ keyserverPrefsSubpacket signatureSubpacketType = 23
+ prefKeyserverSubpacket signatureSubpacketType = 24
+ primaryUserIdSubpacket signatureSubpacketType = 25
+ policyUriSubpacket signatureSubpacketType = 26
+ keyFlagsSubpacket signatureSubpacketType = 27
+ signerUserIdSubpacket signatureSubpacketType = 28
+ reasonForRevocationSubpacket signatureSubpacketType = 29
+ featuresSubpacket signatureSubpacketType = 30
+ embeddedSignatureSubpacket signatureSubpacketType = 32
+ issuerFingerprintSubpacket signatureSubpacketType = 33
+ intendedRecipientSubpacket signatureSubpacketType = 35
+ prefCipherSuitesSubpacket signatureSubpacketType = 39
+)
+
+// parseSignatureSubpacket parses a single subpacket. len(subpacket) is >= 1.
+func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (rest []byte, err error) {
+ // RFC 9580, section 5.2.3.7
+ var (
+ length uint32
+ packetType signatureSubpacketType
+ isCritical bool
+ )
+ if len(subpacket) == 0 {
+ err = errors.StructuralError("zero length signature subpacket")
+ return
+ }
+ switch {
+ case subpacket[0] < 192:
+ length = uint32(subpacket[0])
+ subpacket = subpacket[1:]
+ case subpacket[0] < 255:
+ if len(subpacket) < 2 {
+ goto Truncated
+ }
+ length = uint32(subpacket[0]-192)<<8 + uint32(subpacket[1]) + 192
+ subpacket = subpacket[2:]
+ default:
+ if len(subpacket) < 5 {
+ goto Truncated
+ }
+ length = uint32(subpacket[1])<<24 |
+ uint32(subpacket[2])<<16 |
+ uint32(subpacket[3])<<8 |
+ uint32(subpacket[4])
+ subpacket = subpacket[5:]
+ }
+ if length > uint32(len(subpacket)) {
+ goto Truncated
+ }
+ rest = subpacket[length:]
+ subpacket = subpacket[:length]
+ if len(subpacket) == 0 {
+ err = errors.StructuralError("zero length signature subpacket")
+ return
+ }
+ packetType = signatureSubpacketType(subpacket[0] & 0x7f)
+ isCritical = subpacket[0]&0x80 == 0x80
+ subpacket = subpacket[1:]
+ sig.rawSubpackets = append(sig.rawSubpackets, outputSubpacket{isHashed, packetType, isCritical, subpacket})
+ if !isHashed &&
+ packetType != issuerSubpacket &&
+ packetType != issuerFingerprintSubpacket &&
+ packetType != embeddedSignatureSubpacket {
+ return
+ }
+ switch packetType {
+ case creationTimeSubpacket:
+ if len(subpacket) != 4 {
+ err = errors.StructuralError("signature creation time not four bytes")
+ return
+ }
+ t := binary.BigEndian.Uint32(subpacket)
+ sig.CreationTime = time.Unix(int64(t), 0)
+ case signatureExpirationSubpacket:
+ // Signature expiration time, section 5.2.3.18
+ if len(subpacket) != 4 {
+ err = errors.StructuralError("expiration subpacket with bad length")
+ return
+ }
+ sig.SigLifetimeSecs = new(uint32)
+ *sig.SigLifetimeSecs = binary.BigEndian.Uint32(subpacket)
+ case exportableCertSubpacket:
+ if subpacket[0] == 0 {
+ err = errors.UnsupportedError("signature with non-exportable certification")
+ return
+ }
+ case trustSubpacket:
+ if len(subpacket) != 2 {
+ err = errors.StructuralError("trust subpacket with bad length")
+ return
+ }
+ // Trust level and amount, section 5.2.3.21
+ sig.TrustLevel = TrustLevel(subpacket[0])
+ sig.TrustAmount = TrustAmount(subpacket[1])
+ case regularExpressionSubpacket:
+ if len(subpacket) == 0 {
+ err = errors.StructuralError("regexp subpacket with bad length")
+ return
+ }
+ // Trust regular expression, section 5.2.3.22
+ // RFC specifies the string should be null-terminated; remove a null byte from the end
+ if subpacket[len(subpacket)-1] != 0x00 {
+ err = errors.StructuralError("expected regular expression to be null-terminated")
+ return
+ }
+ trustRegularExpression := string(subpacket[:len(subpacket)-1])
+ sig.TrustRegularExpression = &trustRegularExpression
+ case keyExpirationSubpacket:
+ // Key expiration time, section 5.2.3.13
+ if len(subpacket) != 4 {
+ err = errors.StructuralError("key expiration subpacket with bad length")
+ return
+ }
+ sig.KeyLifetimeSecs = new(uint32)
+ *sig.KeyLifetimeSecs = binary.BigEndian.Uint32(subpacket)
+ case prefSymmetricAlgosSubpacket:
+ // Preferred symmetric algorithms, section 5.2.3.14
+ sig.PreferredSymmetric = make([]byte, len(subpacket))
+ copy(sig.PreferredSymmetric, subpacket)
+ case issuerSubpacket:
+ // Issuer, section 5.2.3.12
+ if sig.Version > 4 && isHashed {
+ err = errors.StructuralError("issuer subpacket found in v6 key")
+ return
+ }
+ if len(subpacket) != 8 {
+ err = errors.StructuralError("issuer subpacket with bad length")
+ return
+ }
+ if sig.Version <= 4 {
+ sig.IssuerKeyId = new(uint64)
+ *sig.IssuerKeyId = binary.BigEndian.Uint64(subpacket)
+ }
+ case notationDataSubpacket:
+ // Notation data, section 5.2.3.24
+ if len(subpacket) < 8 {
+ err = errors.StructuralError("notation data subpacket with bad length")
+ return
+ }
+
+ nameLength := uint32(subpacket[4])<<8 | uint32(subpacket[5])
+ valueLength := uint32(subpacket[6])<<8 | uint32(subpacket[7])
+ if len(subpacket) != int(nameLength)+int(valueLength)+8 {
+ err = errors.StructuralError("notation data subpacket with bad length")
+ return
+ }
+
+ notation := Notation{
+ IsHumanReadable: (subpacket[0] & 0x80) == 0x80,
+ Name: string(subpacket[8:(nameLength + 8)]),
+ Value: subpacket[(nameLength + 8):(valueLength + nameLength + 8)],
+ IsCritical: isCritical,
+ }
+
+ sig.Notations = append(sig.Notations, ¬ation)
+ case prefHashAlgosSubpacket:
+ // Preferred hash algorithms, section 5.2.3.16
+ sig.PreferredHash = make([]byte, len(subpacket))
+ copy(sig.PreferredHash, subpacket)
+ case prefCompressionSubpacket:
+ // Preferred compression algorithms, section 5.2.3.17
+ sig.PreferredCompression = make([]byte, len(subpacket))
+ copy(sig.PreferredCompression, subpacket)
+ case keyserverPrefsSubpacket:
+ // Keyserver preferences, section 5.2.3.25
+ sig.KeyserverPrefsValid = true
+ if len(subpacket) == 0 {
+ return
+ }
+ if subpacket[0]&KeyserverPrefNoModify != 0 {
+ sig.KeyserverPrefNoModify = true
+ }
+ case prefKeyserverSubpacket:
+ // Preferred keyserver, section 5.2.3.26
+ sig.PreferredKeyserver = string(subpacket)
+ case primaryUserIdSubpacket:
+ // Primary User ID, section 5.2.3.27
+ if len(subpacket) != 1 {
+ err = errors.StructuralError("primary user id subpacket with bad length")
+ return
+ }
+ sig.IsPrimaryId = new(bool)
+ if subpacket[0] > 0 {
+ *sig.IsPrimaryId = true
+ }
+ case keyFlagsSubpacket:
+ // Key flags, section 5.2.3.29
+ sig.FlagsValid = true
+ if len(subpacket) == 0 {
+ return
+ }
+ if subpacket[0]&KeyFlagCertify != 0 {
+ sig.FlagCertify = true
+ }
+ if subpacket[0]&KeyFlagSign != 0 {
+ sig.FlagSign = true
+ }
+ if subpacket[0]&KeyFlagEncryptCommunications != 0 {
+ sig.FlagEncryptCommunications = true
+ }
+ if subpacket[0]&KeyFlagEncryptStorage != 0 {
+ sig.FlagEncryptStorage = true
+ }
+ if subpacket[0]&KeyFlagSplitKey != 0 {
+ sig.FlagSplitKey = true
+ }
+ if subpacket[0]&KeyFlagAuthenticate != 0 {
+ sig.FlagAuthenticate = true
+ }
+ if subpacket[0]&KeyFlagGroupKey != 0 {
+ sig.FlagGroupKey = true
+ }
+ case signerUserIdSubpacket:
+ userId := string(subpacket)
+ sig.SignerUserId = &userId
+ case reasonForRevocationSubpacket:
+ // Reason For Revocation, section 5.2.3.31
+ if len(subpacket) == 0 {
+ err = errors.StructuralError("empty revocation reason subpacket")
+ return
+ }
+ sig.RevocationReason = new(ReasonForRevocation)
+ *sig.RevocationReason = NewReasonForRevocation(subpacket[0])
+ sig.RevocationReasonText = string(subpacket[1:])
+ case featuresSubpacket:
+ // Features subpacket, section 5.2.3.32 specifies a very general
+ // mechanism for OpenPGP implementations to signal support for new
+ // features.
+ if len(subpacket) > 0 {
+ if subpacket[0]&0x01 != 0 {
+ sig.SEIPDv1 = true
+ }
+ // 0x02 and 0x04 are reserved
+ if subpacket[0]&0x08 != 0 {
+ sig.SEIPDv2 = true
+ }
+ }
+ case embeddedSignatureSubpacket:
+ // Only usage is in signatures that cross-certify
+ // signing subkeys. section 5.2.3.34 describes the
+ // format, with its usage described in section 11.1
+ if sig.EmbeddedSignature != nil {
+ err = errors.StructuralError("Cannot have multiple embedded signatures")
+ return
+ }
+ sig.EmbeddedSignature = new(Signature)
+ if err := sig.EmbeddedSignature.parse(bytes.NewBuffer(subpacket)); err != nil {
+ return nil, err
+ }
+ if sigType := sig.EmbeddedSignature.SigType; sigType != SigTypePrimaryKeyBinding {
+ return nil, errors.StructuralError("cross-signature has unexpected type " + strconv.Itoa(int(sigType)))
+ }
+ case policyUriSubpacket:
+ // Policy URI, section 5.2.3.28
+ sig.PolicyURI = string(subpacket)
+ case issuerFingerprintSubpacket:
+ if len(subpacket) == 0 {
+ err = errors.StructuralError("empty issuer fingerprint subpacket")
+ return
+ }
+ v, l := subpacket[0], len(subpacket[1:])
+ if v >= 5 && l != 32 || v < 5 && l != 20 {
+ return nil, errors.StructuralError("bad fingerprint length")
+ }
+ sig.IssuerFingerprint = make([]byte, l)
+ copy(sig.IssuerFingerprint, subpacket[1:])
+ sig.IssuerKeyId = new(uint64)
+ if v >= 5 {
+ *sig.IssuerKeyId = binary.BigEndian.Uint64(subpacket[1:9])
+ } else {
+ *sig.IssuerKeyId = binary.BigEndian.Uint64(subpacket[13:21])
+ }
+ case intendedRecipientSubpacket:
+ // Intended Recipient Fingerprint, section 5.2.3.36
+ if len(subpacket) < 1 {
+ return nil, errors.StructuralError("invalid intended recipient fingerpring length")
+ }
+ version, length := subpacket[0], len(subpacket[1:])
+ if version >= 5 && length != 32 || version < 5 && length != 20 {
+ return nil, errors.StructuralError("invalid fingerprint length")
+ }
+ fingerprint := make([]byte, length)
+ copy(fingerprint, subpacket[1:])
+ sig.IntendedRecipients = append(sig.IntendedRecipients, &Recipient{int(version), fingerprint})
+ case prefCipherSuitesSubpacket:
+ // Preferred AEAD cipher suites, section 5.2.3.15
+ if len(subpacket)%2 != 0 {
+ err = errors.StructuralError("invalid aead cipher suite length")
+ return
+ }
+
+ sig.PreferredCipherSuites = make([][2]byte, len(subpacket)/2)
+
+ for i := 0; i < len(subpacket)/2; i++ {
+ sig.PreferredCipherSuites[i] = [2]uint8{subpacket[2*i], subpacket[2*i+1]}
+ }
+ default:
+ if isCritical {
+ err = errors.UnsupportedError("unknown critical signature subpacket type " + strconv.Itoa(int(packetType)))
+ return
+ }
+ }
+ return
+
+Truncated:
+ err = errors.StructuralError("signature subpacket truncated")
+ return
+}
+
+// subpacketLengthLength returns the length, in bytes, of an encoded length value.
+func subpacketLengthLength(length int) int {
+ if length < 192 {
+ return 1
+ }
+ if length < 16320 {
+ return 2
+ }
+ return 5
+}
+
+func (sig *Signature) CheckKeyIdOrFingerprint(pk *PublicKey) bool {
+ if sig.IssuerFingerprint != nil && len(sig.IssuerFingerprint) >= 20 {
+ return bytes.Equal(sig.IssuerFingerprint, pk.Fingerprint)
+ }
+ return sig.IssuerKeyId != nil && *sig.IssuerKeyId == pk.KeyId
+}
+
+func (sig *Signature) CheckKeyIdOrFingerprintExplicit(fingerprint []byte, keyId uint64) bool {
+ if sig.IssuerFingerprint != nil && len(sig.IssuerFingerprint) >= 20 && fingerprint != nil {
+ return bytes.Equal(sig.IssuerFingerprint, fingerprint)
+ }
+ return sig.IssuerKeyId != nil && *sig.IssuerKeyId == keyId
+}
+
+// serializeSubpacketLength marshals the given length into to.
+func serializeSubpacketLength(to []byte, length int) int {
+ // RFC 9580, Section 4.2.1.
+ if length < 192 {
+ to[0] = byte(length)
+ return 1
+ }
+ if length < 16320 {
+ length -= 192
+ to[0] = byte((length >> 8) + 192)
+ to[1] = byte(length)
+ return 2
+ }
+ to[0] = 255
+ to[1] = byte(length >> 24)
+ to[2] = byte(length >> 16)
+ to[3] = byte(length >> 8)
+ to[4] = byte(length)
+ return 5
+}
+
+// subpacketsLength returns the serialized length, in bytes, of the given
+// subpackets.
+func subpacketsLength(subpackets []outputSubpacket, hashed bool) (length int) {
+ for _, subpacket := range subpackets {
+ if subpacket.hashed == hashed {
+ length += subpacketLengthLength(len(subpacket.contents) + 1)
+ length += 1 // type byte
+ length += len(subpacket.contents)
+ }
+ }
+ return
+}
+
+// serializeSubpackets marshals the given subpackets into to.
+func serializeSubpackets(to []byte, subpackets []outputSubpacket, hashed bool) {
+ for _, subpacket := range subpackets {
+ if subpacket.hashed == hashed {
+ n := serializeSubpacketLength(to, len(subpacket.contents)+1)
+ to[n] = byte(subpacket.subpacketType)
+ if subpacket.isCritical {
+ to[n] |= 0x80
+ }
+ to = to[1+n:]
+ n = copy(to, subpacket.contents)
+ to = to[n:]
+ }
+ }
+}
+
+// SigExpired returns whether sig is a signature that has expired or is created
+// in the future.
+func (sig *Signature) SigExpired(currentTime time.Time) bool {
+ if sig.CreationTime.Unix() > currentTime.Unix() {
+ return true
+ }
+ if sig.SigLifetimeSecs == nil || *sig.SigLifetimeSecs == 0 {
+ return false
+ }
+ expiry := sig.CreationTime.Add(time.Duration(*sig.SigLifetimeSecs) * time.Second)
+ return currentTime.Unix() > expiry.Unix()
+}
+
+// buildHashSuffix constructs the HashSuffix member of sig in preparation for signing.
+func (sig *Signature) buildHashSuffix(hashedSubpackets []byte) (err error) {
+ var hashId byte
+ var ok bool
+
+ if sig.Version < 5 {
+ hashId, ok = algorithm.HashToHashIdWithSha1(sig.Hash)
+ } else {
+ hashId, ok = algorithm.HashToHashId(sig.Hash)
+ }
+
+ if !ok {
+ sig.HashSuffix = nil
+ return errors.InvalidArgumentError("hash cannot be represented in OpenPGP: " + strconv.Itoa(int(sig.Hash)))
+ }
+
+ hashedFields := bytes.NewBuffer([]byte{
+ uint8(sig.Version),
+ uint8(sig.SigType),
+ uint8(sig.PubKeyAlgo),
+ uint8(hashId),
+ })
+ hashedSubpacketsLength := len(hashedSubpackets)
+ if sig.Version == 6 {
+ // v6 signatures store the length in 4 octets
+ hashedFields.Write([]byte{
+ uint8(hashedSubpacketsLength >> 24),
+ uint8(hashedSubpacketsLength >> 16),
+ uint8(hashedSubpacketsLength >> 8),
+ uint8(hashedSubpacketsLength),
+ })
+ } else {
+ hashedFields.Write([]byte{
+ uint8(hashedSubpacketsLength >> 8),
+ uint8(hashedSubpacketsLength),
+ })
+ }
+ lenPrefix := hashedFields.Len()
+ hashedFields.Write(hashedSubpackets)
+
+ var l uint64 = uint64(lenPrefix + len(hashedSubpackets))
+ if sig.Version == 5 {
+ // v5 case
+ hashedFields.Write([]byte{0x05, 0xff})
+ hashedFields.Write([]byte{
+ uint8(l >> 56), uint8(l >> 48), uint8(l >> 40), uint8(l >> 32),
+ uint8(l >> 24), uint8(l >> 16), uint8(l >> 8), uint8(l),
+ })
+ } else {
+ // v4 and v6 case
+ hashedFields.Write([]byte{byte(sig.Version), 0xff})
+ hashedFields.Write([]byte{
+ uint8(l >> 24), uint8(l >> 16), uint8(l >> 8), uint8(l),
+ })
+ }
+ sig.HashSuffix = make([]byte, hashedFields.Len())
+ copy(sig.HashSuffix, hashedFields.Bytes())
+ return
+}
+
+func (sig *Signature) signPrepareHash(h hash.Hash) (digest []byte, err error) {
+ hashedSubpacketsLen := subpacketsLength(sig.outSubpackets, true)
+ hashedSubpackets := make([]byte, hashedSubpacketsLen)
+ serializeSubpackets(hashedSubpackets, sig.outSubpackets, true)
+ err = sig.buildHashSuffix(hashedSubpackets)
+ if err != nil {
+ return
+ }
+ if sig.Version == 5 && (sig.SigType == 0x00 || sig.SigType == 0x01) {
+ sig.AddMetadataToHashSuffix()
+ }
+
+ h.Write(sig.HashSuffix)
+ digest = h.Sum(nil)
+ copy(sig.HashTag[:], digest)
+ return
+}
+
+// PrepareSign must be called to create a hash object before Sign for v6 signatures.
+// The created hash object initially hashes a randomly generated salt
+// as required by v6 signatures. The generated salt is stored in sig. If the signature is not v6,
+// the method returns an empty hash object.
+// See RFC 9580 Section 5.2.4.
+func (sig *Signature) PrepareSign(config *Config) (hash.Hash, error) {
+ if !sig.Hash.Available() {
+ return nil, errors.UnsupportedError("hash function")
+ }
+ hasher := sig.Hash.New()
+ if sig.Version == 6 {
+ if sig.salt == nil {
+ var err error
+ sig.salt, err = SignatureSaltForHash(sig.Hash, config.Random())
+ if err != nil {
+ return nil, err
+ }
+ }
+ hasher.Write(sig.salt)
+ }
+ return hasher, nil
+}
+
+// SetSalt sets the signature salt for v6 signatures.
+// Assumes salt is generated correctly and checks if length matches.
+// If the signature is not v6, the method ignores the salt.
+// Use PrepareSign whenever possible instead of generating and
+// hashing the salt externally.
+// See RFC 9580 Section 5.2.4.
+func (sig *Signature) SetSalt(salt []byte) error {
+ if sig.Version == 6 {
+ expectedSaltLength, err := SaltLengthForHash(sig.Hash)
+ if err != nil {
+ return err
+ }
+ if salt == nil || len(salt) != expectedSaltLength {
+ return errors.InvalidArgumentError("unexpected salt size for the given hash algorithm")
+ }
+ sig.salt = salt
+ }
+ return nil
+}
+
+// PrepareVerify must be called to create a hash object before verifying v6 signatures.
+// The created hash object initially hashes the internally stored salt.
+// If the signature is not v6, the method returns an empty hash object.
+// See RFC 9580 Section 5.2.4.
+func (sig *Signature) PrepareVerify() (hash.Hash, error) {
+ if !sig.Hash.Available() {
+ return nil, errors.UnsupportedError("hash function")
+ }
+ hasher := sig.Hash.New()
+ if sig.Version == 6 {
+ if sig.salt == nil {
+ return nil, errors.StructuralError("v6 requires a salt for the hash to be signed")
+ }
+ hasher.Write(sig.salt)
+ }
+ return hasher, nil
+}
+
+// Sign signs a message with a private key. The hash, h, must contain
+// the hash of the message to be signed and will be mutated by this function.
+// On success, the signature is stored in sig. Call Serialize to write it out.
+// If config is nil, sensible defaults will be used.
+func (sig *Signature) Sign(h hash.Hash, priv *PrivateKey, config *Config) (err error) {
+ if priv.Dummy() {
+ return errors.ErrDummyPrivateKey("dummy key found")
+ }
+ sig.Version = priv.PublicKey.Version
+ sig.IssuerFingerprint = priv.PublicKey.Fingerprint
+ if sig.Version < 6 && config.RandomizeSignaturesViaNotation() {
+ sig.removeNotationsWithName(SaltNotationName)
+ salt, err := SignatureSaltForHash(sig.Hash, config.Random())
+ if err != nil {
+ return err
+ }
+ notation := Notation{
+ Name: SaltNotationName,
+ Value: salt,
+ IsCritical: false,
+ IsHumanReadable: false,
+ }
+ sig.Notations = append(sig.Notations, ¬ation)
+ }
+ sig.outSubpackets, err = sig.buildSubpackets(priv.PublicKey)
+ if err != nil {
+ return err
+ }
+ digest, err := sig.signPrepareHash(h)
+ if err != nil {
+ return
+ }
+ switch priv.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
+ // supports both *rsa.PrivateKey and crypto.Signer
+ sigdata, err := priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, sig.Hash)
+ if err == nil {
+ sig.RSASignature = encoding.NewMPI(sigdata)
+ }
+ case PubKeyAlgoDSA:
+ dsaPriv := priv.PrivateKey.(*dsa.PrivateKey)
+
+ // Need to truncate hashBytes to match FIPS 186-3 section 4.6.
+ subgroupSize := (dsaPriv.Q.BitLen() + 7) / 8
+ if len(digest) > subgroupSize {
+ digest = digest[:subgroupSize]
+ }
+ r, s, err := dsa.Sign(config.Random(), dsaPriv, digest)
+ if err == nil {
+ sig.DSASigR = new(encoding.MPI).SetBig(r)
+ sig.DSASigS = new(encoding.MPI).SetBig(s)
+ }
+ case PubKeyAlgoECDSA:
+ var r, s *big.Int
+ if sk, ok := priv.PrivateKey.(*ecdsa.PrivateKey); ok {
+ r, s, err = ecdsa.Sign(config.Random(), sk, digest)
+ } else {
+ var b []byte
+ b, err = priv.PrivateKey.(crypto.Signer).Sign(config.Random(), digest, sig.Hash)
+ if err == nil {
+ r, s, err = unwrapECDSASig(b)
+ }
+ }
+
+ if err == nil {
+ sig.ECDSASigR = new(encoding.MPI).SetBig(r)
+ sig.ECDSASigS = new(encoding.MPI).SetBig(s)
+ }
+ case PubKeyAlgoEdDSA:
+ sk := priv.PrivateKey.(*eddsa.PrivateKey)
+ r, s, err := eddsa.Sign(sk, digest)
+ if err == nil {
+ sig.EdDSASigR = encoding.NewMPI(r)
+ sig.EdDSASigS = encoding.NewMPI(s)
+ }
+ case PubKeyAlgoEd25519:
+ sk := priv.PrivateKey.(*ed25519.PrivateKey)
+ signature, err := ed25519.Sign(sk, digest)
+ if err == nil {
+ sig.EdSig = signature
+ }
+ case PubKeyAlgoEd448:
+ sk := priv.PrivateKey.(*ed448.PrivateKey)
+ signature, err := ed448.Sign(sk, digest)
+ if err == nil {
+ sig.EdSig = signature
+ }
+ default:
+ err = errors.UnsupportedError("public key algorithm: " + strconv.Itoa(int(sig.PubKeyAlgo)))
+ }
+
+ return
+}
+
+// unwrapECDSASig parses the two integer components of an ASN.1-encoded ECDSA signature.
+func unwrapECDSASig(b []byte) (r, s *big.Int, err error) {
+ var ecsdaSig struct {
+ R, S *big.Int
+ }
+ _, err = asn1.Unmarshal(b, &ecsdaSig)
+ if err != nil {
+ return
+ }
+ return ecsdaSig.R, ecsdaSig.S, nil
+}
+
+// SignUserId computes a signature from priv, asserting that pub is a valid
+// key for the identity id. On success, the signature is stored in sig. Call
+// Serialize to write it out.
+// If config is nil, sensible defaults will be used.
+func (sig *Signature) SignUserId(id string, pub *PublicKey, priv *PrivateKey, config *Config) error {
+ if priv.Dummy() {
+ return errors.ErrDummyPrivateKey("dummy key found")
+ }
+ prepareHash, err := sig.PrepareSign(config)
+ if err != nil {
+ return err
+ }
+ if err := userIdSignatureHash(id, pub, prepareHash); err != nil {
+ return err
+ }
+ return sig.Sign(prepareHash, priv, config)
+}
+
+// SignDirectKeyBinding computes a signature from priv
+// On success, the signature is stored in sig.
+// Call Serialize to write it out.
+// If config is nil, sensible defaults will be used.
+func (sig *Signature) SignDirectKeyBinding(pub *PublicKey, priv *PrivateKey, config *Config) error {
+ if priv.Dummy() {
+ return errors.ErrDummyPrivateKey("dummy key found")
+ }
+ prepareHash, err := sig.PrepareSign(config)
+ if err != nil {
+ return err
+ }
+ if err := directKeySignatureHash(pub, prepareHash); err != nil {
+ return err
+ }
+ return sig.Sign(prepareHash, priv, config)
+}
+
+// CrossSignKey computes a signature from signingKey on pub hashed using hashKey. On success,
+// the signature is stored in sig. Call Serialize to write it out.
+// If config is nil, sensible defaults will be used.
+func (sig *Signature) CrossSignKey(pub *PublicKey, hashKey *PublicKey, signingKey *PrivateKey,
+ config *Config) error {
+ prepareHash, err := sig.PrepareSign(config)
+ if err != nil {
+ return err
+ }
+ h, err := keySignatureHash(hashKey, pub, prepareHash)
+ if err != nil {
+ return err
+ }
+ return sig.Sign(h, signingKey, config)
+}
+
+// SignKey computes a signature from priv, asserting that pub is a subkey. On
+// success, the signature is stored in sig. Call Serialize to write it out.
+// If config is nil, sensible defaults will be used.
+func (sig *Signature) SignKey(pub *PublicKey, priv *PrivateKey, config *Config) error {
+ if priv.Dummy() {
+ return errors.ErrDummyPrivateKey("dummy key found")
+ }
+ prepareHash, err := sig.PrepareSign(config)
+ if err != nil {
+ return err
+ }
+ h, err := keySignatureHash(&priv.PublicKey, pub, prepareHash)
+ if err != nil {
+ return err
+ }
+ return sig.Sign(h, priv, config)
+}
+
+// RevokeKey computes a revocation signature of pub using priv. On success, the signature is
+// stored in sig. Call Serialize to write it out.
+// If config is nil, sensible defaults will be used.
+func (sig *Signature) RevokeKey(pub *PublicKey, priv *PrivateKey, config *Config) error {
+ prepareHash, err := sig.PrepareSign(config)
+ if err != nil {
+ return err
+ }
+ if err := keyRevocationHash(pub, prepareHash); err != nil {
+ return err
+ }
+ return sig.Sign(prepareHash, priv, config)
+}
+
+// RevokeSubkey computes a subkey revocation signature of pub using priv.
+// On success, the signature is stored in sig. Call Serialize to write it out.
+// If config is nil, sensible defaults will be used.
+func (sig *Signature) RevokeSubkey(pub *PublicKey, priv *PrivateKey, config *Config) error {
+ // Identical to a subkey binding signature
+ return sig.SignKey(pub, priv, config)
+}
+
+// Serialize marshals sig to w. Sign, SignUserId or SignKey must have been
+// called first.
+func (sig *Signature) Serialize(w io.Writer) (err error) {
+ if len(sig.outSubpackets) == 0 {
+ sig.outSubpackets = sig.rawSubpackets
+ }
+ if sig.RSASignature == nil && sig.DSASigR == nil && sig.ECDSASigR == nil && sig.EdDSASigR == nil && sig.EdSig == nil {
+ return errors.InvalidArgumentError("Signature: need to call Sign, SignUserId or SignKey before Serialize")
+ }
+
+ sigLength := 0
+ switch sig.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
+ sigLength = int(sig.RSASignature.EncodedLength())
+ case PubKeyAlgoDSA:
+ sigLength = int(sig.DSASigR.EncodedLength())
+ sigLength += int(sig.DSASigS.EncodedLength())
+ case PubKeyAlgoECDSA:
+ sigLength = int(sig.ECDSASigR.EncodedLength())
+ sigLength += int(sig.ECDSASigS.EncodedLength())
+ case PubKeyAlgoEdDSA:
+ sigLength = int(sig.EdDSASigR.EncodedLength())
+ sigLength += int(sig.EdDSASigS.EncodedLength())
+ case PubKeyAlgoEd25519:
+ sigLength = ed25519.SignatureSize
+ case PubKeyAlgoEd448:
+ sigLength = ed448.SignatureSize
+ default:
+ panic("impossible")
+ }
+
+ hashedSubpacketsLen := subpacketsLength(sig.outSubpackets, true)
+ unhashedSubpacketsLen := subpacketsLength(sig.outSubpackets, false)
+ length := 4 + /* length of version|signature type|public-key algorithm|hash algorithm */
+ 2 /* length of hashed subpackets */ + hashedSubpacketsLen +
+ 2 /* length of unhashed subpackets */ + unhashedSubpacketsLen +
+ 2 /* hash tag */ + sigLength
+ if sig.Version == 6 {
+ length += 4 + /* the two length fields are four-octet instead of two */
+ 1 + /* salt length */
+ len(sig.salt) /* length salt */
+ }
+ err = serializeHeader(w, packetTypeSignature, length)
+ if err != nil {
+ return
+ }
+ err = sig.serializeBody(w)
+ if err != nil {
+ return err
+ }
+ return
+}
+
+func (sig *Signature) serializeBody(w io.Writer) (err error) {
+ var fields []byte
+ if sig.Version == 6 {
+ // v6 signatures use 4 octets for length
+ hashedSubpacketsLen :=
+ uint32(uint32(sig.HashSuffix[4])<<24) |
+ uint32(uint32(sig.HashSuffix[5])<<16) |
+ uint32(uint32(sig.HashSuffix[6])<<8) |
+ uint32(sig.HashSuffix[7])
+ fields = sig.HashSuffix[:8+hashedSubpacketsLen]
+ } else {
+ hashedSubpacketsLen := uint16(uint16(sig.HashSuffix[4])<<8) |
+ uint16(sig.HashSuffix[5])
+ fields = sig.HashSuffix[:6+hashedSubpacketsLen]
+
+ }
+ _, err = w.Write(fields)
+ if err != nil {
+ return
+ }
+
+ unhashedSubpacketsLen := subpacketsLength(sig.outSubpackets, false)
+ var unhashedSubpackets []byte
+ if sig.Version == 6 {
+ unhashedSubpackets = make([]byte, 4+unhashedSubpacketsLen)
+ unhashedSubpackets[0] = byte(unhashedSubpacketsLen >> 24)
+ unhashedSubpackets[1] = byte(unhashedSubpacketsLen >> 16)
+ unhashedSubpackets[2] = byte(unhashedSubpacketsLen >> 8)
+ unhashedSubpackets[3] = byte(unhashedSubpacketsLen)
+ serializeSubpackets(unhashedSubpackets[4:], sig.outSubpackets, false)
+ } else {
+ unhashedSubpackets = make([]byte, 2+unhashedSubpacketsLen)
+ unhashedSubpackets[0] = byte(unhashedSubpacketsLen >> 8)
+ unhashedSubpackets[1] = byte(unhashedSubpacketsLen)
+ serializeSubpackets(unhashedSubpackets[2:], sig.outSubpackets, false)
+ }
+
+ _, err = w.Write(unhashedSubpackets)
+ if err != nil {
+ return
+ }
+ _, err = w.Write(sig.HashTag[:])
+ if err != nil {
+ return
+ }
+
+ if sig.Version == 6 {
+ // write salt for v6 signatures
+ _, err = w.Write([]byte{uint8(len(sig.salt))})
+ if err != nil {
+ return
+ }
+ _, err = w.Write(sig.salt)
+ if err != nil {
+ return
+ }
+ }
+
+ switch sig.PubKeyAlgo {
+ case PubKeyAlgoRSA, PubKeyAlgoRSASignOnly:
+ _, err = w.Write(sig.RSASignature.EncodedBytes())
+ case PubKeyAlgoDSA:
+ if _, err = w.Write(sig.DSASigR.EncodedBytes()); err != nil {
+ return
+ }
+ _, err = w.Write(sig.DSASigS.EncodedBytes())
+ case PubKeyAlgoECDSA:
+ if _, err = w.Write(sig.ECDSASigR.EncodedBytes()); err != nil {
+ return
+ }
+ _, err = w.Write(sig.ECDSASigS.EncodedBytes())
+ case PubKeyAlgoEdDSA:
+ if _, err = w.Write(sig.EdDSASigR.EncodedBytes()); err != nil {
+ return
+ }
+ _, err = w.Write(sig.EdDSASigS.EncodedBytes())
+ case PubKeyAlgoEd25519:
+ err = ed25519.WriteSignature(w, sig.EdSig)
+ case PubKeyAlgoEd448:
+ err = ed448.WriteSignature(w, sig.EdSig)
+ default:
+ panic("impossible")
+ }
+ return
+}
+
+// outputSubpacket represents a subpacket to be marshaled.
+type outputSubpacket struct {
+ hashed bool // true if this subpacket is in the hashed area.
+ subpacketType signatureSubpacketType
+ isCritical bool
+ contents []byte
+}
+
+func (sig *Signature) buildSubpackets(issuer PublicKey) (subpackets []outputSubpacket, err error) {
+ creationTime := make([]byte, 4)
+ binary.BigEndian.PutUint32(creationTime, uint32(sig.CreationTime.Unix()))
+ // Signature Creation Time
+ subpackets = append(subpackets, outputSubpacket{true, creationTimeSubpacket, true, creationTime})
+ // Signature Expiration Time
+ if sig.SigLifetimeSecs != nil && *sig.SigLifetimeSecs != 0 {
+ sigLifetime := make([]byte, 4)
+ binary.BigEndian.PutUint32(sigLifetime, *sig.SigLifetimeSecs)
+ subpackets = append(subpackets, outputSubpacket{true, signatureExpirationSubpacket, true, sigLifetime})
+ }
+ // Trust Signature
+ if sig.TrustLevel != 0 {
+ subpackets = append(subpackets, outputSubpacket{true, trustSubpacket, true, []byte{byte(sig.TrustLevel), byte(sig.TrustAmount)}})
+ }
+ // Regular Expression
+ if sig.TrustRegularExpression != nil {
+ // RFC specifies the string should be null-terminated; add a null byte to the end
+ subpackets = append(subpackets, outputSubpacket{true, regularExpressionSubpacket, true, []byte(*sig.TrustRegularExpression + "\000")})
+ }
+ // Key Expiration Time
+ if sig.KeyLifetimeSecs != nil && *sig.KeyLifetimeSecs != 0 {
+ keyLifetime := make([]byte, 4)
+ binary.BigEndian.PutUint32(keyLifetime, *sig.KeyLifetimeSecs)
+ subpackets = append(subpackets, outputSubpacket{true, keyExpirationSubpacket, true, keyLifetime})
+ }
+ // Preferred Symmetric Ciphers for v1 SEIPD
+ if len(sig.PreferredSymmetric) > 0 {
+ subpackets = append(subpackets, outputSubpacket{true, prefSymmetricAlgosSubpacket, false, sig.PreferredSymmetric})
+ }
+ // Issuer Key ID
+ if sig.IssuerKeyId != nil && sig.Version == 4 {
+ keyId := make([]byte, 8)
+ binary.BigEndian.PutUint64(keyId, *sig.IssuerKeyId)
+ subpackets = append(subpackets, outputSubpacket{true, issuerSubpacket, true, keyId})
+ }
+ // Notation Data
+ for _, notation := range sig.Notations {
+ subpackets = append(
+ subpackets,
+ outputSubpacket{
+ true,
+ notationDataSubpacket,
+ notation.IsCritical,
+ notation.getData(),
+ })
+ }
+ // Preferred Hash Algorithms
+ if len(sig.PreferredHash) > 0 {
+ subpackets = append(subpackets, outputSubpacket{true, prefHashAlgosSubpacket, false, sig.PreferredHash})
+ }
+ // Preferred Compression Algorithms
+ if len(sig.PreferredCompression) > 0 {
+ subpackets = append(subpackets, outputSubpacket{true, prefCompressionSubpacket, false, sig.PreferredCompression})
+ }
+ // Keyserver Preferences
+ // Keyserver preferences may only appear in self-signatures or certification signatures.
+ if sig.KeyserverPrefsValid {
+ var prefs byte
+ if sig.KeyserverPrefNoModify {
+ prefs |= KeyserverPrefNoModify
+ }
+ subpackets = append(subpackets, outputSubpacket{true, keyserverPrefsSubpacket, false, []byte{prefs}})
+ }
+ // Preferred Keyserver
+ if len(sig.PreferredKeyserver) > 0 {
+ subpackets = append(subpackets, outputSubpacket{true, prefKeyserverSubpacket, false, []uint8(sig.PreferredKeyserver)})
+ }
+ // Primary User ID
+ if sig.IsPrimaryId != nil && *sig.IsPrimaryId {
+ subpackets = append(subpackets, outputSubpacket{true, primaryUserIdSubpacket, false, []byte{1}})
+ }
+ // Policy URI
+ if len(sig.PolicyURI) > 0 {
+ subpackets = append(subpackets, outputSubpacket{true, policyUriSubpacket, false, []uint8(sig.PolicyURI)})
+ }
+ // Key Flags
+ // Key flags may only appear in self-signatures or certification signatures.
+ if sig.FlagsValid {
+ var flags byte
+ if sig.FlagCertify {
+ flags |= KeyFlagCertify
+ }
+ if sig.FlagSign {
+ flags |= KeyFlagSign
+ }
+ if sig.FlagEncryptCommunications {
+ flags |= KeyFlagEncryptCommunications
+ }
+ if sig.FlagEncryptStorage {
+ flags |= KeyFlagEncryptStorage
+ }
+ if sig.FlagSplitKey {
+ flags |= KeyFlagSplitKey
+ }
+ if sig.FlagAuthenticate {
+ flags |= KeyFlagAuthenticate
+ }
+ if sig.FlagGroupKey {
+ flags |= KeyFlagGroupKey
+ }
+ subpackets = append(subpackets, outputSubpacket{true, keyFlagsSubpacket, true, []byte{flags}})
+ }
+ // Signer's User ID
+ if sig.SignerUserId != nil {
+ subpackets = append(subpackets, outputSubpacket{true, signerUserIdSubpacket, false, []byte(*sig.SignerUserId)})
+ }
+ // Reason for Revocation
+ // Revocation reason appears only in revocation signatures and is serialized as per section 5.2.3.31.
+ if sig.RevocationReason != nil {
+ subpackets = append(subpackets, outputSubpacket{true, reasonForRevocationSubpacket, true,
+ append([]uint8{uint8(*sig.RevocationReason)}, []uint8(sig.RevocationReasonText)...)})
+ }
+ // Features
+ var features = byte(0x00)
+ if sig.SEIPDv1 {
+ features |= 0x01
+ }
+ if sig.SEIPDv2 {
+ features |= 0x08
+ }
+ if features != 0x00 {
+ subpackets = append(subpackets, outputSubpacket{true, featuresSubpacket, false, []byte{features}})
+ }
+ // Embedded Signature
+ // EmbeddedSignature appears only in subkeys capable of signing and is serialized as per section 5.2.3.34.
+ if sig.EmbeddedSignature != nil {
+ var buf bytes.Buffer
+ err = sig.EmbeddedSignature.serializeBody(&buf)
+ if err != nil {
+ return
+ }
+ subpackets = append(subpackets, outputSubpacket{true, embeddedSignatureSubpacket, true, buf.Bytes()})
+ }
+ // Issuer Fingerprint
+ if sig.IssuerFingerprint != nil {
+ contents := append([]uint8{uint8(issuer.Version)}, sig.IssuerFingerprint...)
+ subpackets = append(subpackets, outputSubpacket{true, issuerFingerprintSubpacket, sig.Version >= 5, contents})
+ }
+ // Intended Recipient Fingerprint
+ for _, recipient := range sig.IntendedRecipients {
+ subpackets = append(
+ subpackets,
+ outputSubpacket{
+ true,
+ intendedRecipientSubpacket,
+ false,
+ recipient.Serialize(),
+ })
+ }
+ // Preferred AEAD Ciphersuites
+ if len(sig.PreferredCipherSuites) > 0 {
+ serialized := make([]byte, len(sig.PreferredCipherSuites)*2)
+ for i, cipherSuite := range sig.PreferredCipherSuites {
+ serialized[2*i] = cipherSuite[0]
+ serialized[2*i+1] = cipherSuite[1]
+ }
+ subpackets = append(subpackets, outputSubpacket{true, prefCipherSuitesSubpacket, false, serialized})
+ }
+ return
+}
+
+// AddMetadataToHashSuffix modifies the current hash suffix to include metadata
+// (format, filename, and time). Version 5 keys protect this data including it
+// in the hash computation. See section 5.2.4.
+func (sig *Signature) AddMetadataToHashSuffix() {
+ if sig == nil || sig.Version != 5 {
+ return
+ }
+ if sig.SigType != 0x00 && sig.SigType != 0x01 {
+ return
+ }
+ lit := sig.Metadata
+ if lit == nil {
+ // This will translate into six 0x00 bytes.
+ lit = &LiteralData{}
+ }
+
+ // Extract the current byte count
+ n := sig.HashSuffix[len(sig.HashSuffix)-8:]
+ l := uint64(
+ uint64(n[0])<<56 | uint64(n[1])<<48 | uint64(n[2])<<40 | uint64(n[3])<<32 |
+ uint64(n[4])<<24 | uint64(n[5])<<16 | uint64(n[6])<<8 | uint64(n[7]))
+
+ suffix := bytes.NewBuffer(nil)
+ suffix.Write(sig.HashSuffix[:l])
+
+ // Add the metadata
+ var buf [4]byte
+ buf[0] = lit.Format
+ fileName := lit.FileName
+ if len(lit.FileName) > 255 {
+ fileName = fileName[:255]
+ }
+ buf[1] = byte(len(fileName))
+ suffix.Write(buf[:2])
+ suffix.Write([]byte(lit.FileName))
+ binary.BigEndian.PutUint32(buf[:], lit.Time)
+ suffix.Write(buf[:])
+
+ suffix.Write([]byte{0x05, 0xff})
+ suffix.Write([]byte{
+ uint8(l >> 56), uint8(l >> 48), uint8(l >> 40), uint8(l >> 32),
+ uint8(l >> 24), uint8(l >> 16), uint8(l >> 8), uint8(l),
+ })
+ sig.HashSuffix = suffix.Bytes()
+}
+
+// SaltLengthForHash selects the required salt length for the given hash algorithm,
+// as per Table 23 (Hash algorithm registry) of the crypto refresh.
+// See RFC 9580 Section 9.5.
+func SaltLengthForHash(hash crypto.Hash) (int, error) {
+ switch hash {
+ case crypto.SHA256, crypto.SHA224, crypto.SHA3_256:
+ return 16, nil
+ case crypto.SHA384:
+ return 24, nil
+ case crypto.SHA512, crypto.SHA3_512:
+ return 32, nil
+ default:
+ return 0, errors.UnsupportedError("hash function not supported for V6 signatures")
+ }
+}
+
+// SignatureSaltForHash generates a random signature salt
+// with the length for the given hash algorithm.
+// See RFC 9580 Section 9.5.
+func SignatureSaltForHash(hash crypto.Hash, randReader io.Reader) ([]byte, error) {
+ saltLength, err := SaltLengthForHash(hash)
+ if err != nil {
+ return nil, err
+ }
+ salt := make([]byte, saltLength)
+ _, err = io.ReadFull(randReader, salt)
+ if err != nil {
+ return nil, err
+ }
+ return salt, nil
+}
+
+// removeNotationsWithName removes all notations in this signature with the given name.
+func (sig *Signature) removeNotationsWithName(name string) {
+ if sig == nil || sig.Notations == nil {
+ return
+ }
+ updatedNotations := make([]*Notation, 0, len(sig.Notations))
+ for _, notation := range sig.Notations {
+ if notation.Name != name {
+ updatedNotations = append(updatedNotations, notation)
+ }
+ }
+ sig.Notations = updatedNotations
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go
new file mode 100644
index 0000000000000000000000000000000000000000..2812a1db88d132451731760e94bd6d53db415daa
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetric_key_encrypted.go
@@ -0,0 +1,331 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "bytes"
+ "crypto/cipher"
+ "crypto/sha256"
+ "io"
+ "strconv"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "github.com/ProtonMail/go-crypto/openpgp/s2k"
+ "golang.org/x/crypto/hkdf"
+)
+
+// This is the largest session key that we'll support. Since at most 256-bit cipher
+// is supported in OpenPGP, this is large enough to contain also the auth tag.
+const maxSessionKeySizeInBytes = 64
+
+// SymmetricKeyEncrypted represents a passphrase protected session key. See RFC
+// 4880, section 5.3.
+type SymmetricKeyEncrypted struct {
+ Version int
+ CipherFunc CipherFunction
+ Mode AEADMode
+ s2k func(out, in []byte)
+ iv []byte
+ encryptedKey []byte // Contains also the authentication tag for AEAD
+}
+
+// parse parses an SymmetricKeyEncrypted packet as specified in
+// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#name-symmetric-key-encrypted-ses
+func (ske *SymmetricKeyEncrypted) parse(r io.Reader) error {
+ var buf [1]byte
+
+ // Version
+ if _, err := readFull(r, buf[:]); err != nil {
+ return err
+ }
+ ske.Version = int(buf[0])
+ if ske.Version != 4 && ske.Version != 5 && ske.Version != 6 {
+ return errors.UnsupportedError("unknown SymmetricKeyEncrypted version")
+ }
+
+ if V5Disabled && ske.Version == 5 {
+ return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed")
+ }
+
+ if ske.Version > 5 {
+ // Scalar octet count
+ if _, err := readFull(r, buf[:]); err != nil {
+ return err
+ }
+ }
+
+ // Cipher function
+ if _, err := readFull(r, buf[:]); err != nil {
+ return err
+ }
+ ske.CipherFunc = CipherFunction(buf[0])
+ if !ske.CipherFunc.IsSupported() {
+ return errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(buf[0])))
+ }
+
+ if ske.Version >= 5 {
+ // AEAD mode
+ if _, err := readFull(r, buf[:]); err != nil {
+ return errors.StructuralError("cannot read AEAD octet from packet")
+ }
+ ske.Mode = AEADMode(buf[0])
+ }
+
+ if ske.Version > 5 {
+ // Scalar octet count
+ if _, err := readFull(r, buf[:]); err != nil {
+ return err
+ }
+ }
+
+ var err error
+ if ske.s2k, err = s2k.Parse(r); err != nil {
+ if _, ok := err.(errors.ErrDummyPrivateKey); ok {
+ return errors.UnsupportedError("missing key GNU extension in session key")
+ }
+ return err
+ }
+
+ if ske.Version >= 5 {
+ // AEAD IV
+ iv := make([]byte, ske.Mode.IvLength())
+ _, err := readFull(r, iv)
+ if err != nil {
+ return errors.StructuralError("cannot read AEAD IV")
+ }
+
+ ske.iv = iv
+ }
+
+ encryptedKey := make([]byte, maxSessionKeySizeInBytes)
+ // The session key may follow. We just have to try and read to find
+ // out. If it exists then we limit it to maxSessionKeySizeInBytes.
+ n, err := readFull(r, encryptedKey)
+ if err != nil && err != io.ErrUnexpectedEOF {
+ return err
+ }
+
+ if n != 0 {
+ if n == maxSessionKeySizeInBytes {
+ return errors.UnsupportedError("oversized encrypted session key")
+ }
+ ske.encryptedKey = encryptedKey[:n]
+ }
+ return nil
+}
+
+// Decrypt attempts to decrypt an encrypted session key and returns the key and
+// the cipher to use when decrypting a subsequent Symmetrically Encrypted Data
+// packet.
+func (ske *SymmetricKeyEncrypted) Decrypt(passphrase []byte) ([]byte, CipherFunction, error) {
+ key := make([]byte, ske.CipherFunc.KeySize())
+ ske.s2k(key, passphrase)
+ if len(ske.encryptedKey) == 0 {
+ return key, ske.CipherFunc, nil
+ }
+ switch ske.Version {
+ case 4:
+ plaintextKey, cipherFunc, err := ske.decryptV4(key)
+ return plaintextKey, cipherFunc, err
+ case 5, 6:
+ plaintextKey, err := ske.aeadDecrypt(ske.Version, key)
+ return plaintextKey, CipherFunction(0), err
+ }
+ err := errors.UnsupportedError("unknown SymmetricKeyEncrypted version")
+ return nil, CipherFunction(0), err
+}
+
+func (ske *SymmetricKeyEncrypted) decryptV4(key []byte) ([]byte, CipherFunction, error) {
+ // the IV is all zeros
+ iv := make([]byte, ske.CipherFunc.blockSize())
+ c := cipher.NewCFBDecrypter(ske.CipherFunc.new(key), iv)
+ plaintextKey := make([]byte, len(ske.encryptedKey))
+ c.XORKeyStream(plaintextKey, ske.encryptedKey)
+ cipherFunc := CipherFunction(plaintextKey[0])
+ if cipherFunc.blockSize() == 0 {
+ return nil, ske.CipherFunc, errors.UnsupportedError(
+ "unknown cipher: " + strconv.Itoa(int(cipherFunc)))
+ }
+ plaintextKey = plaintextKey[1:]
+ if len(plaintextKey) != cipherFunc.KeySize() {
+ return nil, cipherFunc, errors.StructuralError(
+ "length of decrypted key not equal to cipher keysize")
+ }
+ return plaintextKey, cipherFunc, nil
+}
+
+func (ske *SymmetricKeyEncrypted) aeadDecrypt(version int, key []byte) ([]byte, error) {
+ adata := []byte{0xc3, byte(version), byte(ske.CipherFunc), byte(ske.Mode)}
+ aead := getEncryptedKeyAeadInstance(ske.CipherFunc, ske.Mode, key, adata, version)
+
+ plaintextKey, err := aead.Open(nil, ske.iv, ske.encryptedKey, adata)
+ if err != nil {
+ return nil, err
+ }
+ return plaintextKey, nil
+}
+
+// SerializeSymmetricKeyEncrypted serializes a symmetric key packet to w.
+// The packet contains a random session key, encrypted by a key derived from
+// the given passphrase. The session key is returned and must be passed to
+// SerializeSymmetricallyEncrypted.
+// If config is nil, sensible defaults will be used.
+func SerializeSymmetricKeyEncrypted(w io.Writer, passphrase []byte, config *Config) (key []byte, err error) {
+ cipherFunc := config.Cipher()
+
+ sessionKey := make([]byte, cipherFunc.KeySize())
+ _, err = io.ReadFull(config.Random(), sessionKey)
+ if err != nil {
+ return
+ }
+
+ err = SerializeSymmetricKeyEncryptedReuseKey(w, sessionKey, passphrase, config)
+ if err != nil {
+ return
+ }
+
+ key = sessionKey
+ return
+}
+
+// SerializeSymmetricKeyEncryptedReuseKey serializes a symmetric key packet to w.
+// The packet contains the given session key, encrypted by a key derived from
+// the given passphrase. The returned session key must be passed to
+// SerializeSymmetricallyEncrypted.
+// If config is nil, sensible defaults will be used.
+// Deprecated: Use SerializeSymmetricKeyEncryptedAEADReuseKey instead.
+func SerializeSymmetricKeyEncryptedReuseKey(w io.Writer, sessionKey []byte, passphrase []byte, config *Config) (err error) {
+ return SerializeSymmetricKeyEncryptedAEADReuseKey(w, sessionKey, passphrase, config.AEAD() != nil, config)
+}
+
+// SerializeSymmetricKeyEncryptedAEADReuseKey serializes a symmetric key packet to w.
+// The packet contains the given session key, encrypted by a key derived from
+// the given passphrase. The returned session key must be passed to
+// SerializeSymmetricallyEncrypted.
+// If aeadSupported is set, SKESK v6 is used, otherwise v4.
+// Note: aeadSupported MUST match the value passed to SerializeSymmetricallyEncrypted.
+// If config is nil, sensible defaults will be used.
+func SerializeSymmetricKeyEncryptedAEADReuseKey(w io.Writer, sessionKey []byte, passphrase []byte, aeadSupported bool, config *Config) (err error) {
+ var version int
+ if aeadSupported {
+ version = 6
+ } else {
+ version = 4
+ }
+ cipherFunc := config.Cipher()
+ // cipherFunc must be AES
+ if !cipherFunc.IsSupported() || cipherFunc < CipherAES128 || cipherFunc > CipherAES256 {
+ return errors.UnsupportedError("unsupported cipher: " + strconv.Itoa(int(cipherFunc)))
+ }
+
+ keySize := cipherFunc.KeySize()
+ s2kBuf := new(bytes.Buffer)
+ keyEncryptingKey := make([]byte, keySize)
+ // s2k.Serialize salts and stretches the passphrase, and writes the
+ // resulting key to keyEncryptingKey and the s2k descriptor to s2kBuf.
+ err = s2k.Serialize(s2kBuf, keyEncryptingKey, config.Random(), passphrase, config.S2K())
+ if err != nil {
+ return
+ }
+ s2kBytes := s2kBuf.Bytes()
+
+ var packetLength int
+ switch version {
+ case 4:
+ packetLength = 2 /* header */ + len(s2kBytes) + 1 /* cipher type */ + keySize
+ case 5, 6:
+ ivLen := config.AEAD().Mode().IvLength()
+ tagLen := config.AEAD().Mode().TagLength()
+ packetLength = 3 + len(s2kBytes) + ivLen + keySize + tagLen
+ }
+ if version > 5 {
+ packetLength += 2 // additional octet count fields
+ }
+
+ err = serializeHeader(w, packetTypeSymmetricKeyEncrypted, packetLength)
+ if err != nil {
+ return
+ }
+
+ // Symmetric Key Encrypted Version
+ buf := []byte{byte(version)}
+
+ if version > 5 {
+ // Scalar octet count
+ buf = append(buf, byte(3+len(s2kBytes)+config.AEAD().Mode().IvLength()))
+ }
+
+ // Cipher function
+ buf = append(buf, byte(cipherFunc))
+
+ if version >= 5 {
+ // AEAD mode
+ buf = append(buf, byte(config.AEAD().Mode()))
+ }
+ if version > 5 {
+ // Scalar octet count
+ buf = append(buf, byte(len(s2kBytes)))
+ }
+ _, err = w.Write(buf)
+ if err != nil {
+ return
+ }
+ _, err = w.Write(s2kBytes)
+ if err != nil {
+ return
+ }
+
+ switch version {
+ case 4:
+ iv := make([]byte, cipherFunc.blockSize())
+ c := cipher.NewCFBEncrypter(cipherFunc.new(keyEncryptingKey), iv)
+ encryptedCipherAndKey := make([]byte, keySize+1)
+ c.XORKeyStream(encryptedCipherAndKey, buf[1:])
+ c.XORKeyStream(encryptedCipherAndKey[1:], sessionKey)
+ _, err = w.Write(encryptedCipherAndKey)
+ if err != nil {
+ return
+ }
+ case 5, 6:
+ mode := config.AEAD().Mode()
+ adata := []byte{0xc3, byte(version), byte(cipherFunc), byte(mode)}
+ aead := getEncryptedKeyAeadInstance(cipherFunc, mode, keyEncryptingKey, adata, version)
+
+ // Sample iv using random reader
+ iv := make([]byte, config.AEAD().Mode().IvLength())
+ _, err = io.ReadFull(config.Random(), iv)
+ if err != nil {
+ return
+ }
+ // Seal and write (encryptedData includes auth. tag)
+
+ encryptedData := aead.Seal(nil, iv, sessionKey, adata)
+ _, err = w.Write(iv)
+ if err != nil {
+ return
+ }
+ _, err = w.Write(encryptedData)
+ if err != nil {
+ return
+ }
+ }
+
+ return
+}
+
+func getEncryptedKeyAeadInstance(c CipherFunction, mode AEADMode, inputKey, associatedData []byte, version int) (aead cipher.AEAD) {
+ var blockCipher cipher.Block
+ if version > 5 {
+ hkdfReader := hkdf.New(sha256.New, inputKey, []byte{}, associatedData)
+
+ encryptionKey := make([]byte, c.KeySize())
+ _, _ = readFull(hkdfReader, encryptionKey)
+
+ blockCipher = c.new(encryptionKey)
+ } else {
+ blockCipher = c.new(inputKey)
+ }
+ return mode.new(blockCipher)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go
new file mode 100644
index 0000000000000000000000000000000000000000..0e898742cf0af2ee69ea48e87a36d6f9326684b1
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted.go
@@ -0,0 +1,94 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+)
+
+const aeadSaltSize = 32
+
+// SymmetricallyEncrypted represents a symmetrically encrypted byte string. The
+// encrypted Contents will consist of more OpenPGP packets. See RFC 4880,
+// sections 5.7 and 5.13.
+type SymmetricallyEncrypted struct {
+ Version int
+ Contents io.Reader // contains tag for version 2
+ IntegrityProtected bool // If true it is type 18 (with MDC or AEAD). False is packet type 9
+
+ // Specific to version 1
+ prefix []byte
+
+ // Specific to version 2
+ Cipher CipherFunction
+ Mode AEADMode
+ ChunkSizeByte byte
+ Salt [aeadSaltSize]byte
+}
+
+const (
+ symmetricallyEncryptedVersionMdc = 1
+ symmetricallyEncryptedVersionAead = 2
+)
+
+func (se *SymmetricallyEncrypted) parse(r io.Reader) error {
+ if se.IntegrityProtected {
+ // See RFC 4880, section 5.13.
+ var buf [1]byte
+ _, err := readFull(r, buf[:])
+ if err != nil {
+ return err
+ }
+
+ switch buf[0] {
+ case symmetricallyEncryptedVersionMdc:
+ se.Version = symmetricallyEncryptedVersionMdc
+ case symmetricallyEncryptedVersionAead:
+ se.Version = symmetricallyEncryptedVersionAead
+ if err := se.parseAead(r); err != nil {
+ return err
+ }
+ default:
+ return errors.UnsupportedError("unknown SymmetricallyEncrypted version")
+ }
+ }
+ se.Contents = r
+ return nil
+}
+
+// Decrypt returns a ReadCloser, from which the decrypted Contents of the
+// packet can be read. An incorrect key will only be detected after trying
+// to decrypt the entire data.
+func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) {
+ if se.Version == symmetricallyEncryptedVersionAead {
+ return se.decryptAead(key)
+ }
+
+ return se.decryptMdc(c, key)
+}
+
+// SerializeSymmetricallyEncrypted serializes a symmetrically encrypted packet
+// to w and returns a WriteCloser to which the to-be-encrypted packets can be
+// written.
+// If aeadSupported is set to true, SEIPDv2 is used with the indicated CipherSuite.
+// Otherwise, SEIPDv1 is used with the indicated CipherFunction.
+// Note: aeadSupported MUST match the value passed to SerializeEncryptedKeyAEAD
+// and/or SerializeSymmetricKeyEncryptedAEADReuseKey.
+// If config is nil, sensible defaults will be used.
+func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, aeadSupported bool, cipherSuite CipherSuite, key []byte, config *Config) (Contents io.WriteCloser, err error) {
+ writeCloser := noOpCloser{w}
+ ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedIntegrityProtected)
+ if err != nil {
+ return
+ }
+
+ if aeadSupported {
+ return serializeSymmetricallyEncryptedAead(ciphertext, cipherSuite, config.AEADConfig.ChunkSizeByte(), config.Random(), key)
+ }
+
+ return serializeSymmetricallyEncryptedMdc(ciphertext, c, key, config)
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go
new file mode 100644
index 0000000000000000000000000000000000000000..3ddc4fe4a9f75c863de3fffe299ea871695b3bec
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_aead.go
@@ -0,0 +1,168 @@
+// Copyright 2023 Proton AG. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "crypto/cipher"
+ "crypto/sha256"
+ "fmt"
+ "io"
+ "strconv"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "golang.org/x/crypto/hkdf"
+)
+
+// parseAead parses a V2 SEIPD packet (AEAD) as specified in
+// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
+func (se *SymmetricallyEncrypted) parseAead(r io.Reader) error {
+ headerData := make([]byte, 3)
+ if n, err := io.ReadFull(r, headerData); n < 3 {
+ return errors.StructuralError("could not read aead header: " + err.Error())
+ }
+
+ // Cipher
+ se.Cipher = CipherFunction(headerData[0])
+ // cipherFunc must have block size 16 to use AEAD
+ if se.Cipher.blockSize() != 16 {
+ return errors.UnsupportedError("invalid aead cipher: " + strconv.Itoa(int(se.Cipher)))
+ }
+
+ // Mode
+ se.Mode = AEADMode(headerData[1])
+ if se.Mode.TagLength() == 0 {
+ return errors.UnsupportedError("unknown aead mode: " + strconv.Itoa(int(se.Mode)))
+ }
+
+ // Chunk size
+ se.ChunkSizeByte = headerData[2]
+ if se.ChunkSizeByte > 16 {
+ return errors.UnsupportedError("invalid aead chunk size byte: " + strconv.Itoa(int(se.ChunkSizeByte)))
+ }
+
+ // Salt
+ if n, err := io.ReadFull(r, se.Salt[:]); n < aeadSaltSize {
+ return errors.StructuralError("could not read aead salt: " + err.Error())
+ }
+
+ return nil
+}
+
+// associatedData for chunks: tag, version, cipher, mode, chunk size byte
+func (se *SymmetricallyEncrypted) associatedData() []byte {
+ return []byte{
+ 0xD2,
+ symmetricallyEncryptedVersionAead,
+ byte(se.Cipher),
+ byte(se.Mode),
+ se.ChunkSizeByte,
+ }
+}
+
+// decryptAead decrypts a V2 SEIPD packet (AEAD) as specified in
+// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
+func (se *SymmetricallyEncrypted) decryptAead(inputKey []byte) (io.ReadCloser, error) {
+ if se.Cipher.KeySize() != len(inputKey) {
+ return nil, errors.StructuralError(fmt.Sprintf("invalid session key length for cipher: got %d bytes, but expected %d bytes", len(inputKey), se.Cipher.KeySize()))
+ }
+
+ aead, nonce := getSymmetricallyEncryptedAeadInstance(se.Cipher, se.Mode, inputKey, se.Salt[:], se.associatedData())
+ // Carry the first tagLen bytes
+ chunkSize := decodeAEADChunkSize(se.ChunkSizeByte)
+ tagLen := se.Mode.TagLength()
+ chunkBytes := make([]byte, chunkSize+tagLen*2)
+ peekedBytes := chunkBytes[chunkSize+tagLen:]
+ n, err := io.ReadFull(se.Contents, peekedBytes)
+ if n < tagLen || (err != nil && err != io.EOF) {
+ return nil, errors.StructuralError("not enough data to decrypt:" + err.Error())
+ }
+
+ return &aeadDecrypter{
+ aeadCrypter: aeadCrypter{
+ aead: aead,
+ chunkSize: decodeAEADChunkSize(se.ChunkSizeByte),
+ nonce: nonce,
+ associatedData: se.associatedData(),
+ chunkIndex: nonce[len(nonce)-8:],
+ packetTag: packetTypeSymmetricallyEncryptedIntegrityProtected,
+ },
+ reader: se.Contents,
+ chunkBytes: chunkBytes,
+ peekedBytes: peekedBytes,
+ }, nil
+}
+
+// serializeSymmetricallyEncryptedAead encrypts to a writer a V2 SEIPD packet (AEAD) as specified in
+// https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.13.2
+func serializeSymmetricallyEncryptedAead(ciphertext io.WriteCloser, cipherSuite CipherSuite, chunkSizeByte byte, rand io.Reader, inputKey []byte) (Contents io.WriteCloser, err error) {
+ // cipherFunc must have block size 16 to use AEAD
+ if cipherSuite.Cipher.blockSize() != 16 {
+ return nil, errors.InvalidArgumentError("invalid aead cipher function")
+ }
+
+ if cipherSuite.Cipher.KeySize() != len(inputKey) {
+ return nil, errors.InvalidArgumentError("error in aead serialization: bad key length")
+ }
+
+ // Data for en/decryption: tag, version, cipher, aead mode, chunk size
+ prefix := []byte{
+ 0xD2,
+ symmetricallyEncryptedVersionAead,
+ byte(cipherSuite.Cipher),
+ byte(cipherSuite.Mode),
+ chunkSizeByte,
+ }
+
+ // Write header (that correspond to prefix except first byte)
+ n, err := ciphertext.Write(prefix[1:])
+ if err != nil || n < 4 {
+ return nil, err
+ }
+
+ // Random salt
+ salt := make([]byte, aeadSaltSize)
+ if _, err := io.ReadFull(rand, salt); err != nil {
+ return nil, err
+ }
+
+ if _, err := ciphertext.Write(salt); err != nil {
+ return nil, err
+ }
+
+ aead, nonce := getSymmetricallyEncryptedAeadInstance(cipherSuite.Cipher, cipherSuite.Mode, inputKey, salt, prefix)
+
+ chunkSize := decodeAEADChunkSize(chunkSizeByte)
+ tagLen := aead.Overhead()
+ chunkBytes := make([]byte, chunkSize+tagLen)
+ return &aeadEncrypter{
+ aeadCrypter: aeadCrypter{
+ aead: aead,
+ chunkSize: chunkSize,
+ associatedData: prefix,
+ nonce: nonce,
+ chunkIndex: nonce[len(nonce)-8:],
+ packetTag: packetTypeSymmetricallyEncryptedIntegrityProtected,
+ },
+ writer: ciphertext,
+ chunkBytes: chunkBytes,
+ }, nil
+}
+
+func getSymmetricallyEncryptedAeadInstance(c CipherFunction, mode AEADMode, inputKey, salt, associatedData []byte) (aead cipher.AEAD, nonce []byte) {
+ hkdfReader := hkdf.New(sha256.New, inputKey, salt, associatedData)
+
+ encryptionKey := make([]byte, c.KeySize())
+ _, _ = readFull(hkdfReader, encryptionKey)
+
+ nonce = make([]byte, mode.IvLength())
+
+ // Last 64 bits of nonce are the counter
+ _, _ = readFull(hkdfReader, nonce[:len(nonce)-8])
+
+ blockCipher := c.new(encryptionKey)
+ aead = mode.new(blockCipher)
+
+ return
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_mdc.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_mdc.go
new file mode 100644
index 0000000000000000000000000000000000000000..8b18623684995ebbc1f7d67b1df879cc745ce5e5
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/symmetrically_encrypted_mdc.go
@@ -0,0 +1,256 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "crypto/cipher"
+ "crypto/sha1"
+ "crypto/subtle"
+ "hash"
+ "io"
+ "strconv"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+)
+
+// seMdcReader wraps an io.Reader with a no-op Close method.
+type seMdcReader struct {
+ in io.Reader
+}
+
+func (ser seMdcReader) Read(buf []byte) (int, error) {
+ return ser.in.Read(buf)
+}
+
+func (ser seMdcReader) Close() error {
+ return nil
+}
+
+func (se *SymmetricallyEncrypted) decryptMdc(c CipherFunction, key []byte) (io.ReadCloser, error) {
+ if !c.IsSupported() {
+ return nil, errors.UnsupportedError("unsupported cipher: " + strconv.Itoa(int(c)))
+ }
+
+ if len(key) != c.KeySize() {
+ return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length")
+ }
+
+ if se.prefix == nil {
+ se.prefix = make([]byte, c.blockSize()+2)
+ _, err := readFull(se.Contents, se.prefix)
+ if err != nil {
+ return nil, err
+ }
+ } else if len(se.prefix) != c.blockSize()+2 {
+ return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths")
+ }
+
+ ocfbResync := OCFBResync
+ if se.IntegrityProtected {
+ // MDC packets use a different form of OCFB mode.
+ ocfbResync = OCFBNoResync
+ }
+
+ s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync)
+
+ plaintext := cipher.StreamReader{S: s, R: se.Contents}
+
+ if se.IntegrityProtected {
+ // IntegrityProtected packets have an embedded hash that we need to check.
+ h := sha1.New()
+ h.Write(se.prefix)
+ return &seMDCReader{in: plaintext, h: h}, nil
+ }
+
+ // Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser.
+ return seMdcReader{plaintext}, nil
+}
+
+const mdcTrailerSize = 1 /* tag byte */ + 1 /* length byte */ + sha1.Size
+
+// An seMDCReader wraps an io.Reader, maintains a running hash and keeps hold
+// of the most recent 22 bytes (mdcTrailerSize). Upon EOF, those bytes form an
+// MDC packet containing a hash of the previous Contents which is checked
+// against the running hash. See RFC 4880, section 5.13.
+type seMDCReader struct {
+ in io.Reader
+ h hash.Hash
+ trailer [mdcTrailerSize]byte
+ scratch [mdcTrailerSize]byte
+ trailerUsed int
+ error bool
+ eof bool
+}
+
+func (ser *seMDCReader) Read(buf []byte) (n int, err error) {
+ if ser.error {
+ err = io.ErrUnexpectedEOF
+ return
+ }
+ if ser.eof {
+ err = io.EOF
+ return
+ }
+
+ // If we haven't yet filled the trailer buffer then we must do that
+ // first.
+ for ser.trailerUsed < mdcTrailerSize {
+ n, err = ser.in.Read(ser.trailer[ser.trailerUsed:])
+ ser.trailerUsed += n
+ if err == io.EOF {
+ if ser.trailerUsed != mdcTrailerSize {
+ n = 0
+ err = io.ErrUnexpectedEOF
+ ser.error = true
+ return
+ }
+ ser.eof = true
+ n = 0
+ return
+ }
+
+ if err != nil {
+ n = 0
+ return
+ }
+ }
+
+ // If it's a short read then we read into a temporary buffer and shift
+ // the data into the caller's buffer.
+ if len(buf) <= mdcTrailerSize {
+ n, err = readFull(ser.in, ser.scratch[:len(buf)])
+ copy(buf, ser.trailer[:n])
+ ser.h.Write(buf[:n])
+ copy(ser.trailer[:], ser.trailer[n:])
+ copy(ser.trailer[mdcTrailerSize-n:], ser.scratch[:])
+ if n < len(buf) {
+ ser.eof = true
+ err = io.EOF
+ }
+ return
+ }
+
+ n, err = ser.in.Read(buf[mdcTrailerSize:])
+ copy(buf, ser.trailer[:])
+ ser.h.Write(buf[:n])
+ copy(ser.trailer[:], buf[n:])
+
+ if err == io.EOF {
+ ser.eof = true
+ }
+ return
+}
+
+// This is a new-format packet tag byte for a type 19 (Integrity Protected) packet.
+const mdcPacketTagByte = byte(0x80) | 0x40 | 19
+
+func (ser *seMDCReader) Close() error {
+ if ser.error {
+ return errors.ErrMDCHashMismatch
+ }
+
+ for !ser.eof {
+ // We haven't seen EOF so we need to read to the end
+ var buf [1024]byte
+ _, err := ser.Read(buf[:])
+ if err == io.EOF {
+ break
+ }
+ if err != nil {
+ return errors.ErrMDCHashMismatch
+ }
+ }
+
+ ser.h.Write(ser.trailer[:2])
+
+ final := ser.h.Sum(nil)
+ if subtle.ConstantTimeCompare(final, ser.trailer[2:]) != 1 {
+ return errors.ErrMDCHashMismatch
+ }
+ // The hash already includes the MDC header, but we still check its value
+ // to confirm encryption correctness
+ if ser.trailer[0] != mdcPacketTagByte || ser.trailer[1] != sha1.Size {
+ return errors.ErrMDCHashMismatch
+ }
+ return nil
+}
+
+// An seMDCWriter writes through to an io.WriteCloser while maintains a running
+// hash of the data written. On close, it emits an MDC packet containing the
+// running hash.
+type seMDCWriter struct {
+ w io.WriteCloser
+ h hash.Hash
+}
+
+func (w *seMDCWriter) Write(buf []byte) (n int, err error) {
+ w.h.Write(buf)
+ return w.w.Write(buf)
+}
+
+func (w *seMDCWriter) Close() (err error) {
+ var buf [mdcTrailerSize]byte
+
+ buf[0] = mdcPacketTagByte
+ buf[1] = sha1.Size
+ w.h.Write(buf[:2])
+ digest := w.h.Sum(nil)
+ copy(buf[2:], digest)
+
+ _, err = w.w.Write(buf[:])
+ if err != nil {
+ return
+ }
+ return w.w.Close()
+}
+
+// noOpCloser is like an ioutil.NopCloser, but for an io.Writer.
+type noOpCloser struct {
+ w io.Writer
+}
+
+func (c noOpCloser) Write(data []byte) (n int, err error) {
+ return c.w.Write(data)
+}
+
+func (c noOpCloser) Close() error {
+ return nil
+}
+
+func serializeSymmetricallyEncryptedMdc(ciphertext io.WriteCloser, c CipherFunction, key []byte, config *Config) (Contents io.WriteCloser, err error) {
+ // Disallow old cipher suites
+ if !c.IsSupported() || c < CipherAES128 {
+ return nil, errors.InvalidArgumentError("invalid mdc cipher function")
+ }
+
+ if c.KeySize() != len(key) {
+ return nil, errors.InvalidArgumentError("error in mdc serialization: bad key length")
+ }
+
+ _, err = ciphertext.Write([]byte{symmetricallyEncryptedVersionMdc})
+ if err != nil {
+ return
+ }
+
+ block := c.new(key)
+ blockSize := block.BlockSize()
+ iv := make([]byte, blockSize)
+ _, err = io.ReadFull(config.Random(), iv)
+ if err != nil {
+ return nil, err
+ }
+ s, prefix := NewOCFBEncrypter(block, iv, OCFBNoResync)
+ _, err = ciphertext.Write(prefix)
+ if err != nil {
+ return
+ }
+ plaintext := cipher.StreamWriter{S: s, W: ciphertext}
+
+ h := sha1.New()
+ h.Write(iv)
+ h.Write(iv[blockSize-2:])
+ Contents = &seMDCWriter{w: plaintext, h: h}
+ return
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userattribute.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userattribute.go
new file mode 100644
index 0000000000000000000000000000000000000000..63814ed1324016fcd7445e09b47edd8991a2d877
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userattribute.go
@@ -0,0 +1,100 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "bytes"
+ "image"
+ "image/jpeg"
+ "io"
+)
+
+const UserAttrImageSubpacket = 1
+
+// UserAttribute is capable of storing other types of data about a user
+// beyond name, email and a text comment. In practice, user attributes are typically used
+// to store a signed thumbnail photo JPEG image of the user.
+// See RFC 4880, section 5.12.
+type UserAttribute struct {
+ Contents []*OpaqueSubpacket
+}
+
+// NewUserAttributePhoto creates a user attribute packet
+// containing the given images.
+func NewUserAttributePhoto(photos ...image.Image) (uat *UserAttribute, err error) {
+ uat = new(UserAttribute)
+ for _, photo := range photos {
+ var buf bytes.Buffer
+ // RFC 4880, Section 5.12.1.
+ data := []byte{
+ 0x10, 0x00, // Little-endian image header length (16 bytes)
+ 0x01, // Image header version 1
+ 0x01, // JPEG
+ 0, 0, 0, 0, // 12 reserved octets, must be all zero.
+ 0, 0, 0, 0,
+ 0, 0, 0, 0}
+ if _, err = buf.Write(data); err != nil {
+ return
+ }
+ if err = jpeg.Encode(&buf, photo, nil); err != nil {
+ return
+ }
+
+ lengthBuf := make([]byte, 5)
+ n := serializeSubpacketLength(lengthBuf, len(buf.Bytes())+1)
+ lengthBuf = lengthBuf[:n]
+
+ uat.Contents = append(uat.Contents, &OpaqueSubpacket{
+ SubType: UserAttrImageSubpacket,
+ EncodedLength: lengthBuf,
+ Contents: buf.Bytes(),
+ })
+ }
+ return
+}
+
+// NewUserAttribute creates a new user attribute packet containing the given subpackets.
+func NewUserAttribute(contents ...*OpaqueSubpacket) *UserAttribute {
+ return &UserAttribute{Contents: contents}
+}
+
+func (uat *UserAttribute) parse(r io.Reader) (err error) {
+ // RFC 4880, section 5.13
+ b, err := io.ReadAll(r)
+ if err != nil {
+ return
+ }
+ uat.Contents, err = OpaqueSubpackets(b)
+ return
+}
+
+// Serialize marshals the user attribute to w in the form of an OpenPGP packet, including
+// header.
+func (uat *UserAttribute) Serialize(w io.Writer) (err error) {
+ var buf bytes.Buffer
+ for _, sp := range uat.Contents {
+ err = sp.Serialize(&buf)
+ if err != nil {
+ return err
+ }
+ }
+ if err = serializeHeader(w, packetTypeUserAttribute, buf.Len()); err != nil {
+ return err
+ }
+ _, err = w.Write(buf.Bytes())
+ return
+}
+
+// ImageData returns zero or more byte slices, each containing
+// JPEG File Interchange Format (JFIF), for each photo in the
+// user attribute packet.
+func (uat *UserAttribute) ImageData() (imageData [][]byte) {
+ for _, sp := range uat.Contents {
+ if sp.SubType == UserAttrImageSubpacket && len(sp.Contents) > 16 {
+ imageData = append(imageData, sp.Contents[16:])
+ }
+ }
+ return
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userid.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userid.go
new file mode 100644
index 0000000000000000000000000000000000000000..3c7451a3c36a3aee45156b8d875f8de46ee4d029
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/packet/userid.go
@@ -0,0 +1,166 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packet
+
+import (
+ "io"
+ "strings"
+)
+
+// UserId contains text that is intended to represent the name and email
+// address of the key holder. See RFC 4880, section 5.11. By convention, this
+// takes the form "Full Name (Comment) <email@example.com>"
+type UserId struct {
+ Id string // By convention, this takes the form "Full Name (Comment) <email@example.com>" which is split out in the fields below.
+
+ Name, Comment, Email string
+}
+
+func hasInvalidCharacters(s string) bool {
+ for _, c := range s {
+ switch c {
+ case '(', ')', '<', '>', 0:
+ return true
+ }
+ }
+ return false
+}
+
+// NewUserId returns a UserId or nil if any of the arguments contain invalid
+// characters. The invalid characters are '\x00', '(', ')', '<' and '>'
+func NewUserId(name, comment, email string) *UserId {
+ // RFC 4880 doesn't deal with the structure of userid strings; the
+ // name, comment and email form is just a convention. However, there's
+ // no convention about escaping the metacharacters and GPG just refuses
+ // to create user ids where, say, the name contains a '('. We mirror
+ // this behaviour.
+
+ if hasInvalidCharacters(name) || hasInvalidCharacters(comment) || hasInvalidCharacters(email) {
+ return nil
+ }
+
+ uid := new(UserId)
+ uid.Name, uid.Comment, uid.Email = name, comment, email
+ uid.Id = name
+ if len(comment) > 0 {
+ if len(uid.Id) > 0 {
+ uid.Id += " "
+ }
+ uid.Id += "("
+ uid.Id += comment
+ uid.Id += ")"
+ }
+ if len(email) > 0 {
+ if len(uid.Id) > 0 {
+ uid.Id += " "
+ }
+ uid.Id += "<"
+ uid.Id += email
+ uid.Id += ">"
+ }
+ return uid
+}
+
+func (uid *UserId) parse(r io.Reader) (err error) {
+ // RFC 4880, section 5.11
+ b, err := io.ReadAll(r)
+ if err != nil {
+ return
+ }
+ uid.Id = string(b)
+ uid.Name, uid.Comment, uid.Email = parseUserId(uid.Id)
+ return
+}
+
+// Serialize marshals uid to w in the form of an OpenPGP packet, including
+// header.
+func (uid *UserId) Serialize(w io.Writer) error {
+ err := serializeHeader(w, packetTypeUserId, len(uid.Id))
+ if err != nil {
+ return err
+ }
+ _, err = w.Write([]byte(uid.Id))
+ return err
+}
+
+// parseUserId extracts the name, comment and email from a user id string that
+// is formatted as "Full Name (Comment) <email@example.com>".
+func parseUserId(id string) (name, comment, email string) {
+ var n, c, e struct {
+ start, end int
+ }
+ var state int
+
+ for offset, rune := range id {
+ switch state {
+ case 0:
+ // Entering name
+ n.start = offset
+ state = 1
+ fallthrough
+ case 1:
+ // In name
+ if rune == '(' {
+ state = 2
+ n.end = offset
+ } else if rune == '<' {
+ state = 5
+ n.end = offset
+ }
+ case 2:
+ // Entering comment
+ c.start = offset
+ state = 3
+ fallthrough
+ case 3:
+ // In comment
+ if rune == ')' {
+ state = 4
+ c.end = offset
+ }
+ case 4:
+ // Between comment and email
+ if rune == '<' {
+ state = 5
+ }
+ case 5:
+ // Entering email
+ e.start = offset
+ state = 6
+ fallthrough
+ case 6:
+ // In email
+ if rune == '>' {
+ state = 7
+ e.end = offset
+ }
+ default:
+ // After email
+ }
+ }
+ switch state {
+ case 1:
+ // ended in the name
+ n.end = len(id)
+ case 3:
+ // ended in comment
+ c.end = len(id)
+ case 6:
+ // ended in email
+ e.end = len(id)
+ }
+
+ name = strings.TrimSpace(id[n.start:n.end])
+ comment = strings.TrimSpace(id[c.start:c.end])
+ email = strings.TrimSpace(id[e.start:e.end])
+
+ // RFC 2822 3.4: alternate simple form of a mailbox
+ if email == "" && strings.ContainsRune(name, '@') {
+ email = name
+ name = ""
+ }
+
+ return
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go
new file mode 100644
index 0000000000000000000000000000000000000000..e6dd9b5fd30d25d0d9dae136dfc6b9eb266b5c9a
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/read.go
@@ -0,0 +1,619 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package openpgp implements high level operations on OpenPGP messages.
+package openpgp // import "github.com/ProtonMail/go-crypto/openpgp"
+
+import (
+ "crypto"
+ _ "crypto/sha256"
+ _ "crypto/sha512"
+ "hash"
+ "io"
+ "strconv"
+
+ "github.com/ProtonMail/go-crypto/openpgp/armor"
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
+ "github.com/ProtonMail/go-crypto/openpgp/packet"
+ _ "golang.org/x/crypto/sha3"
+)
+
+// SignatureType is the armor type for a PGP signature.
+var SignatureType = "PGP SIGNATURE"
+
+// readArmored reads an armored block with the given type.
+func readArmored(r io.Reader, expectedType string) (body io.Reader, err error) {
+ block, err := armor.Decode(r)
+ if err != nil {
+ return
+ }
+
+ if block.Type != expectedType {
+ return nil, errors.InvalidArgumentError("expected '" + expectedType + "', got: " + block.Type)
+ }
+
+ return block.Body, nil
+}
+
+// MessageDetails contains the result of parsing an OpenPGP encrypted and/or
+// signed message.
+type MessageDetails struct {
+ IsEncrypted bool // true if the message was encrypted.
+ EncryptedToKeyIds []uint64 // the list of recipient key ids.
+ IsSymmetricallyEncrypted bool // true if a passphrase could have decrypted the message.
+ DecryptedWith Key // the private key used to decrypt the message, if any.
+ IsSigned bool // true if the message is signed.
+ SignedByKeyId uint64 // the key id of the signer, if any.
+ SignedByFingerprint []byte // the key fingerprint of the signer, if any.
+ SignedBy *Key // the key of the signer, if available.
+ LiteralData *packet.LiteralData // the metadata of the contents
+ UnverifiedBody io.Reader // the contents of the message.
+
+ // If IsSigned is true and SignedBy is non-zero then the signature will
+ // be verified as UnverifiedBody is read. The signature cannot be
+ // checked until the whole of UnverifiedBody is read so UnverifiedBody
+ // must be consumed until EOF before the data can be trusted. Even if a
+ // message isn't signed (or the signer is unknown) the data may contain
+ // an authentication code that is only checked once UnverifiedBody has
+ // been consumed. Once EOF has been seen, the following fields are
+ // valid. (An authentication code failure is reported as a
+ // SignatureError error when reading from UnverifiedBody.)
+ Signature *packet.Signature // the signature packet itself.
+ SignatureError error // nil if the signature is good.
+ UnverifiedSignatures []*packet.Signature // all other unverified signature packets.
+
+ decrypted io.ReadCloser
+}
+
+// A PromptFunction is used as a callback by functions that may need to decrypt
+// a private key, or prompt for a passphrase. It is called with a list of
+// acceptable, encrypted private keys and a boolean that indicates whether a
+// passphrase is usable. It should either decrypt a private key or return a
+// passphrase to try. If the decrypted private key or given passphrase isn't
+// correct, the function will be called again, forever. Any error returned will
+// be passed up.
+type PromptFunction func(keys []Key, symmetric bool) ([]byte, error)
+
+// A keyEnvelopePair is used to store a private key with the envelope that
+// contains a symmetric key, encrypted with that key.
+type keyEnvelopePair struct {
+ key Key
+ encryptedKey *packet.EncryptedKey
+}
+
+// ReadMessage parses an OpenPGP message that may be signed and/or encrypted.
+// The given KeyRing should contain both public keys (for signature
+// verification) and, possibly encrypted, private keys for decrypting.
+// If config is nil, sensible defaults will be used.
+func ReadMessage(r io.Reader, keyring KeyRing, prompt PromptFunction, config *packet.Config) (md *MessageDetails, err error) {
+ var p packet.Packet
+
+ var symKeys []*packet.SymmetricKeyEncrypted
+ var pubKeys []keyEnvelopePair
+ // Integrity protected encrypted packet: SymmetricallyEncrypted or AEADEncrypted
+ var edp packet.EncryptedDataPacket
+
+ packets := packet.NewReader(r)
+ md = new(MessageDetails)
+ md.IsEncrypted = true
+
+ // The message, if encrypted, starts with a number of packets
+ // containing an encrypted decryption key. The decryption key is either
+ // encrypted to a public key, or with a passphrase. This loop
+ // collects these packets.
+ParsePackets:
+ for {
+ p, err = packets.Next()
+ if err != nil {
+ return nil, err
+ }
+ switch p := p.(type) {
+ case *packet.SymmetricKeyEncrypted:
+ // This packet contains the decryption key encrypted with a passphrase.
+ md.IsSymmetricallyEncrypted = true
+ symKeys = append(symKeys, p)
+ case *packet.EncryptedKey:
+ // This packet contains the decryption key encrypted to a public key.
+ md.EncryptedToKeyIds = append(md.EncryptedToKeyIds, p.KeyId)
+ switch p.Algo {
+ case packet.PubKeyAlgoRSA, packet.PubKeyAlgoRSAEncryptOnly, packet.PubKeyAlgoElGamal, packet.PubKeyAlgoECDH, packet.PubKeyAlgoX25519, packet.PubKeyAlgoX448:
+ break
+ default:
+ continue
+ }
+ if keyring != nil {
+ var keys []Key
+ if p.KeyId == 0 {
+ keys = keyring.DecryptionKeys()
+ } else {
+ keys = keyring.KeysById(p.KeyId)
+ }
+ for _, k := range keys {
+ pubKeys = append(pubKeys, keyEnvelopePair{k, p})
+ }
+ }
+ case *packet.SymmetricallyEncrypted:
+ if !p.IntegrityProtected && !config.AllowUnauthenticatedMessages() {
+ return nil, errors.UnsupportedError("message is not integrity protected")
+ }
+ edp = p
+ break ParsePackets
+ case *packet.AEADEncrypted:
+ edp = p
+ break ParsePackets
+ case *packet.Compressed, *packet.LiteralData, *packet.OnePassSignature:
+ // This message isn't encrypted.
+ if len(symKeys) != 0 || len(pubKeys) != 0 {
+ return nil, errors.StructuralError("key material not followed by encrypted message")
+ }
+ packets.Unread(p)
+ return readSignedMessage(packets, nil, keyring, config)
+ }
+ }
+
+ var candidates []Key
+ var decrypted io.ReadCloser
+
+ // Now that we have the list of encrypted keys we need to decrypt at
+ // least one of them or, if we cannot, we need to call the prompt
+ // function so that it can decrypt a key or give us a passphrase.
+FindKey:
+ for {
+ // See if any of the keys already have a private key available
+ candidates = candidates[:0]
+ candidateFingerprints := make(map[string]bool)
+
+ for _, pk := range pubKeys {
+ if pk.key.PrivateKey == nil {
+ continue
+ }
+ if !pk.key.PrivateKey.Encrypted {
+ if len(pk.encryptedKey.Key) == 0 {
+ errDec := pk.encryptedKey.Decrypt(pk.key.PrivateKey, config)
+ if errDec != nil {
+ continue
+ }
+ }
+ // Try to decrypt symmetrically encrypted
+ decrypted, err = edp.Decrypt(pk.encryptedKey.CipherFunc, pk.encryptedKey.Key)
+ if err != nil && err != errors.ErrKeyIncorrect {
+ return nil, err
+ }
+ if decrypted != nil {
+ md.DecryptedWith = pk.key
+ break FindKey
+ }
+ } else {
+ fpr := string(pk.key.PublicKey.Fingerprint[:])
+ if v := candidateFingerprints[fpr]; v {
+ continue
+ }
+ candidates = append(candidates, pk.key)
+ candidateFingerprints[fpr] = true
+ }
+ }
+
+ if len(candidates) == 0 && len(symKeys) == 0 {
+ return nil, errors.ErrKeyIncorrect
+ }
+
+ if prompt == nil {
+ return nil, errors.ErrKeyIncorrect
+ }
+
+ passphrase, err := prompt(candidates, len(symKeys) != 0)
+ if err != nil {
+ return nil, err
+ }
+
+ // Try the symmetric passphrase first
+ if len(symKeys) != 0 && passphrase != nil {
+ for _, s := range symKeys {
+ key, cipherFunc, err := s.Decrypt(passphrase)
+ // In v4, on wrong passphrase, session key decryption is very likely to result in an invalid cipherFunc:
+ // only for < 5% of cases we will proceed to decrypt the data
+ if err == nil {
+ decrypted, err = edp.Decrypt(cipherFunc, key)
+ if err != nil {
+ return nil, err
+ }
+ if decrypted != nil {
+ break FindKey
+ }
+ }
+ }
+ }
+ }
+
+ md.decrypted = decrypted
+ if err := packets.Push(decrypted); err != nil {
+ return nil, err
+ }
+ mdFinal, sensitiveParsingErr := readSignedMessage(packets, md, keyring, config)
+ if sensitiveParsingErr != nil {
+ return nil, errors.HandleSensitiveParsingError(sensitiveParsingErr, md.decrypted != nil)
+ }
+ return mdFinal, nil
+}
+
+// readSignedMessage reads a possibly signed message if mdin is non-zero then
+// that structure is updated and returned. Otherwise a fresh MessageDetails is
+// used.
+func readSignedMessage(packets *packet.Reader, mdin *MessageDetails, keyring KeyRing, config *packet.Config) (md *MessageDetails, err error) {
+ if mdin == nil {
+ mdin = new(MessageDetails)
+ }
+ md = mdin
+
+ var p packet.Packet
+ var h hash.Hash
+ var wrappedHash hash.Hash
+ var prevLast bool
+FindLiteralData:
+ for {
+ p, err = packets.Next()
+ if err != nil {
+ return nil, err
+ }
+ switch p := p.(type) {
+ case *packet.Compressed:
+ if err := packets.Push(p.Body); err != nil {
+ return nil, err
+ }
+ case *packet.OnePassSignature:
+ if prevLast {
+ return nil, errors.UnsupportedError("nested signature packets")
+ }
+
+ if p.IsLast {
+ prevLast = true
+ }
+
+ h, wrappedHash, err = hashForSignature(p.Hash, p.SigType, p.Salt)
+ if err != nil {
+ md.SignatureError = err
+ }
+
+ md.IsSigned = true
+ if p.Version == 6 {
+ md.SignedByFingerprint = p.KeyFingerprint
+ }
+ md.SignedByKeyId = p.KeyId
+
+ if keyring != nil {
+ keys := keyring.KeysByIdUsage(p.KeyId, packet.KeyFlagSign)
+ if len(keys) > 0 {
+ md.SignedBy = &keys[0]
+ }
+ }
+ case *packet.LiteralData:
+ md.LiteralData = p
+ break FindLiteralData
+ }
+ }
+
+ if md.IsSigned && md.SignatureError == nil {
+ md.UnverifiedBody = &signatureCheckReader{packets, h, wrappedHash, md, config}
+ } else if md.decrypted != nil {
+ md.UnverifiedBody = &checkReader{md, false}
+ } else {
+ md.UnverifiedBody = md.LiteralData.Body
+ }
+
+ return md, nil
+}
+
+func wrapHashForSignature(hashFunc hash.Hash, sigType packet.SignatureType) (hash.Hash, error) {
+ switch sigType {
+ case packet.SigTypeBinary:
+ return hashFunc, nil
+ case packet.SigTypeText:
+ return NewCanonicalTextHash(hashFunc), nil
+ }
+ return nil, errors.UnsupportedError("unsupported signature type: " + strconv.Itoa(int(sigType)))
+}
+
+// hashForSignature returns a pair of hashes that can be used to verify a
+// signature. The signature may specify that the contents of the signed message
+// should be preprocessed (i.e. to normalize line endings). Thus this function
+// returns two hashes. The second should be used to hash the message itself and
+// performs any needed preprocessing.
+func hashForSignature(hashFunc crypto.Hash, sigType packet.SignatureType, sigSalt []byte) (hash.Hash, hash.Hash, error) {
+ if _, ok := algorithm.HashToHashIdWithSha1(hashFunc); !ok {
+ return nil, nil, errors.UnsupportedError("unsupported hash function")
+ }
+ if !hashFunc.Available() {
+ return nil, nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashFunc)))
+ }
+ h := hashFunc.New()
+ if sigSalt != nil {
+ h.Write(sigSalt)
+ }
+ wrappedHash, err := wrapHashForSignature(h, sigType)
+ if err != nil {
+ return nil, nil, err
+ }
+ switch sigType {
+ case packet.SigTypeBinary:
+ return h, wrappedHash, nil
+ case packet.SigTypeText:
+ return h, wrappedHash, nil
+ }
+ return nil, nil, errors.UnsupportedError("unsupported signature type: " + strconv.Itoa(int(sigType)))
+}
+
+// checkReader wraps an io.Reader from a LiteralData packet. When it sees EOF
+// it closes the ReadCloser from any SymmetricallyEncrypted packet to trigger
+// MDC checks.
+type checkReader struct {
+ md *MessageDetails
+ checked bool
+}
+
+func (cr *checkReader) Read(buf []byte) (int, error) {
+ n, sensitiveParsingError := cr.md.LiteralData.Body.Read(buf)
+ if sensitiveParsingError == io.EOF {
+ if cr.checked {
+ // Only check once
+ return n, io.EOF
+ }
+ mdcErr := cr.md.decrypted.Close()
+ if mdcErr != nil {
+ return n, mdcErr
+ }
+ cr.checked = true
+ return n, io.EOF
+ }
+
+ if sensitiveParsingError != nil {
+ return n, errors.HandleSensitiveParsingError(sensitiveParsingError, true)
+ }
+
+ return n, nil
+}
+
+// signatureCheckReader wraps an io.Reader from a LiteralData packet and hashes
+// the data as it is read. When it sees an EOF from the underlying io.Reader
+// it parses and checks a trailing Signature packet and triggers any MDC checks.
+type signatureCheckReader struct {
+ packets *packet.Reader
+ h, wrappedHash hash.Hash
+ md *MessageDetails
+ config *packet.Config
+}
+
+func (scr *signatureCheckReader) Read(buf []byte) (int, error) {
+ n, sensitiveParsingError := scr.md.LiteralData.Body.Read(buf)
+
+ // Hash only if required
+ if scr.md.SignedBy != nil {
+ scr.wrappedHash.Write(buf[:n])
+ }
+
+ readsDecryptedData := scr.md.decrypted != nil
+ if sensitiveParsingError == io.EOF {
+ var p packet.Packet
+ var readError error
+ var sig *packet.Signature
+
+ p, readError = scr.packets.Next()
+ for readError == nil {
+ var ok bool
+ if sig, ok = p.(*packet.Signature); ok {
+ if sig.Version == 5 && (sig.SigType == 0x00 || sig.SigType == 0x01) {
+ sig.Metadata = scr.md.LiteralData
+ }
+
+ // If signature KeyID matches
+ if scr.md.SignedBy != nil && *sig.IssuerKeyId == scr.md.SignedByKeyId {
+ key := scr.md.SignedBy
+ signatureError := key.PublicKey.VerifySignature(scr.h, sig)
+ if signatureError == nil {
+ signatureError = checkMessageSignatureDetails(key, sig, scr.config)
+ }
+ scr.md.Signature = sig
+ scr.md.SignatureError = signatureError
+ } else {
+ scr.md.UnverifiedSignatures = append(scr.md.UnverifiedSignatures, sig)
+ }
+ }
+
+ p, readError = scr.packets.Next()
+ }
+
+ if scr.md.SignedBy != nil && scr.md.Signature == nil {
+ if scr.md.UnverifiedSignatures == nil {
+ scr.md.SignatureError = errors.StructuralError("LiteralData not followed by signature")
+ } else {
+ scr.md.SignatureError = errors.StructuralError("No matching signature found")
+ }
+ }
+
+ // The SymmetricallyEncrypted packet, if any, might have an
+ // unsigned hash of its own. In order to check this we need to
+ // close that Reader.
+ if scr.md.decrypted != nil {
+ if sensitiveParsingError := scr.md.decrypted.Close(); sensitiveParsingError != nil {
+ return n, errors.HandleSensitiveParsingError(sensitiveParsingError, true)
+ }
+ }
+ return n, io.EOF
+ }
+
+ if sensitiveParsingError != nil {
+ return n, errors.HandleSensitiveParsingError(sensitiveParsingError, readsDecryptedData)
+ }
+
+ return n, nil
+}
+
+// VerifyDetachedSignature takes a signed file and a detached signature and
+// returns the signature packet and the entity the signature was signed by,
+// if any, and a possible signature verification error.
+// If the signer isn't known, ErrUnknownIssuer is returned.
+func VerifyDetachedSignature(keyring KeyRing, signed, signature io.Reader, config *packet.Config) (sig *packet.Signature, signer *Entity, err error) {
+ return verifyDetachedSignature(keyring, signed, signature, nil, false, config)
+}
+
+// VerifyDetachedSignatureAndHash performs the same actions as
+// VerifyDetachedSignature and checks that the expected hash functions were used.
+func VerifyDetachedSignatureAndHash(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, config *packet.Config) (sig *packet.Signature, signer *Entity, err error) {
+ return verifyDetachedSignature(keyring, signed, signature, expectedHashes, true, config)
+}
+
+// CheckDetachedSignature takes a signed file and a detached signature and
+// returns the entity the signature was signed by, if any, and a possible
+// signature verification error. If the signer isn't known,
+// ErrUnknownIssuer is returned.
+func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader, config *packet.Config) (signer *Entity, err error) {
+ _, signer, err = verifyDetachedSignature(keyring, signed, signature, nil, false, config)
+ return
+}
+
+// CheckDetachedSignatureAndHash performs the same actions as
+// CheckDetachedSignature and checks that the expected hash functions were used.
+func CheckDetachedSignatureAndHash(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, config *packet.Config) (signer *Entity, err error) {
+ _, signer, err = verifyDetachedSignature(keyring, signed, signature, expectedHashes, true, config)
+ return
+}
+
+func verifyDetachedSignature(keyring KeyRing, signed, signature io.Reader, expectedHashes []crypto.Hash, checkHashes bool, config *packet.Config) (sig *packet.Signature, signer *Entity, err error) {
+ var issuerKeyId uint64
+ var hashFunc crypto.Hash
+ var sigType packet.SignatureType
+ var keys []Key
+ var p packet.Packet
+
+ packets := packet.NewReader(signature)
+ for {
+ p, err = packets.Next()
+ if err == io.EOF {
+ return nil, nil, errors.ErrUnknownIssuer
+ }
+ if err != nil {
+ return nil, nil, err
+ }
+
+ var ok bool
+ sig, ok = p.(*packet.Signature)
+ if !ok {
+ return nil, nil, errors.StructuralError("non signature packet found")
+ }
+ if sig.IssuerKeyId == nil {
+ return nil, nil, errors.StructuralError("signature doesn't have an issuer")
+ }
+ issuerKeyId = *sig.IssuerKeyId
+ hashFunc = sig.Hash
+ sigType = sig.SigType
+ if checkHashes {
+ matchFound := false
+ // check for hashes
+ for _, expectedHash := range expectedHashes {
+ if hashFunc == expectedHash {
+ matchFound = true
+ break
+ }
+ }
+ if !matchFound {
+ return nil, nil, errors.StructuralError("hash algorithm or salt mismatch with cleartext message headers")
+ }
+ }
+ keys = keyring.KeysByIdUsage(issuerKeyId, packet.KeyFlagSign)
+ if len(keys) > 0 {
+ break
+ }
+ }
+
+ if len(keys) == 0 {
+ panic("unreachable")
+ }
+
+ h, err := sig.PrepareVerify()
+ if err != nil {
+ return nil, nil, err
+ }
+ wrappedHash, err := wrapHashForSignature(h, sigType)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ if _, err := io.Copy(wrappedHash, signed); err != nil && err != io.EOF {
+ return nil, nil, err
+ }
+
+ for _, key := range keys {
+ err = key.PublicKey.VerifySignature(h, sig)
+ if err == nil {
+ return sig, key.Entity, checkMessageSignatureDetails(&key, sig, config)
+ }
+ }
+
+ return nil, nil, err
+}
+
+// CheckArmoredDetachedSignature performs the same actions as
+// CheckDetachedSignature but expects the signature to be armored.
+func CheckArmoredDetachedSignature(keyring KeyRing, signed, signature io.Reader, config *packet.Config) (signer *Entity, err error) {
+ body, err := readArmored(signature, SignatureType)
+ if err != nil {
+ return
+ }
+
+ return CheckDetachedSignature(keyring, signed, body, config)
+}
+
+// checkMessageSignatureDetails returns an error if:
+// - The signature (or one of the binding signatures mentioned below)
+// has a unknown critical notation data subpacket
+// - The primary key of the signing entity is revoked
+// - The primary identity is revoked
+// - The signature is expired
+// - The primary key of the signing entity is expired according to the
+// primary identity binding signature
+//
+// ... or, if the signature was signed by a subkey and:
+// - The signing subkey is revoked
+// - The signing subkey is expired according to the subkey binding signature
+// - The signing subkey binding signature is expired
+// - The signing subkey cross-signature is expired
+//
+// NOTE: The order of these checks is important, as the caller may choose to
+// ignore ErrSignatureExpired or ErrKeyExpired errors, but should never
+// ignore any other errors.
+func checkMessageSignatureDetails(key *Key, signature *packet.Signature, config *packet.Config) error {
+ now := config.Now()
+ primarySelfSignature, primaryIdentity := key.Entity.PrimarySelfSignature()
+ signedBySubKey := key.PublicKey != key.Entity.PrimaryKey
+ sigsToCheck := []*packet.Signature{signature, primarySelfSignature}
+ if signedBySubKey {
+ sigsToCheck = append(sigsToCheck, key.SelfSignature, key.SelfSignature.EmbeddedSignature)
+ }
+ for _, sig := range sigsToCheck {
+ for _, notation := range sig.Notations {
+ if notation.IsCritical && !config.KnownNotation(notation.Name) {
+ return errors.SignatureError("unknown critical notation: " + notation.Name)
+ }
+ }
+ }
+ if key.Entity.Revoked(now) || // primary key is revoked
+ (signedBySubKey && key.Revoked(now)) || // subkey is revoked
+ (primaryIdentity != nil && primaryIdentity.Revoked(now)) { // primary identity is revoked for v4
+ return errors.ErrKeyRevoked
+ }
+ if key.Entity.PrimaryKey.KeyExpired(primarySelfSignature, now) { // primary key is expired
+ return errors.ErrKeyExpired
+ }
+ if signedBySubKey {
+ if key.PublicKey.KeyExpired(key.SelfSignature, now) { // subkey is expired
+ return errors.ErrKeyExpired
+ }
+ }
+ for _, sig := range sigsToCheck {
+ if sig.SigExpired(now) { // any of the relevant signatures are expired
+ return errors.ErrSignatureExpired
+ }
+ }
+ return nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/read_write_test_data.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/read_write_test_data.go
new file mode 100644
index 0000000000000000000000000000000000000000..670d60226a4b95400642c36d09368be93dcde7ce
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/read_write_test_data.go
@@ -0,0 +1,457 @@
+package openpgp
+
+const testKey1KeyId uint64 = 0xA34D7E18C20C31BB
+const testKey3KeyId uint64 = 0x338934250CCC0360
+const testKeyP256KeyId uint64 = 0xd44a2c495918513e
+
+const signedInput = "Signed message\nline 2\nline 3\n"
+const signedTextInput = "Signed message\r\nline 2\r\nline 3\r\n"
+
+const recipientUnspecifiedHex = "848c0300000000000000000103ff62d4d578d03cf40c3da998dfe216c074fa6ddec5e31c197c9666ba292830d91d18716a80f699f9d897389a90e6d62d0238f5f07a5248073c0f24920e4bc4a30c2d17ee4e0cae7c3d4aaa4e8dced50e3010a80ee692175fa0385f62ecca4b56ee6e9980aa3ec51b61b077096ac9e800edaf161268593eedb6cc7027ff5cb32745d250010d407a6221ae22ef18469b444f2822478c4d190b24d36371a95cb40087cdd42d9399c3d06a53c0673349bfb607927f20d1e122bde1e2bf3aa6cae6edf489629bcaa0689539ae3b718914d88ededc3b"
+
+const detachedSignatureHex = "889c04000102000605024d449cd1000a0910a34d7e18c20c31bb167603ff57718d09f28a519fdc7b5a68b6a3336da04df85e38c5cd5d5bd2092fa4629848a33d85b1729402a2aab39c3ac19f9d573f773cc62c264dc924c067a79dfd8a863ae06c7c8686120760749f5fd9b1e03a64d20a7df3446ddc8f0aeadeaeba7cbaee5c1e366d65b6a0c6cc749bcb912d2f15013f812795c2e29eb7f7b77f39ce77"
+
+const detachedSignatureTextHex = "889c04010102000605024d449d21000a0910a34d7e18c20c31bbc8c60400a24fbef7342603a41cb1165767bd18985d015fb72fe05db42db36cfb2f1d455967f1e491194fbf6cf88146222b23bf6ffbd50d17598d976a0417d3192ff9cc0034fd00f287b02e90418bbefe609484b09231e4e7a5f3562e199bf39909ab5276c4d37382fe088f6b5c3426fc1052865da8b3ab158672d58b6264b10823dc4b39"
+
+const detachedSignatureDSAHex = "884604001102000605024d6c4eac000a0910338934250ccc0360f18d00a087d743d6405ed7b87755476629600b8b694a39e900a0abff8126f46faf1547c1743c37b21b4ea15b8f83"
+
+const detachedSignatureP256Hex = "885e0400130a0006050256e5bb00000a0910d44a2c495918513edef001009841a4f792beb0befccb35c8838a6a87d9b936beaa86db6745ddc7b045eee0cf00fd1ac1f78306b17e965935dd3f8bae4587a76587e4af231efe19cc4011a8434817"
+
+// The plaintext is https://www.gutenberg.org/cache/epub/1080/pg1080.txt
+const modestProposalSha512 = "lbbrB1+WP3T9AaC9OQqBdOcCjgeEQadlulXsNPgVx0tyqPzDHwUugZ2gE7V0ESKAw6kAVfgkcuvfgxAAGaeHtw=="
+
+const testKeys1And2Hex = "988d044d3c5c10010400b1d13382944bd5aba23a4312968b5095d14f947f600eb478e14a6fcb16b0e0cac764884909c020bc495cfcc39a935387c661507bdb236a0612fb582cac3af9b29cc2c8c70090616c41b662f4da4c1201e195472eb7f4ae1ccbcbf9940fe21d985e379a5563dde5b9a23d35f1cfaa5790da3b79db26f23695107bfaca8e7b5bcd0011010001b41054657374204b6579203120285253412988b804130102002205024d3c5c10021b03060b090807030206150802090a0b0416020301021e01021780000a0910a34d7e18c20c31bbb5b304009cc45fe610b641a2c146331be94dade0a396e73ca725e1b25c21708d9cab46ecca5ccebc23055879df8f99eea39b377962a400f2ebdc36a7c99c333d74aeba346315137c3ff9d0a09b0273299090343048afb8107cf94cbd1400e3026f0ccac7ecebbc4d78588eb3e478fe2754d3ca664bcf3eac96ca4a6b0c8d7df5102f60f6b0020003b88d044d3c5c10010400b201df61d67487301f11879d514f4248ade90c8f68c7af1284c161098de4c28c2850f1ec7b8e30f959793e571542ffc6532189409cb51c3d30dad78c4ad5165eda18b20d9826d8707d0f742e2ab492103a85bbd9ddf4f5720f6de7064feb0d39ee002219765bb07bcfb8b877f47abe270ddeda4f676108cecb6b9bb2ad484a4f0011010001889f04180102000905024d3c5c10021b0c000a0910a34d7e18c20c31bb1a03040085c8d62e16d05dc4e9dad64953c8a2eed8b6c12f92b1575eeaa6dcf7be9473dd5b24b37b6dffbb4e7c99ed1bd3cb11634be19b3e6e207bed7505c7ca111ccf47cb323bf1f8851eb6360e8034cbff8dd149993c959de89f8f77f38e7e98b8e3076323aa719328e2b408db5ec0d03936efd57422ba04f925cdc7b4c1af7590e40ab0020003988d044d3c5c33010400b488c3e5f83f4d561f317817538d9d0397981e9aef1321ca68ebfae1cf8b7d388e19f4b5a24a82e2fbbf1c6c26557a6c5845307a03d815756f564ac7325b02bc83e87d5480a8fae848f07cb891f2d51ce7df83dcafdc12324517c86d472cc0ee10d47a68fd1d9ae49a6c19bbd36d82af597a0d88cc9c49de9df4e696fc1f0b5d0011010001b42754657374204b6579203220285253412c20656e637279707465642070726976617465206b65792988b804130102002205024d3c5c33021b03060b090807030206150802090a0b0416020301021e01021780000a0910d4984f961e35246b98940400908a73b6a6169f700434f076c6c79015a49bee37130eaf23aaa3cfa9ce60bfe4acaa7bc95f1146ada5867e0079babb38804891f4f0b8ebca57a86b249dee786161a755b7a342e68ccf3f78ed6440a93a6626beb9a37aa66afcd4f888790cb4bb46d94a4ae3eb3d7d3e6b00f6bfec940303e89ec5b32a1eaaacce66497d539328b0020003b88d044d3c5c33010400a4e913f9442abcc7f1804ccab27d2f787ffa592077ca935a8bb23165bd8d57576acac647cc596b2c3f814518cc8c82953c7a4478f32e0cf645630a5ba38d9618ef2bc3add69d459ae3dece5cab778938d988239f8c5ae437807075e06c828019959c644ff05ef6a5a1dab72227c98e3a040b0cf219026640698d7a13d8538a570011010001889f04180102000905024d3c5c33021b0c000a0910d4984f961e35246b26c703ff7ee29ef53bc1ae1ead533c408fa136db508434e233d6e62be621e031e5940bbd4c08142aed0f82217e7c3e1ec8de574bc06ccf3c36633be41ad78a9eacd209f861cae7b064100758545cc9dd83db71806dc1cfd5fb9ae5c7474bba0c19c44034ae61bae5eca379383339dece94ff56ff7aa44a582f3e5c38f45763af577c0934b0020003"
+
+const testKeys1And2PrivateHex = "9501d8044d3c5c10010400b1d13382944bd5aba23a4312968b5095d14f947f600eb478e14a6fcb16b0e0cac764884909c020bc495cfcc39a935387c661507bdb236a0612fb582cac3af9b29cc2c8c70090616c41b662f4da4c1201e195472eb7f4ae1ccbcbf9940fe21d985e379a5563dde5b9a23d35f1cfaa5790da3b79db26f23695107bfaca8e7b5bcd00110100010003ff4d91393b9a8e3430b14d6209df42f98dc927425b881f1209f319220841273a802a97c7bdb8b3a7740b3ab5866c4d1d308ad0d3a79bd1e883aacf1ac92dfe720285d10d08752a7efe3c609b1d00f17f2805b217be53999a7da7e493bfc3e9618fd17018991b8128aea70a05dbce30e4fbe626aa45775fa255dd9177aabf4df7cf0200c1ded12566e4bc2bb590455e5becfb2e2c9796482270a943343a7835de41080582c2be3caf5981aa838140e97afa40ad652a0b544f83eb1833b0957dce26e47b0200eacd6046741e9ce2ec5beb6fb5e6335457844fb09477f83b050a96be7da043e17f3a9523567ed40e7a521f818813a8b8a72209f1442844843ccc7eb9805442570200bdafe0438d97ac36e773c7162028d65844c4d463e2420aa2228c6e50dc2743c3d6c72d0d782a5173fe7be2169c8a9f4ef8a7cf3e37165e8c61b89c346cdc6c1799d2b41054657374204b6579203120285253412988b804130102002205024d3c5c10021b03060b090807030206150802090a0b0416020301021e01021780000a0910a34d7e18c20c31bbb5b304009cc45fe610b641a2c146331be94dade0a396e73ca725e1b25c21708d9cab46ecca5ccebc23055879df8f99eea39b377962a400f2ebdc36a7c99c333d74aeba346315137c3ff9d0a09b0273299090343048afb8107cf94cbd1400e3026f0ccac7ecebbc4d78588eb3e478fe2754d3ca664bcf3eac96ca4a6b0c8d7df5102f60f6b00200009d01d8044d3c5c10010400b201df61d67487301f11879d514f4248ade90c8f68c7af1284c161098de4c28c2850f1ec7b8e30f959793e571542ffc6532189409cb51c3d30dad78c4ad5165eda18b20d9826d8707d0f742e2ab492103a85bbd9ddf4f5720f6de7064feb0d39ee002219765bb07bcfb8b877f47abe270ddeda4f676108cecb6b9bb2ad484a4f00110100010003fd17a7490c22a79c59281fb7b20f5e6553ec0c1637ae382e8adaea295f50241037f8997cf42c1ce26417e015091451b15424b2c59eb8d4161b0975630408e394d3b00f88d4b4e18e2cc85e8251d4753a27c639c83f5ad4a571c4f19d7cd460b9b73c25ade730c99df09637bd173d8e3e981ac64432078263bb6dc30d3e974150dd0200d0ee05be3d4604d2146fb0457f31ba17c057560785aa804e8ca5530a7cd81d3440d0f4ba6851efcfd3954b7e68908fc0ba47f7ac37bf559c6c168b70d3a7c8cd0200da1c677c4bce06a068070f2b3733b0a714e88d62aa3f9a26c6f5216d48d5c2b5624144f3807c0df30be66b3268eeeca4df1fbded58faf49fc95dc3c35f134f8b01fd1396b6c0fc1b6c4f0eb8f5e44b8eace1e6073e20d0b8bc5385f86f1cf3f050f66af789f3ef1fc107b7f4421e19e0349c730c68f0a226981f4e889054fdb4dc149e8e889f04180102000905024d3c5c10021b0c000a0910a34d7e18c20c31bb1a03040085c8d62e16d05dc4e9dad64953c8a2eed8b6c12f92b1575eeaa6dcf7be9473dd5b24b37b6dffbb4e7c99ed1bd3cb11634be19b3e6e207bed7505c7ca111ccf47cb323bf1f8851eb6360e8034cbff8dd149993c959de89f8f77f38e7e98b8e3076323aa719328e2b408db5ec0d03936efd57422ba04f925cdc7b4c1af7590e40ab00200009501fe044d3c5c33010400b488c3e5f83f4d561f317817538d9d0397981e9aef1321ca68ebfae1cf8b7d388e19f4b5a24a82e2fbbf1c6c26557a6c5845307a03d815756f564ac7325b02bc83e87d5480a8fae848f07cb891f2d51ce7df83dcafdc12324517c86d472cc0ee10d47a68fd1d9ae49a6c19bbd36d82af597a0d88cc9c49de9df4e696fc1f0b5d0011010001fe030302e9030f3c783e14856063f16938530e148bc57a7aa3f3e4f90df9dceccdc779bc0835e1ad3d006e4a8d7b36d08b8e0de5a0d947254ecfbd22037e6572b426bcfdc517796b224b0036ff90bc574b5509bede85512f2eefb520fb4b02aa523ba739bff424a6fe81c5041f253f8d757e69a503d3563a104d0d49e9e890b9d0c26f96b55b743883b472caa7050c4acfd4a21f875bdf1258d88bd61224d303dc9df77f743137d51e6d5246b88c406780528fd9a3e15bab5452e5b93970d9dcc79f48b38651b9f15bfbcf6da452837e9cc70683d1bdca94507870f743e4ad902005812488dd342f836e72869afd00ce1850eea4cfa53ce10e3608e13d3c149394ee3cbd0e23d018fcbcb6e2ec5a1a22972d1d462ca05355d0d290dd2751e550d5efb38c6c89686344df64852bf4ff86638708f644e8ec6bd4af9b50d8541cb91891a431326ab2e332faa7ae86cfb6e0540aa63160c1e5cdd5a4add518b303fff0a20117c6bc77f7cfbaf36b04c865c6c2b42754657374204b6579203220285253412c20656e637279707465642070726976617465206b65792988b804130102002205024d3c5c33021b03060b090807030206150802090a0b0416020301021e01021780000a0910d4984f961e35246b98940400908a73b6a6169f700434f076c6c79015a49bee37130eaf23aaa3cfa9ce60bfe4acaa7bc95f1146ada5867e0079babb38804891f4f0b8ebca57a86b249dee786161a755b7a342e68ccf3f78ed6440a93a6626beb9a37aa66afcd4f888790cb4bb46d94a4ae3eb3d7d3e6b00f6bfec940303e89ec5b32a1eaaacce66497d539328b00200009d01fe044d3c5c33010400a4e913f9442abcc7f1804ccab27d2f787ffa592077ca935a8bb23165bd8d57576acac647cc596b2c3f814518cc8c82953c7a4478f32e0cf645630a5ba38d9618ef2bc3add69d459ae3dece5cab778938d988239f8c5ae437807075e06c828019959c644ff05ef6a5a1dab72227c98e3a040b0cf219026640698d7a13d8538a570011010001fe030302e9030f3c783e148560f936097339ae381d63116efcf802ff8b1c9360767db5219cc987375702a4123fd8657d3e22700f23f95020d1b261eda5257e9a72f9a918e8ef22dd5b3323ae03bbc1923dd224db988cadc16acc04b120a9f8b7e84da9716c53e0334d7b66586ddb9014df604b41be1e960dcfcbc96f4ed150a1a0dd070b9eb14276b9b6be413a769a75b519a53d3ecc0c220e85cd91ca354d57e7344517e64b43b6e29823cbd87eae26e2b2e78e6dedfbb76e3e9f77bcb844f9a8932eb3db2c3f9e44316e6f5d60e9e2a56e46b72abe6b06dc9a31cc63f10023d1f5e12d2a3ee93b675c96f504af0001220991c88db759e231b3320dcedf814dcf723fd9857e3d72d66a0f2af26950b915abdf56c1596f46a325bf17ad4810d3535fb02a259b247ac3dbd4cc3ecf9c51b6c07cebb009c1506fba0a89321ec8683e3fd009a6e551d50243e2d5092fefb3321083a4bad91320dc624bd6b5dddf93553e3d53924c05bfebec1fb4bd47e89a1a889f04180102000905024d3c5c33021b0c000a0910d4984f961e35246b26c703ff7ee29ef53bc1ae1ead533c408fa136db508434e233d6e62be621e031e5940bbd4c08142aed0f82217e7c3e1ec8de574bc06ccf3c36633be41ad78a9eacd209f861cae7b064100758545cc9dd83db71806dc1cfd5fb9ae5c7474bba0c19c44034ae61bae5eca379383339dece94ff56ff7aa44a582f3e5c38f45763af577c0934b0020000"
+
+const dsaElGamalTestKeysHex = "9501e1044dfcb16a110400aa3e5c1a1f43dd28c2ffae8abf5cfce555ee874134d8ba0a0f7b868ce2214beddc74e5e1e21ded354a95d18acdaf69e5e342371a71fbb9093162e0c5f3427de413a7f2c157d83f5cd2f9d791256dc4f6f0e13f13c3302af27f2384075ab3021dff7a050e14854bbde0a1094174855fc02f0bae8e00a340d94a1f22b32e48485700a0cec672ac21258fb95f61de2ce1af74b2c4fa3e6703ff698edc9be22c02ae4d916e4fa223f819d46582c0516235848a77b577ea49018dcd5e9e15cff9dbb4663a1ae6dd7580fa40946d40c05f72814b0f88481207e6c0832c3bded4853ebba0a7e3bd8e8c66df33d5a537cd4acf946d1080e7a3dcea679cb2b11a72a33a2b6a9dc85f466ad2ddf4c3db6283fa645343286971e3dd700703fc0c4e290d45767f370831a90187e74e9972aae5bff488eeff7d620af0362bfb95c1a6c3413ab5d15a2e4139e5d07a54d72583914661ed6a87cce810be28a0aa8879a2dd39e52fb6fe800f4f181ac7e328f740cde3d09a05cecf9483e4cca4253e60d4429ffd679d9996a520012aad119878c941e3cf151459873bdfc2a9563472fe0303027a728f9feb3b864260a1babe83925ce794710cfd642ee4ae0e5b9d74cee49e9c67b6cd0ea5dfbb582132195a121356a1513e1bca73e5b80c58c7ccb4164453412f456c47616d616c2054657374204b65792031886204131102002205024dfcb16a021b03060b090807030206150802090a0b0416020301021e01021780000a091033af447ccd759b09fadd00a0b8fd6f5a790bad7e9f2dbb7632046dc4493588db009c087c6a9ba9f7f49fab221587a74788c00db4889ab00200009d0157044dfcb16a1004008dec3f9291205255ccff8c532318133a6840739dd68b03ba942676f9038612071447bf07d00d559c5c0875724ea16a4c774f80d8338b55fca691a0522e530e604215b467bbc9ccfd483a1da99d7bc2648b4318fdbd27766fc8bfad3fddb37c62b8ae7ccfe9577e9b8d1e77c1d417ed2c2ef02d52f4da11600d85d3229607943700030503ff506c94c87c8cab778e963b76cf63770f0a79bf48fb49d3b4e52234620fc9f7657f9f8d56c96a2b7c7826ae6b57ebb2221a3fe154b03b6637cea7e6d98e3e45d87cf8dc432f723d3d71f89c5192ac8d7290684d2c25ce55846a80c9a7823f6acd9bb29fa6cd71f20bc90eccfca20451d0c976e460e672b000df49466408d527affe0303027a728f9feb3b864260abd761730327bca2aaa4ea0525c175e92bf240682a0e83b226f97ecb2e935b62c9a133858ce31b271fa8eb41f6a1b3cd72a63025ce1a75ee4180dcc284884904181102000905024dfcb16a021b0c000a091033af447ccd759b09dd0b009e3c3e7296092c81bee5a19929462caaf2fff3ae26009e218c437a2340e7ea628149af1ec98ec091a43992b00200009501e1044dfcb1be1104009f61faa61aa43df75d128cbe53de528c4aec49ce9360c992e70c77072ad5623de0a3a6212771b66b39a30dad6781799e92608316900518ec01184a85d872365b7d2ba4bacfb5882ea3c2473d3750dc6178cc1cf82147fb58caa28b28e9f12f6d1efcb0534abed644156c91cca4ab78834268495160b2400bc422beb37d237c2300a0cac94911b6d493bda1e1fbc6feeca7cb7421d34b03fe22cec6ccb39675bb7b94a335c2b7be888fd3906a1125f33301d8aa6ec6ee6878f46f73961c8d57a3e9544d8ef2a2cbfd4d52da665b1266928cfe4cb347a58c412815f3b2d2369dec04b41ac9a71cc9547426d5ab941cccf3b18575637ccfb42df1a802df3cfe0a999f9e7109331170e3a221991bf868543960f8c816c28097e503fe319db10fb98049f3a57d7c80c420da66d56f3644371631fad3f0ff4040a19a4fedc2d07727a1b27576f75a4d28c47d8246f27071e12d7a8de62aad216ddbae6aa02efd6b8a3e2818cda48526549791ab277e447b3a36c57cefe9b592f5eab73959743fcc8e83cbefec03a329b55018b53eec196765ae40ef9e20521a603c551efe0303020950d53a146bf9c66034d00c23130cce95576a2ff78016ca471276e8227fb30b1ffbd92e61804fb0c3eff9e30b1a826ee8f3e4730b4d86273ca977b4164453412f456c47616d616c2054657374204b65792032886204131102002205024dfcb1be021b03060b090807030206150802090a0b0416020301021e01021780000a0910a86bf526325b21b22bd9009e34511620415c974750a20df5cb56b182f3b48e6600a0a9466cb1a1305a84953445f77d461593f1d42bc1b00200009d0157044dfcb1be1004009565a951da1ee87119d600c077198f1c1bceb0f7aa54552489298e41ff788fa8f0d43a69871f0f6f77ebdfb14a4260cf9fbeb65d5844b4272a1904dd95136d06c3da745dc46327dd44a0f16f60135914368c8039a34033862261806bb2c5ce1152e2840254697872c85441ccb7321431d75a747a4bfb1d2c66362b51ce76311700030503fc0ea76601c196768070b7365a200e6ddb09307f262d5f39eec467b5f5784e22abdf1aa49226f59ab37cb49969d8f5230ea65caf56015abda62604544ed526c5c522bf92bed178a078789f6c807b6d34885688024a5bed9e9f8c58d11d4b82487b44c5f470c5606806a0443b79cadb45e0f897a561a53f724e5349b9267c75ca17fe0303020950d53a146bf9c660bc5f4ce8f072465e2d2466434320c1e712272fafc20e342fe7608101580fa1a1a367e60486a7cd1246b7ef5586cf5e10b32762b710a30144f12dd17dd4884904181102000905024dfcb1be021b0c000a0910a86bf526325b21b2904c00a0b2b66b4b39ccffda1d10f3ea8d58f827e30a8b8e009f4255b2d8112a184e40cde43a34e8655ca7809370b0020000"
+
+const ed25519wX25519Key = "c54b0663877fe31b00000020f94da7bb48d60a61e567706a6587d0331999bb9d891a08242ead84543df895a3001972817b12be707e8d5f586ce61361201d344eb266a2c82fde6835762b65b0b7c2b1061f1b0a00000042058263877fe3030b090705150a0e080c021600029b03021e09222106cb186c4f0609a697e4d52dfa6c722b0c1f1e27c18a56708f6525ec27bad9acc905270902070200000000ad2820103e2d7d227ec0e6d7ce4471db36bfc97083253690271498a7ef0576c07faae14585b3b903b0127ec4fda2f023045a2ec76bcb4f9571a9651e14aee1137a1d668442c88f951e33c4ffd33fb9a17d511eed758fc6d9cc50cb5fd793b2039d5804c74b0663877fe319000000208693248367f9e5015db922f8f48095dda784987f2d5985b12fbad16caf5e4435004d600a4f794d44775c57a26e0feefed558e9afffd6ad0d582d57fb2ba2dcedb8c29b06181b0a0000002c050263877fe322a106cb186c4f0609a697e4d52dfa6c722b0c1f1e27c18a56708f6525ec27bad9acc9021b0c00000000defa20a6e9186d9d5935fc8fe56314cdb527486a5a5120f9b762a235a729f039010a56b89c658568341fbef3b894e9834ad9bc72afae2f4c9c47a43855e65f1cb0a3f77bbc5f61085c1f8249fe4e7ca59af5f0bcee9398e0fa8d76e522e1d8ab42bb0d"
+
+const signedMessageHex = "a3019bc0cbccc0c4b8d8b74ee2108fe16ec6d3ca490cbe362d3f8333d3f352531472538b8b13d353b97232f352158c20943157c71c16064626063656269052062e4e01987e9b6fccff4b7df3a34c534b23e679cbec3bc0f8f6e64dfb4b55fe3f8efa9ce110ddb5cd79faf1d753c51aecfa669f7e7aa043436596cccc3359cb7dd6bbe9ecaa69e5989d9e57209571edc0b2fa7f57b9b79a64ee6e99ce1371395fee92fec2796f7b15a77c386ff668ee27f6d38f0baa6c438b561657377bf6acff3c5947befd7bf4c196252f1d6e5c524d0300"
+
+const signedTextMessageHex = "a3019bc0cbccc8c4b8d8b74ee2108fe16ec6d36a250cbece0c178233d3f352531472538b8b13d35379b97232f352158ca0b4312f57c71c1646462606365626906a062e4e019811591798ff99bf8afee860b0d8a8c2a85c3387e3bcf0bb3b17987f2bbcfab2aa526d930cbfd3d98757184df3995c9f3e7790e36e3e9779f06089d4c64e9e47dd6202cb6e9bc73c5d11bb59fbaf89d22d8dc7cf199ddf17af96e77c5f65f9bbed56f427bd8db7af37f6c9984bf9385efaf5f184f986fb3e6adb0ecfe35bbf92d16a7aa2a344fb0bc52fb7624f0200"
+
+const signedEncryptedMessageHex = "c18c032a67d68660df41c70103ff5a84c9a72f80e74ef0384c2d6a9ebfe2b09e06a8f298394f6d2abf174e40934ab0ec01fb2d0ddf21211c6fe13eb238563663b017a6b44edca552eb4736c4b7dc6ed907dd9e12a21b51b64b46f902f76fb7aaf805c1db8070574d8d0431a23e324a750f77fb72340a17a42300ee4ca8207301e95a731da229a63ab9c6b44541fbd2c11d016d810b3b3b2b38f15b5b40f0a4910332829c2062f1f7cc61f5b03677d73c54cafa1004ced41f315d46444946faae571d6f426e6dbd45d9780eb466df042005298adabf7ce0ef766dfeb94cd449c7ed0046c880339599c4711af073ce649b1e237c40b50a5536283e03bdbb7afad78bd08707715c67fb43295f905b4c479178809d429a8e167a9a8c6dfd8ab20b4edebdc38d6dec879a3202e1b752690d9bb5b0c07c5a227c79cc200e713a99251a4219d62ad5556900cf69bd384b6c8e726c7be267471d0d23af956da165af4af757246c2ebcc302b39e8ef2fccb4971b234fcda22d759ddb20e27269ee7f7fe67898a9de721bfa02ab0becaa046d00ea16cb1afc4e2eab40d0ac17121c565686e5cbd0cbdfbd9d6db5c70278b9c9db5a83176d04f61fbfbc4471d721340ede2746e5c312ded4f26787985af92b64fae3f253dbdde97f6a5e1996fd4d865599e32ff76325d3e9abe93184c02988ee89a4504356a4ef3b9b7a57cbb9637ca90af34a7676b9ef559325c3cca4e29d69fec1887f5440bb101361d744ad292a8547f22b4f22b419a42aa836169b89190f46d9560824cb2ac6e8771de8223216a5e647e132ab9eebcba89569ab339cb1c3d70fe806b31f4f4c600b4103b8d7583ebff16e43dcda551e6530f975122eb8b29"
+
+const verifiedSignatureEncryptedMessageHex = "c2b304000108000605026048f6d600210910a34d7e18c20c31bb1621045fb74b1d03b1e3cb31bc2f8aa34d7e18c20c31bb9a3b0400a32ddac1af259c1b0abab0041327ea04970944401978fb647dd1cf9aba4f164e43f0d8a9389501886474bdd4a6e77f6aea945c07dfbf87743835b44cc2c39a1f9aeecfa83135abc92e18e50396f2e6a06c44e0188b0081effbfb4160d28f118d4ff73dd199a102e47cffd8c7ff2bacd83ae72b5820c021a486766dd587b5da61"
+
+const unverifiedSignatureEncryptedMessageHex = "c2b304000108000605026048f6d600210910a34d7e18c20c31bb1621045fb74b1d03b1e3cb31bc2f8aa34d7e18c20c31bb9a3b0400a32ddac1af259c1b0abab0041327ea04970944401978fb647dd1cf9aba4f164e43f0d8a9389501886474bdd4a6e77f6aea945c07dfbf87743835b44cc2c39a1f9aeecfa83135abc92e18e50396f2e6a06c44e0188b0081effbfb4160d28f118d4ff73dd199a102e47cffd8c7ff2bacd83ae72b5820c021a486766dd587b5da61"
+
+const signedEncryptedMessage2Hex = "85010e03cf6a7abcd43e36731003fb057f5495b79db367e277cdbe4ab90d924ddee0c0381494112ff8c1238fb0184af35d1731573b01bc4c55ecacd2aafbe2003d36310487d1ecc9ac994f3fada7f9f7f5c3a64248ab7782906c82c6ff1303b69a84d9a9529c31ecafbcdb9ba87e05439897d87e8a2a3dec55e14df19bba7f7bd316291c002ae2efd24f83f9e3441203fc081c0c23dc3092a454ca8a082b27f631abf73aca341686982e8fbda7e0e7d863941d68f3de4a755c2964407f4b5e0477b3196b8c93d551dd23c8beef7d0f03fbb1b6066f78907faf4bf1677d8fcec72651124080e0b7feae6b476e72ab207d38d90b958759fdedfc3c6c35717c9dbfc979b3cfbbff0a76d24a5e57056bb88acbd2a901ef64bc6e4db02adc05b6250ff378de81dca18c1910ab257dff1b9771b85bb9bbe0a69f5989e6d1710a35e6dfcceb7d8fb5ccea8db3932b3d9ff3fe0d327597c68b3622aec8e3716c83a6c93f497543b459b58ba504ed6bcaa747d37d2ca746fe49ae0a6ce4a8b694234e941b5159ff8bd34b9023da2814076163b86f40eed7c9472f81b551452d5ab87004a373c0172ec87ea6ce42ccfa7dbdad66b745496c4873d8019e8c28d6b3"
+
+const signatureEncryptedMessage2Hex = "c24604001102000605024dfd0166000a091033af447ccd759b09bae600a096ec5e63ecf0a403085e10f75cc3bab327663282009f51fad9df457ed8d2b70d8a73c76e0443eac0f377"
+
+const symmetricallyEncryptedCompressedHex = "c32e040903085a357c1a7b5614ed00cc0d1d92f428162058b3f558a0fb0980d221ebac6c97d5eda4e0fe32f6e706e94dd263012d6ca1ef8c4bbd324098225e603a10c85ebf09cbf7b5aeeb5ce46381a52edc51038b76a8454483be74e6dcd1e50d5689a8ae7eceaeefed98a0023d49b22eb1f65c2aa1ef1783bb5e1995713b0457102ec3c3075fe871267ffa4b686ad5d52000d857"
+
+const dsaTestKeyHex = "9901a2044d6c49de110400cb5ce438cf9250907ac2ba5bf6547931270b89f7c4b53d9d09f4d0213a5ef2ec1f26806d3d259960f872a4a102ef1581ea3f6d6882d15134f21ef6a84de933cc34c47cc9106efe3bd84c6aec12e78523661e29bc1a61f0aab17fa58a627fd5fd33f5149153fbe8cd70edf3d963bc287ef875270ff14b5bfdd1bca4483793923b00a0fe46d76cb6e4cbdc568435cd5480af3266d610d303fe33ae8273f30a96d4d34f42fa28ce1112d425b2e3bf7ea553d526e2db6b9255e9dc7419045ce817214d1a0056dbc8d5289956a4b1b69f20f1105124096e6a438f41f2e2495923b0f34b70642607d45559595c7fe94d7fa85fc41bf7d68c1fd509ebeaa5f315f6059a446b9369c277597e4f474a9591535354c7e7f4fd98a08aa60400b130c24ff20bdfbf683313f5daebf1c9b34b3bdadfc77f2ddd72ee1fb17e56c473664bc21d66467655dd74b9005e3a2bacce446f1920cd7017231ae447b67036c9b431b8179deacd5120262d894c26bc015bffe3d827ba7087ad9b700d2ca1f6d16cc1786581e5dd065f293c31209300f9b0afcc3f7c08dd26d0a22d87580b4db41054657374204b65792033202844534129886204131102002205024d6c49de021b03060b090807030206150802090a0b0416020301021e01021780000a0910338934250ccc03607e0400a0bdb9193e8a6b96fc2dfc108ae848914b504481f100a09c4dc148cb693293a67af24dd40d2b13a9e36794"
+
+const dsaTestKeyPrivateHex = "9501bb044d6c49de110400cb5ce438cf9250907ac2ba5bf6547931270b89f7c4b53d9d09f4d0213a5ef2ec1f26806d3d259960f872a4a102ef1581ea3f6d6882d15134f21ef6a84de933cc34c47cc9106efe3bd84c6aec12e78523661e29bc1a61f0aab17fa58a627fd5fd33f5149153fbe8cd70edf3d963bc287ef875270ff14b5bfdd1bca4483793923b00a0fe46d76cb6e4cbdc568435cd5480af3266d610d303fe33ae8273f30a96d4d34f42fa28ce1112d425b2e3bf7ea553d526e2db6b9255e9dc7419045ce817214d1a0056dbc8d5289956a4b1b69f20f1105124096e6a438f41f2e2495923b0f34b70642607d45559595c7fe94d7fa85fc41bf7d68c1fd509ebeaa5f315f6059a446b9369c277597e4f474a9591535354c7e7f4fd98a08aa60400b130c24ff20bdfbf683313f5daebf1c9b34b3bdadfc77f2ddd72ee1fb17e56c473664bc21d66467655dd74b9005e3a2bacce446f1920cd7017231ae447b67036c9b431b8179deacd5120262d894c26bc015bffe3d827ba7087ad9b700d2ca1f6d16cc1786581e5dd065f293c31209300f9b0afcc3f7c08dd26d0a22d87580b4d00009f592e0619d823953577d4503061706843317e4fee083db41054657374204b65792033202844534129886204131102002205024d6c49de021b03060b090807030206150802090a0b0416020301021e01021780000a0910338934250ccc03607e0400a0bdb9193e8a6b96fc2dfc108ae848914b504481f100a09c4dc148cb693293a67af24dd40d2b13a9e36794"
+
+const p256TestKeyHex = "98520456e5b83813082a8648ce3d030107020304a2072cd6d21321266c758cc5b83fab0510f751cb8d91897cddb7047d8d6f185546e2107111b0a95cb8ef063c33245502af7a65f004d5919d93ee74eb71a66253b424502d3235362054657374204b6579203c696e76616c6964406578616d706c652e636f6d3e8879041313080021050256e5b838021b03050b09080702061508090a0b020416020301021e01021780000a0910d44a2c495918513e54e50100dfa64f97d9b47766fc1943c6314ba3f2b2a103d71ad286dc5b1efb96a345b0c80100dbc8150b54241f559da6ef4baacea6d31902b4f4b1bdc09b34bf0502334b7754b8560456e5b83812082a8648ce3d030107020304bfe3cea9cee13486f8d518aa487fecab451f25467d2bf08e58f63e5fa525d5482133e6a79299c274b068ef0be448152ad65cf11cf764348588ca4f6a0bcf22b6030108078861041813080009050256e5b838021b0c000a0910d44a2c495918513e4a4800ff49d589fa64024ad30be363a032e3a0e0e6f5db56ba4c73db850518bf0121b8f20100fd78e065f4c70ea5be9df319ea67e493b936fc78da834a71828043d3154af56e"
+
+const p256TestKeyPrivateHex = "94a50456e5b83813082a8648ce3d030107020304a2072cd6d21321266c758cc5b83fab0510f751cb8d91897cddb7047d8d6f185546e2107111b0a95cb8ef063c33245502af7a65f004d5919d93ee74eb71a66253fe070302f0c2bfb0b6c30f87ee1599472b8636477eab23ced13b271886a4b50ed34c9d8436af5af5b8f88921f0efba6ef8c37c459bbb88bc1c6a13bbd25c4ce9b1e97679569ee77645d469bf4b43de637f5561b424502d3235362054657374204b6579203c696e76616c6964406578616d706c652e636f6d3e8879041313080021050256e5b838021b03050b09080702061508090a0b020416020301021e01021780000a0910d44a2c495918513e54e50100dfa64f97d9b47766fc1943c6314ba3f2b2a103d71ad286dc5b1efb96a345b0c80100dbc8150b54241f559da6ef4baacea6d31902b4f4b1bdc09b34bf0502334b77549ca90456e5b83812082a8648ce3d030107020304bfe3cea9cee13486f8d518aa487fecab451f25467d2bf08e58f63e5fa525d5482133e6a79299c274b068ef0be448152ad65cf11cf764348588ca4f6a0bcf22b603010807fe0703027510012471a603cfee2968dce19f732721ddf03e966fd133b4e3c7a685b788705cbc46fb026dc94724b830c9edbaecd2fb2c662f23169516cacd1fe423f0475c364ecc10abcabcfd4bbbda1a36a1bd8861041813080009050256e5b838021b0c000a0910d44a2c495918513e4a4800ff49d589fa64024ad30be363a032e3a0e0e6f5db56ba4c73db850518bf0121b8f20100fd78e065f4c70ea5be9df319ea67e493b936fc78da834a71828043d3154af56e"
+
+const armoredPrivateKeyBlock = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+lQHYBE2rFNoBBADFwqWQIW/DSqcB4yCQqnAFTJ27qS5AnB46ccAdw3u4Greeu3Bp
+idpoHdjULy7zSKlwR1EA873dO/k/e11Ml3dlAFUinWeejWaK2ugFP6JjiieSsrKn
+vWNicdCS4HTWn0X4sjl0ZiAygw6GNhqEQ3cpLeL0g8E9hnYzJKQ0LWJa0QARAQAB
+AAP/TB81EIo2VYNmTq0pK1ZXwUpxCrvAAIG3hwKjEzHcbQznsjNvPUihZ+NZQ6+X
+0HCfPAdPkGDCLCb6NavcSW+iNnLTrdDnSI6+3BbIONqWWdRDYJhqZCkqmG6zqSfL
+IdkJgCw94taUg5BWP/AAeQrhzjChvpMQTVKQL5mnuZbUCeMCAN5qrYMP2S9iKdnk
+VANIFj7656ARKt/nf4CBzxcpHTyB8+d2CtPDKCmlJP6vL8t58Jmih+kHJMvC0dzn
+gr5f5+sCAOOe5gt9e0am7AvQWhdbHVfJU0TQJx+m2OiCJAqGTB1nvtBLHdJnfdC9
+TnXXQ6ZXibqLyBies/xeY2sCKL5qtTMCAKnX9+9d/5yQxRyrQUHt1NYhaXZnJbHx
+q4ytu0eWz+5i68IYUSK69jJ1NWPM0T6SkqpB3KCAIv68VFm9PxqG1KmhSrQIVGVz
+dCBLZXmIuAQTAQIAIgUCTasU2gIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AA
+CgkQO9o98PRieSoLhgQAkLEZex02Qt7vGhZzMwuN0R22w3VwyYyjBx+fM3JFETy1
+ut4xcLJoJfIaF5ZS38UplgakHG0FQ+b49i8dMij0aZmDqGxrew1m4kBfjXw9B/v+
+eIqpODryb6cOSwyQFH0lQkXC040pjq9YqDsO5w0WYNXYKDnzRV0p4H1pweo2VDid
+AdgETasU2gEEAN46UPeWRqKHvA99arOxee38fBt2CI08iiWyI8T3J6ivtFGixSqV
+bRcPxYO/qLpVe5l84Nb3X71GfVXlc9hyv7CD6tcowL59hg1E/DC5ydI8K8iEpUmK
+/UnHdIY5h8/kqgGxkY/T/hgp5fRQgW1ZoZxLajVlMRZ8W4tFtT0DeA+JABEBAAEA
+A/0bE1jaaZKj6ndqcw86jd+QtD1SF+Cf21CWRNeLKnUds4FRRvclzTyUMuWPkUeX
+TaNNsUOFqBsf6QQ2oHUBBK4VCHffHCW4ZEX2cd6umz7mpHW6XzN4DECEzOVksXtc
+lUC1j4UB91DC/RNQqwX1IV2QLSwssVotPMPqhOi0ZLNY7wIA3n7DWKInxYZZ4K+6
+rQ+POsz6brEoRHwr8x6XlHenq1Oki855pSa1yXIARoTrSJkBtn5oI+f8AzrnN0BN
+oyeQAwIA/7E++3HDi5aweWrViiul9cd3rcsS0dEnksPhvS0ozCJiHsq/6GFmy7J8
+QSHZPteedBnZyNp5jR+H7cIfVN3KgwH/Skq4PsuPhDq5TKK6i8Pc1WW8MA6DXTdU
+nLkX7RGmMwjC0DBf7KWAlPjFaONAX3a8ndnz//fy1q7u2l9AZwrj1qa1iJ8EGAEC
+AAkFAk2rFNoCGwwACgkQO9o98PRieSo2/QP/WTzr4ioINVsvN1akKuekmEMI3LAp
+BfHwatufxxP1U+3Si/6YIk7kuPB9Hs+pRqCXzbvPRrI8NHZBmc8qIGthishdCYad
+AHcVnXjtxrULkQFGbGvhKURLvS9WnzD/m1K2zzwxzkPTzT9/Yf06O6Mal5AdugPL
+VrM0m72/jnpKo04=
+=zNCn
+-----END PGP PRIVATE KEY BLOCK-----`
+
+const e2ePublicKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+Charset: UTF-8
+
+xv8AAABSBAAAAAATCCqGSM49AwEHAgME1LRoXSpOxtHXDUdmuvzchyg6005qIBJ4
+sfaSxX7QgH9RV2ONUhC+WiayCNADq+UMzuR/vunSr4aQffXvuGnR383/AAAAFDxk
+Z2lsQHlhaG9vLWluYy5jb20+wv8AAACGBBATCAA4/wAAAAWCVGvAG/8AAAACiwn/
+AAAACZC2VkQCOjdvYf8AAAAFlQgJCgv/AAAAA5YBAv8AAAACngEAAE1BAP0X8veD
+24IjmI5/C6ZAfVNXxgZZFhTAACFX75jUA3oD6AEAzoSwKf1aqH6oq62qhCN/pekX
++WAsVMBhNwzLpqtCRjLO/wAAAFYEAAAAABIIKoZIzj0DAQcCAwT50ain7vXiIRv8
+B1DO3x3cE/aattZ5sHNixJzRCXi2vQIA5QmOxZ6b5jjUekNbdHG3SZi1a2Ak5mfX
+fRxC/5VGAwEIB8L/AAAAZQQYEwgAGP8AAAAFglRrwBz/AAAACZC2VkQCOjdvYQAA
+FJAA9isX3xtGyMLYwp2F3nXm7QEdY5bq5VUcD/RJlj792VwA/1wH0pCzVLl4Q9F9
+ex7En5r7rHR5xwX82Msc+Rq9dSyO
+=7MrZ
+-----END PGP PUBLIC KEY BLOCK-----`
+
+const dsaKeyWithSHA512 = `9901a2044f04b07f110400db244efecc7316553ee08d179972aab87bb1214de7692593fcf5b6feb1c80fba268722dd464748539b85b81d574cd2d7ad0ca2444de4d849b8756bad7768c486c83a824f9bba4af773d11742bdfb4ac3b89ef8cc9452d4aad31a37e4b630d33927bff68e879284a1672659b8b298222fc68f370f3e24dccacc4a862442b9438b00a0ea444a24088dc23e26df7daf8f43cba3bffc4fe703fe3d6cd7fdca199d54ed8ae501c30e3ec7871ea9cdd4cf63cfe6fc82281d70a5b8bb493f922cd99fba5f088935596af087c8d818d5ec4d0b9afa7f070b3d7c1dd32a84fca08d8280b4890c8da1dde334de8e3cad8450eed2a4a4fcc2db7b8e5528b869a74a7f0189e11ef097ef1253582348de072bb07a9fa8ab838e993cef0ee203ff49298723e2d1f549b00559f886cd417a41692ce58d0ac1307dc71d85a8af21b0cf6eaa14baf2922d3a70389bedf17cc514ba0febbd107675a372fe84b90162a9e88b14d4b1c6be855b96b33fb198c46f058568817780435b6936167ebb3724b680f32bf27382ada2e37a879b3d9de2abe0c3f399350afd1ad438883f4791e2e3b4184453412068617368207472756e636174696f6e207465737488620413110a002205024f04b07f021b03060b090807030206150802090a0b0416020301021e01021780000a0910ef20e0cefca131581318009e2bf3bf047a44d75a9bacd00161ee04d435522397009a03a60d51bd8a568c6c021c8d7cf1be8d990d6417b0020003`
+
+const unknownHashFunctionHex = `8a00000040040001990006050253863c24000a09103b4fe6acc0b21f32ffff0101010101010101010101010101010101010101010101010101010101010101010101010101`
+
+const rsaSignatureBadMPIlength = `8a00000040040001030006050253863c24000a09103b4fe6acc0b21f32ffff0101010101010101010101010101010101010101010101010101010101010101010101010101`
+
+const missingHashFunctionHex = `8a00000040040001030006050253863c24000a09103b4fe6acc0b21f32ffff0101010101010101010101010101010101010101010101010101010101010101010101010101`
+
+const campbellQuine = `a0b001000300fcffa0b001000d00f2ff000300fcffa0b001000d00f2ff8270a01c00000500faff8270a01c00000500faff000500faff001400ebff8270a01c00000500faff000500faff001400ebff428821c400001400ebff428821c400001400ebff428821c400001400ebff428821c400001400ebff428821c400000000ffff000000ffff000b00f4ff428821c400000000ffff000000ffff000b00f4ff0233214c40000100feff000233214c40000100feff0000`
+
+const keyV4forVerifyingSignedMessageV3 = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+Comment: GPGTools - https://gpgtools.org
+
+mI0EVfxoFQEEAMBIqmbDfYygcvP6Phr1wr1XI41IF7Qixqybs/foBF8qqblD9gIY
+BKpXjnBOtbkcVOJ0nljd3/sQIfH4E0vQwK5/4YRQSI59eKOqd6Fx+fWQOLG+uu6z
+tewpeCj9LLHvibx/Sc7VWRnrznia6ftrXxJ/wHMezSab3tnGC0YPVdGNABEBAAG0
+JEdvY3J5cHRvIFRlc3QgS2V5IDx0aGVtYXhAZ21haWwuY29tPoi5BBMBCgAjBQJV
+/GgVAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQeXnQmhdGW9PFVAP+
+K7TU0qX5ArvIONIxh/WAweyOk884c5cE8f+3NOPOOCRGyVy0FId5A7MmD5GOQh4H
+JseOZVEVCqlmngEvtHZb3U1VYtVGE5WZ+6rQhGsMcWP5qaT4soYwMBlSYxgYwQcx
+YhN9qOr292f9j2Y//TTIJmZT4Oa+lMxhWdqTfX+qMgG4jQRV/GgVAQQArhFSiij1
+b+hT3dnapbEU+23Z1yTu1DfF6zsxQ4XQWEV3eR8v+8mEDDNcz8oyyF56k6UQ3rXi
+UMTIwRDg4V6SbZmaFbZYCOwp/EmXJ3rfhm7z7yzXj2OFN22luuqbyVhuL7LRdB0M
+pxgmjXb4tTvfgKd26x34S+QqUJ7W6uprY4sAEQEAAYifBBgBCgAJBQJV/GgVAhsM
+AAoJEHl50JoXRlvT7y8D/02ckx4OMkKBZo7viyrBw0MLG92i+DC2bs35PooHR6zz
+786mitjOp5z2QWNLBvxC70S0qVfCIz8jKupO1J6rq6Z8CcbLF3qjm6h1omUBf8Nd
+EfXKD2/2HV6zMKVknnKzIEzauh+eCKS2CeJUSSSryap/QLVAjRnckaES/OsEWhNB
+=RZia
+-----END PGP PUBLIC KEY BLOCK-----
+`
+
+const signedMessageV3 = `-----BEGIN PGP MESSAGE-----
+Comment: GPGTools - https://gpgtools.org
+
+owGbwMvMwMVYWXlhlrhb9GXG03JJDKF/MtxDMjKLFYAoUaEktbhEITe1uDgxPVWP
+q5NhKjMrWAVcC9evD8z/bF/uWNjqtk/X3y5/38XGRQHm/57rrDRYuGnTw597Xqka
+uM3137/hH3Os+Jf2dc0fXOITKwJvXJvecPVs0ta+Vg7ZO1MLn8w58Xx+6L58mbka
+DGHyU9yTueZE8D+QF/Tz28Y78dqtF56R1VPn9Xw4uJqrWYdd7b3vIZ1V6R4Nh05d
+iT57d/OhWwA=
+=hG7R
+-----END PGP MESSAGE-----
+`
+
+// https://mailarchive.ietf.org/arch/msg/openpgp/9SheW_LENE0Kxf7haNllovPyAdY/
+const v5PrivKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lGEFXJH05BYAAAAtCSsGAQQB2kcPAQEHQFhZlVcVVtwf+21xNQPX+ecMJJBL0MPd
+fj75iux+my8QAAAAAAAiAQCHZ1SnSUmWqxEsoI6facIVZQu6mph3cBFzzTvcm5lA
+Ng5ctBhlbW1hLmdvbGRtYW5AZXhhbXBsZS5uZXSIlgUTFggASCIhBRk0e8mHJGQC
+X5nfPsLgAA7ZiEiS4fez6kyUAJFZVptUBQJckfTkAhsDBQsJCAcCAyICAQYVCgkI
+CwIEFgIDAQIeBwIXgAAA9cAA/jiR3yMsZMeEQ40u6uzEoXa6UXeV/S3wwJAXRJy9
+M8s0AP9vuL/7AyTfFXwwzSjDnYmzS0qAhbLDQ643N+MXGBJ2BZxmBVyR9OQSAAAA
+MgorBgEEAZdVAQUBAQdA+nysrzml2UCweAqtpDuncSPlvrcBWKU0yfU0YvYWWAoD
+AQgHAAAAAAAiAP9OdAPppjU1WwpqjIItkxr+VPQRT8Zm/Riw7U3F6v3OiBFHiHoF
+GBYIACwiIQUZNHvJhyRkAl+Z3z7C4AAO2YhIkuH3s+pMlACRWVabVAUCXJH05AIb
+DAAAOSQBAP4BOOIR/sGLNMOfeb5fPs/02QMieoiSjIBnijhob2U5AQC+RtOHCHx7
+TcIYl5/Uyoi+FOvPLcNw4hOv2nwUzSSVAw==
+=IiS2
+-----END PGP PRIVATE KEY BLOCK-----`
+
+// See OpenPGP crypto refresh Section A.3.
+const v6PrivKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+xUsGY4d/4xsAAAAg+U2nu0jWCmHlZ3BqZYfQMxmZu52JGggkLq2EVD34laMAGXKB
+exK+cH6NX1hs5hNhIB00TrJmosgv3mg1ditlsLfCsQYfGwoAAABCBYJjh3/jAwsJ
+BwUVCg4IDAIWAAKbAwIeCSIhBssYbE8GCaaX5NUt+mxyKwwfHifBilZwj2Ul7Ce6
+2azJBScJAgcCAAAAAK0oIBA+LX0ifsDm185Ecds2v8lwgyU2kCcUmKfvBXbAf6rh
+RYWzuQOwEn7E/aLwIwRaLsdry0+VcallHhSu4RN6HWaEQsiPlR4zxP/TP7mhfVEe
+7XWPxtnMUMtf15OyA51YBMdLBmOHf+MZAAAAIIaTJINn+eUBXbki+PSAld2nhJh/
+LVmFsS+60WyvXkQ1AE1gCk95TUR3XFeibg/u/tVY6a//1q0NWC1X+yui3O24wpsG
+GBsKAAAALAWCY4d/4wKbDCIhBssYbE8GCaaX5NUt+mxyKwwfHifBilZwj2Ul7Ce6
+2azJAAAAAAQBIKbpGG2dWTX8j+VjFM21J0hqWlEg+bdiojWnKfA5AQpWUWtnNwDE
+M0g12vYxoWM8Y81W+bHBw805I8kWVkXU6vFOi+HWvv/ira7ofJu16NnoUkhclkUr
+k0mXubZvyl4GBg==
+-----END PGP PRIVATE KEY BLOCK-----`
+
+// See OpenPGP crypto refresh merge request:
+// https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/304
+const v6PrivKeyMsg = `-----BEGIN PGP MESSAGE-----
+
+wV0GIQYSyD8ecG9jCP4VGkF3Q6HwM3kOk+mXhIjR2zeNqZMIhRmHzxjV8bU/gXzO
+WgBM85PMiVi93AZfJfhK9QmxfdNnZBjeo1VDeVZheQHgaVf7yopqR6W1FT6NOrfS
+aQIHAgZhZBZTW+CwcW1g4FKlbExAf56zaw76/prQoN+bAzxpohup69LA7JW/Vp0l
+yZnuSj3hcFj0DfqLTGgr4/u717J+sPWbtQBfgMfG9AOIwwrUBqsFE9zW+f1zdlYo
+bhF30A+IitsxxA==
+-----END PGP MESSAGE-----`
+
+// See OpenPGP crypto refresh merge request:
+// https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/305
+const v6PrivKeyInlineSignMsg = `-----BEGIN PGP MESSAGE-----
+
+wV0GIQYSyD8ecG9jCP4VGkF3Q6HwM3kOk+mXhIjR2zeNqZMIhRmHzxjV8bU/gXzO
+WgBM85PMiVi93AZfJfhK9QmxfdNnZBjeo1VDeVZheQHgaVf7yopqR6W1FT6NOrfS
+aQIHAgZhZBZTW+CwcW1g4FKlbExAf56zaw76/prQoN+bAzxpohup69LA7JW/Vp0l
+yZnuSj3hcFj0DfqLTGgr4/u717J+sPWbtQBfgMfG9AOIwwrUBqsFE9zW+f1zdlYo
+bhF30A+IitsxxA==
+-----END PGP MESSAGE-----`
+
+// See https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/274
+// decryption password: "correct horse battery staple"
+const v6ArgonSealedPrivKey = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+xYIGY4d/4xsAAAAg+U2nu0jWCmHlZ3BqZYfQMxmZu52JGggkLq2EVD34laP9JgkC
+FARdb9ccngltHraRe25uHuyuAQQVtKipJ0+r5jL4dacGWSAheCWPpITYiyfyIOPS
+3gIDyg8f7strd1OB4+LZsUhcIjOMpVHgmiY/IutJkulneoBYwrEGHxsKAAAAQgWC
+Y4d/4wMLCQcFFQoOCAwCFgACmwMCHgkiIQbLGGxPBgmml+TVLfpscisMHx4nwYpW
+cI9lJewnutmsyQUnCQIHAgAAAACtKCAQPi19In7A5tfORHHbNr/JcIMlNpAnFJin
+7wV2wH+q4UWFs7kDsBJ+xP2i8CMEWi7Ha8tPlXGpZR4UruETeh1mhELIj5UeM8T/
+0z+5oX1RHu11j8bZzFDLX9eTsgOdWATHggZjh3/jGQAAACCGkySDZ/nlAV25Ivj0
+gJXdp4SYfy1ZhbEvutFsr15ENf0mCQIUBA5hhGgp2oaavg6mFUXcFMwBBBUuE8qf
+9Ock+xwusd+GAglBr5LVyr/lup3xxQvHXFSjjA2haXfoN6xUGRdDEHI6+uevKjVR
+v5oAxgu7eJpaXNjCmwYYGwoAAAAsBYJjh3/jApsMIiEGyxhsTwYJppfk1S36bHIr
+DB8eJ8GKVnCPZSXsJ7rZrMkAAAAABAEgpukYbZ1ZNfyP5WMUzbUnSGpaUSD5t2Ki
+Nacp8DkBClZRa2c3AMQzSDXa9jGhYzxjzVb5scHDzTkjyRZWRdTq8U6L4da+/+Kt
+ruh8m7Xo2ehSSFyWRSuTSZe5tm/KXgYG
+-----END PGP PRIVATE KEY BLOCK-----`
+
+const v4Key25519 = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+xUkEZB3qzRto01j2k2pwN5ux9w70stPinAdXULLr20CRW7U7h2GSeACch0M+
+qzQg8yjFQ8VBvu3uwgKH9senoHmj72lLSCLTmhFKzQR0ZXN0wogEEBsIAD4F
+gmQd6s0ECwkHCAmQIf45+TuC+xMDFQgKBBYAAgECGQECmwMCHgEWIQSWEzMi
+jJUHvyIbVKIh/jn5O4L7EwAAUhaHNlgudvxARdPPETUzVgjuWi+YIz8w1xIb
+lHQMvIrbe2sGCQIethpWofd0x7DHuv/ciHg+EoxJ/Td6h4pWtIoKx0kEZB3q
+zRm4CyA7quliq7yx08AoOqHTuuCgvpkSdEhpp3pEyejQOgBo0p6ywIiLPllY
+0t+jpNspHpAGfXID6oqjpYuJw3AfVRBlwnQEGBsIACoFgmQd6s0JkCH+Ofk7
+gvsTApsMFiEElhMzIoyVB78iG1SiIf45+TuC+xMAAGgQuN9G73446ykvJ/mL
+sCZ7zGFId2gBd1EnG0FTC4npfOKpck0X8dngByrCxU8LDSfvjsEp/xDAiKsQ
+aU71tdtNBQ==
+=e7jT
+-----END PGP PRIVATE KEY BLOCK-----`
+
+const keyWithExpiredCrossSig = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsDNBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv
+/seOXpgecTdOcVttfzC8ycIKrt3aQTiwOG/ctaR4Bk/t6ayNFfdUNxHWk4WCKzdz
+/56fW2O0F23qIRd8UUJp5IIlN4RDdRCtdhVQIAuzvp2oVy/LaS2kxQoKvph/5pQ/
+5whqsyroEWDJoSV0yOb25B/iwk/pLUFoyhDG9bj0kIzDxrEqW+7Ba8nocQlecMF3
+X5KMN5kp2zraLv9dlBBpWW43XktjcCZgMy20SouraVma8Je/ECwUWYUiAZxLIlMv
+9CurEOtxUw6N3RdOtLmYZS9uEnn5y1UkF88o8Nku890uk6BrewFzJyLAx5wRZ4F0
+qV/yq36UWQ0JB/AUGhHVPdFf6pl6eaxBwT5GXvbBUibtf8YI2og5RsgTWtXfU7eb
+SGXrl5ZMpbA6mbfhd0R8aPxWfmDWiIOhBufhMCvUHh1sApMKVZnvIff9/0Dca3wb
+vLIwa3T4CyshfT0AEQEAAc0hQm9iIEJhYmJhZ2UgPGJvYkBvcGVucGdwLmV4YW1w
+bGU+wsEABBMBCgATBYJeO2eVAgsJAxUICgKbAQIeAQAhCRD7/MgqAV5zMBYhBNGm
+bhojsYLJmA94jPv8yCoBXnMwKWUMAJ3FKZfJ2mXvh+GFqgymvK4NoKkDRPB0CbUN
+aDdG7ZOizQrWXo7Da2MYIZ6eZUDqBKLdhZ5gZfVnisDfu/yeCgpENaKib1MPHpA8
+nZQjnPejbBDomNqY8HRzr5jvXNlwywBpjWGtegCKUY9xbSynjbfzIlMrWL4S+Rfl
++bOOQKRyYJWXmECmVyqY8cz2VUYmETjNcwC8VCDUxQnhtcCJ7Aej22hfYwVEPb/J
+BsJBPq8WECCiGfJ9Y2y6TF+62KzG9Kfs5hqUeHhQy8V4TSi479ewwL7DH86XmIIK
+chSANBS+7iyMtctjNZfmF9zYdGJFvjI/mbBR/lK66E515Inuf75XnL8hqlXuwqvG
+ni+i03Aet1DzULZEIio4uIU6ioc1lGO9h7K2Xn4S7QQH1QoISNMWqXibUR0RCGjw
+FsEDTt2QwJl8XXxoJCooM7BCcCQo+rMNVUHDjIwrdoQjPld3YZsUQQRcqH6bLuln
+cfn5ufl8zTGWKydoj/iTz8KcjZ7w187AzQRdpZzyAQwA1jC/XGxjK6ddgrRfW9j+
+s/U00++EvIsgTs2kr3Rg0GP7FLWV0YNtR1mpl55/bEl7yAxCDTkOgPUMXcaKlnQh
+6zrlt6H53mF6Bvs3inOHQvOsGtU0dqvb1vkTF0juLiJgPlM7pWv+pNQ6IA39vKoQ
+sTMBv4v5vYNXP9GgKbg8inUNT17BxzZYHfw5+q63ectgDm2on1e8CIRCZ76oBVwz
+dkVxoy3gjh1eENlk2D4P0uJNZzF1Q8GV67yLANGMCDICE/OkWn6daipYDzW4iJQt
+YPUWP4hWhjdm+CK+hg6IQUEn2Vtvi16D2blRP8BpUNNa4fNuylWVuJV76rIHvsLZ
+1pbM3LHpRgE8s6jivS3Rz3WRs0TmWCNnvHPqWizQ3VTy+r3UQVJ5AmhJDrZdZq9i
+aUIuZ01PoE1+CHiJwuxPtWvVAxf2POcm1M/F1fK1J0e+lKlQuyonTXqXR22Y41wr
+fP2aPk3nPSTW2DUAf3vRMZg57ZpRxLEhEMxcM4/LMR+PABEBAAHCwrIEGAEKAAkF
+gl8sAVYCmwIB3QkQ+/zIKgFeczDA+qAEGQEKAAwFgl47Z5UFgwB4TOAAIQkQfC+q
+Tfk8N7IWIQQd3OFfCSF87i87N2B8L6pN+Tw3st58C/0exp0X2U4LqicSHEOSqHZj
+jiysdqIELHGyo5DSPv92UFPp36aqjF9OFgtNNwSa56fmAVCD4+hor/fKARRIeIjF
+qdIC5Y/9a4B10NQFJa5lsvB38x/d39LI2kEoglZnqWgdJskROo3vNQF4KlIcm6FH
+dn4WI8UkC5oUUcrpZVMSKoacIaxLwqnXT42nIVgYYuqrd/ZagZZjG5WlrTOd5+NI
+zi/l0fWProcPHGLjmAh4Thu8i7omtVw1nQaMnq9I77ffg3cPDgXknYrLL+q8xXh/
+0mEJyIhnmPwllWCSZuLv9DrD5pOexFfdlwXhf6cLzNpW6QhXD/Tf5KrqIPr9aOv8
+9xaEEXWh0vEby2kIsI2++ft+vfdIyxYw/wKqx0awTSnuBV1rG3z1dswX4BfoY66x
+Bz3KOVqlz9+mG/FTRQwrgPvR+qgLCHbuotxoGN7fzW+PI75hQG5JQAqhsC9sHjQH
+UrI21/VUNwzfw3v5pYsWuFb5bdQ3ASJetICQiMy7IW8WIQTRpm4aI7GCyZgPeIz7
+/MgqAV5zMG6/C/wLpPl/9e6Hf5wmXIUwpZNQbNZvpiCcyx9sXsHXaycOQVxn3McZ
+nYOUP9/mobl1tIeDQyTNbkxWjU0zzJl8XQsDZerb5098pg+x7oGIL7M1vn5s5JMl
+owROourqF88JEtOBxLMxlAM7X4hB48xKQ3Hu9hS1GdnqLKki4MqRGl4l5FUwyGOM
+GjyS3TzkfiDJNwQxybQiC9n57ij20ieNyLfuWCMLcNNnZUgZtnF6wCctoq/0ZIWu
+a7nvuA/XC2WW9YjEJJiWdy5109pqac+qWiY11HWy/nms4gpMdxVpT0RhrKGWq4o0
+M5q3ZElOoeN70UO3OSbU5EVrG7gB1GuwF9mTHUVlV0veSTw0axkta3FGT//XfSpD
+lRrCkyLzwq0M+UUHQAuYpAfobDlDdnxxOD2jm5GyTzak3GSVFfjW09QFVO6HlGp5
+01/jtzkUiS6nwoHHkfnyn0beZuR8X6KlcrzLB0VFgQFLmkSM9cSOgYhD0PTu9aHb
+hW1Hj9AO8lzggBQ=
+=Nt+N
+-----END PGP PUBLIC KEY BLOCK-----
+`
+
+const sigFromKeyWithExpiredCrossSig = `-----BEGIN PGP SIGNATURE-----
+
+wsDzBAABCgAGBYJfLAFsACEJEHwvqk35PDeyFiEEHdzhXwkhfO4vOzdgfC+qTfk8
+N7KiqwwAts4QGB7v9bABCC2qkTxJhmStC0wQMcHRcjL/qAiVnmasQWmvE9KVsdm3
+AaXd8mIx4a37/RRvr9dYrY2eE4uw72cMqPxNja2tvVXkHQvk1oEUqfkvbXs4ypKI
+NyeTWjXNOTZEbg0hbm3nMy+Wv7zgB1CEvAsEboLDJlhGqPcD+X8a6CJGrBGUBUrv
+KVmZr3U6vEzClz3DBLpoddCQseJRhT4YM1nKmBlZ5quh2LFgTSpajv5OsZheqt9y
+EZAPbqmLhDmWRQwGzkWHKceKS7nZ/ox2WK6OS7Ob8ZGZkM64iPo6/EGj5Yc19vQN
+AGiIaPEGszBBWlOpHTPhNm0LB0nMWqqaT87oNYwP8CQuuxDb6rKJ2lffCmZH27Lb
+UbQZcH8J+0UhpeaiadPZxH5ATJAcenmVtVVMLVOFnm+eIlxzov9ntpgGYt8hLdXB
+ITEG9mMgp3TGS9ZzSifMZ8UGtHdp9QdBg8NEVPFzDOMGxpc/Bftav7RRRuPiAER+
+7A5CBid5
+=aQkm
+-----END PGP SIGNATURE-----
+`
+
+const signedMessageWithCriticalNotation = `-----BEGIN PGP MESSAGE-----
+
+owGbwMvMwMH4oOW7S46CznTG09xJDDE3Wl1KUotLuDousDAwcjBYiSmyXL+48d6x
+U1PSGUxcj8IUszKBVMpMaWAAAgEGZpAeh9SKxNyCnFS95PzcytRiBi5OAZjyXXzM
+f8WYLqv7TXP61Sa4rqT12CI3xaN73YS2pt089f96odCKaEPnWJ3iSGmzJaW/ug10
+2Zo8Wj2k4s7t8wt4H3HtTu+y5UZfV3VOO+l//sdE/o+Lsub8FZH7/eOq7OnbNp4n
+vwjE8mqJXetNMfj8r2SCyvkEnlVRYR+/mnge+ib56FdJ8uKtqSxyvgA=
+=fRXs
+-----END PGP MESSAGE-----`
+
+const criticalNotationSigner = `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mI0EUmEvTgEEANyWtQQMOybQ9JltDqmaX0WnNPJeLILIM36sw6zL0nfTQ5zXSS3+
+fIF6P29lJFxpblWk02PSID5zX/DYU9/zjM2xPO8Oa4xo0cVTOTLj++Ri5mtr//f5
+GLsIXxFrBJhD/ghFsL3Op0GXOeLJ9A5bsOn8th7x6JucNKuaRB6bQbSPABEBAAG0
+JFRlc3QgTWNUZXN0aW5ndG9uIDx0ZXN0QGV4YW1wbGUuY29tPoi5BBMBAgAjBQJS
+YS9OAhsvBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQSmNhOk1uQJQwDAP6
+AgrTyqkRlJVqz2pb46TfbDM2TDF7o9CBnBzIGoxBhlRwpqALz7z2kxBDmwpQa+ki
+Bq3jZN/UosY9y8bhwMAlnrDY9jP1gdCo+H0sD48CdXybblNwaYpwqC8VSpDdTndf
+9j2wE/weihGp/DAdy/2kyBCaiOY1sjhUfJ1GogF49rC4jQRSYS9OAQQA6R/PtBFa
+JaT4jq10yqASk4sqwVMsc6HcifM5lSdxzExFP74naUMMyEsKHP53QxTF0Grqusag
+Qg/ZtgT0CN1HUM152y7ACOdp1giKjpMzOTQClqCoclyvWOFB+L/SwGEIJf7LSCEr
+woBuJifJc8xAVr0XX0JthoW+uP91eTQ3XpsAEQEAAYkBPQQYAQIACQUCUmEvTgIb
+LgCoCRBKY2E6TW5AlJ0gBBkBAgAGBQJSYS9OAAoJEOCE90RsICyXuqIEANmmiRCA
+SF7YK7PvFkieJNwzeK0V3F2lGX+uu6Y3Q/Zxdtwc4xR+me/CSBmsURyXTO29OWhP
+GLszPH9zSJU9BdDi6v0yNprmFPX/1Ng0Abn/sCkwetvjxC1YIvTLFwtUL/7v6NS2
+bZpsUxRTg9+cSrMWWSNjiY9qUKajm1tuzPDZXAUEAMNmAN3xXN/Kjyvj2OK2ck0X
+W748sl/tc3qiKPMJ+0AkMF7Pjhmh9nxqE9+QCEl7qinFqqBLjuzgUhBU4QlwX1GD
+AtNTq6ihLMD5v1d82ZC7tNatdlDMGWnIdvEMCv2GZcuIqDQ9rXWs49e7tq1NncLY
+hz3tYjKhoFTKEIq3y3Pp
+=h/aX
+-----END PGP PUBLIC KEY BLOCK-----`
+
+const keyv5Test = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+Comment: Bob's OpenPGP Transferable Secret Key
+
+lQVYBF2lnPIBDAC5cL9PQoQLTMuhjbYvb4Ncuuo0bfmgPRFywX53jPhoFf4Zg6mv
+/seOXpgecTdOcVttfzC8ycIKrt3aQTiwOG/ctaR4Bk/t6ayNFfdUNxHWk4WCKzdz
+/56fW2O0F23qIRd8UUJp5IIlN4RDdRCtdhVQIAuzvp2oVy/LaS2kxQoKvph/5pQ/
+5whqsyroEWDJoSV0yOb25B/iwk/pLUFoyhDG9bj0kIzDxrEqW+7Ba8nocQlecMF3
+X5KMN5kp2zraLv9dlBBpWW43XktjcCZgMy20SouraVma8Je/ECwUWYUiAZxLIlMv
+9CurEOtxUw6N3RdOtLmYZS9uEnn5y1UkF88o8Nku890uk6BrewFzJyLAx5wRZ4F0
+qV/yq36UWQ0JB/AUGhHVPdFf6pl6eaxBwT5GXvbBUibtf8YI2og5RsgTWtXfU7eb
+SGXrl5ZMpbA6mbfhd0R8aPxWfmDWiIOhBufhMCvUHh1sApMKVZnvIff9/0Dca3wb
+vLIwa3T4CyshfT0AEQEAAQAL/RZqbJW2IqQDCnJi4Ozm++gPqBPiX1RhTWSjwxfM
+cJKUZfzLj414rMKm6Jh1cwwGY9jekROhB9WmwaaKT8HtcIgrZNAlYzANGRCM4TLK
+3VskxfSwKKna8l+s+mZglqbAjUg3wmFuf9Tj2xcUZYmyRm1DEmcN2ZzpvRtHgX7z
+Wn1mAKUlSDJZSQks0zjuMNbupcpyJokdlkUg2+wBznBOTKzgMxVNC9b2g5/tMPUs
+hGGWmF1UH+7AHMTaS6dlmr2ZBIyogdnfUqdNg5sZwsxSNrbglKP4sqe7X61uEAIQ
+bD7rT3LonLbhkrj3I8wilUD8usIwt5IecoHhd9HziqZjRCc1BUBkboUEoyedbDV4
+i4qfsFZ6CEWoLuD5pW7dEp0M+WeuHXO164Rc+LnH6i1VQrpb1Okl4qO6ejIpIjBI
+1t3GshtUu/mwGBBxs60KBX5g77mFQ9lLCRj8lSYqOsHRKBhUp4qM869VA+fD0BRP
+fqPT0I9IH4Oa/A3jYJcg622GwQYA1LhnP208Waf6PkQSJ6kyr8ymY1yVh9VBE/g6
+fRDYA+pkqKnw9wfH2Qho3ysAA+OmVOX8Hldg+Pc0Zs0e5pCavb0En8iFLvTA0Q2E
+LR5rLue9uD7aFuKFU/VdcddY9Ww/vo4k5p/tVGp7F8RYCFn9rSjIWbfvvZi1q5Tx
++akoZbga+4qQ4WYzB/obdX6SCmi6BndcQ1QdjCCQU6gpYx0MddVERbIp9+2SXDyL
+hpxjSyz+RGsZi/9UAshT4txP4+MZBgDfK3ZqtW+h2/eMRxkANqOJpxSjMyLO/FXN
+WxzTDYeWtHNYiAlOwlQZEPOydZFty9IVzzNFQCIUCGjQ/nNyhw7adSgUk3+BXEx/
+MyJPYY0BYuhLxLYcrfQ9nrhaVKxRJj25SVHj2ASsiwGJRZW4CC3uw40OYxfKEvNC
+mer/VxM3kg8qqGf9KUzJ1dVdAvjyx2Hz6jY2qWCyRQ6IMjWHyd43C4r3jxooYKUC
+YnstRQyb/gCSKahveSEjo07CiXMr88UGALwzEr3npFAsPW3osGaFLj49y1oRe11E
+he9gCHFm+fuzbXrWmdPjYU5/ZdqdojzDqfu4ThfnipknpVUM1o6MQqkjM896FHm8
+zbKVFSMhEP6DPHSCexMFrrSgN03PdwHTO6iBaIBBFqmGY01tmJ03SxvSpiBPON9P
+NVvy/6UZFedTq8A07OUAxO62YUSNtT5pmK2vzs3SAZJmbFbMh+NN204TRI72GlqT
+t5hcfkuv8hrmwPS/ZR6q312mKQ6w/1pqO9qitCFCb2IgQmFiYmFnZSA8Ym9iQG9w
+ZW5wZ3AuZXhhbXBsZT6JAc4EEwEKADgCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
+F4AWIQTRpm4aI7GCyZgPeIz7/MgqAV5zMAUCXaWe+gAKCRD7/MgqAV5zMG9sC/9U
+2T3RrqEbw533FPNfEflhEVRIZ8gDXKM8hU6cqqEzCmzZT6xYTe6sv4y+PJBGXJFX
+yhj0g6FDkSyboM5litOcTupURObVqMgA/Y4UKERznm4fzzH9qek85c4ljtLyNufe
+doL2pp3vkGtn7eD0QFRaLLmnxPKQ/TlZKdLE1G3u8Uot8QHicaR6GnAdc5UXQJE3
+BiV7jZuDyWmZ1cUNwJkKL6oRtp+ZNDOQCrLNLecKHcgCqrpjSQG5oouba1I1Q6Vl
+sP44dhA1nkmLHtxlTOzpeHj4jnk1FaXmyasurrrI5CgU/L2Oi39DGKTH/A/cywDN
+4ZplIQ9zR8enkbXquUZvFDe+Xz+6xRXtb5MwQyWODB3nHw85HocLwRoIN9WdQEI+
+L8a/56AuOwhs8llkSuiITjR7r9SgKJC2WlAHl7E8lhJ3VDW3ELC56KH308d6mwOG
+ZRAqIAKzM1T5FGjMBhq7ZV0eqdEntBh3EcOIfj2M8rg1MzJv+0mHZOIjByawikad
+BVgEXaWc8gEMANYwv1xsYyunXYK0X1vY/rP1NNPvhLyLIE7NpK90YNBj+xS1ldGD
+bUdZqZeef2xJe8gMQg05DoD1DF3GipZ0Ies65beh+d5hegb7N4pzh0LzrBrVNHar
+29b5ExdI7i4iYD5TO6Vr/qTUOiAN/byqELEzAb+L+b2DVz/RoCm4PIp1DU9ewcc2
+WB38Ofqut3nLYA5tqJ9XvAiEQme+qAVcM3ZFcaMt4I4dXhDZZNg+D9LiTWcxdUPB
+leu8iwDRjAgyAhPzpFp+nWoqWA81uIiULWD1Fj+IVoY3ZvgivoYOiEFBJ9lbb4te
+g9m5UT/AaVDTWuHzbspVlbiVe+qyB77C2daWzNyx6UYBPLOo4r0t0c91kbNE5lgj
+Z7xz6los0N1U8vq91EFSeQJoSQ62XWavYmlCLmdNT6BNfgh4icLsT7Vr1QMX9jzn
+JtTPxdXytSdHvpSpULsqJ016l0dtmONcK3z9mj5N5z0k1tg1AH970TGYOe2aUcSx
+IRDMXDOPyzEfjwARAQABAAv9F2CwsjS+Sjh1M1vegJbZjei4gF1HHpEM0K0PSXsp
+SfVvpR4AoSJ4He6CXSMWg0ot8XKtDuZoV9jnJaES5UL9pMAD7JwIOqZm/DYVJM5h
+OASCh1c356/wSbFbzRHPtUdZO9Q30WFNJM5pHbCJPjtNoRmRGkf71RxtvHBzy7np
+Ga+W6U/NVKHw0i0CYwMI0YlKDakYW3Pm+QL+gHZFvngGweTod0f9l2VLLAmeQR/c
++EZs7lNumhuZ8mXcwhUc9JQIhOkpO+wreDysEFkAcsKbkQP3UDUsA1gFx9pbMzT0
+tr1oZq2a4QBtxShHzP/ph7KLpN+6qtjks3xB/yjTgaGmtrwM8tSe0wD1RwXS+/1o
+BHpXTnQ7TfeOGUAu4KCoOQLv6ELpKWbRBLWuiPwMdbGpvVFALO8+kvKAg9/r+/ny
+zM2GQHY+J3Jh5JxPiJnHfXNZjIKLbFbIPdSKNyJBuazXW8xIa//mEHMI5OcvsZBK
+clAIp7LXzjEjKXIwHwDcTn9pBgDpdOKTHOtJ3JUKx0rWVsDH6wq6iKV/FTVSY5jl
+zN+puOEsskF1Lfxn9JsJihAVO3yNsp6RvkKtyNlFazaCVKtDAmkjoh60XNxcNRqr
+gCnwdpbgdHP6v/hvZY54ZaJjz6L2e8unNEkYLxDt8cmAyGPgH2XgL7giHIp9jrsQ
+aS381gnYwNX6wE1aEikgtY91nqJjwPlibF9avSyYQoMtEqM/1UjTjB2KdD/MitK5
+fP0VpvuXpNYZedmyq4UOMwdkiNMGAOrfmOeT0olgLrTMT5H97Cn3Yxbk13uXHNu/
+ZUZZNe8s+QtuLfUlKAJtLEUutN33TlWQY522FV0m17S+b80xJib3yZVJteVurrh5
+HSWHAM+zghQAvCesg5CLXa2dNMkTCmZKgCBvfDLZuZbjFwnwCI6u/NhOY9egKuUf
+SA/je/RXaT8m5VxLYMxwqQXKApzD87fv0tLPlVIEvjEsaf992tFEFSNPcG1l/jpd
+5AVXw6kKuf85UkJtYR1x2MkQDrqY1QX/XMw00kt8y9kMZUre19aCArcmor+hDhRJ
+E3Gt4QJrD9z/bICESw4b4z2DbgD/Xz9IXsA/r9cKiM1h5QMtXvuhyfVeM01enhxM
+GbOH3gjqqGNKysx0UODGEwr6AV9hAd8RWXMchJLaExK9J5SRawSg671ObAU24SdY
+vMQ9Z4kAQ2+1ReUZzf3ogSMRZtMT+d18gT6L90/y+APZIaoArLPhebIAGq39HLmJ
+26x3z0WAgrpA1kNsjXEXkoiZGPLKIGoe3hqJAbYEGAEKACAWIQTRpm4aI7GCyZgP
+eIz7/MgqAV5zMAUCXaWc8gIbDAAKCRD7/MgqAV5zMOn/C/9ugt+HZIwX308zI+QX
+c5vDLReuzmJ3ieE0DMO/uNSC+K1XEioSIZP91HeZJ2kbT9nn9fuReuoff0T0Dief
+rbwcIQQHFFkrqSp1K3VWmUGp2JrUsXFVdjy/fkBIjTd7c5boWljv/6wAsSfiv2V0
+JSM8EFU6TYXxswGjFVfc6X97tJNeIrXL+mpSmPPqy2bztcCCHkWS5lNLWQw+R7Vg
+71Fe6yBSNVrqC2/imYG2J9zlowjx1XU63Wdgqp2Wxt0l8OmsB/W80S1fRF5G4SDH
+s9HXglXXqPsBRZJYfP+VStm9L5P/sKjCcX6WtZR7yS6G8zj/X767MLK/djANvpPd
+NVniEke6hM3CNBXYPAMhQBMWhCulcoz+0lxi8L34rMN+Dsbma96psdUrn7uLaB91
+6we0CTfF8qqm7BsVAgalon/UUiuMY80U3ueoj3okiSTiHIjD/YtpXSPioC8nMng7
+xqAY9Bwizt4FWgXuLm1a4+So4V9j1TRCXd12Uc2l2RNmgDE=
+=miES
+-----END PGP PRIVATE KEY BLOCK-----
+`
+
+const certv5Test = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lGEFXJH05BYAAAAtCSsGAQQB2kcPAQEHQFhZlVcVVtwf+21xNQPX+ecMJJBL0MPd
+fj75iux+my8QAAAAAAAiAQCHZ1SnSUmWqxEsoI6facIVZQu6mph3cBFzzTvcm5lA
+Ng5ctBhlbW1hLmdvbGRtYW5AZXhhbXBsZS5uZXSIlgUTFggASCIhBRk0e8mHJGQC
+X5nfPsLgAA7ZiEiS4fez6kyUAJFZVptUBQJckfTkAhsDBQsJCAcCAyICAQYVCgkI
+CwIEFgIDAQIeBwIXgAAA9cAA/jiR3yMsZMeEQ40u6uzEoXa6UXeV/S3wwJAXRJy9
+M8s0AP9vuL/7AyTfFXwwzSjDnYmzS0qAhbLDQ643N+MXGBJ2BZxmBVyR9OQSAAAA
+MgorBgEEAZdVAQUBAQdA+nysrzml2UCweAqtpDuncSPlvrcBWKU0yfU0YvYWWAoD
+AQgHAAAAAAAiAP9OdAPppjU1WwpqjIItkxr+VPQRT8Zm/Riw7U3F6v3OiBFHiHoF
+GBYIACwiIQUZNHvJhyRkAl+Z3z7C4AAO2YhIkuH3s+pMlACRWVabVAUCXJH05AIb
+DAAAOSQBAP4BOOIR/sGLNMOfeb5fPs/02QMieoiSjIBnijhob2U5AQC+RtOHCHx7
+TcIYl5/Uyoi+FOvPLcNw4hOv2nwUzSSVAw==
+=IiS2
+-----END PGP PRIVATE KEY BLOCK-----
+`
+
+const msgv5Test = `-----BEGIN PGP MESSAGE-----
+
+wcDMA3wvqk35PDeyAQv+PcQiLsoYTH30nJYQh3j3cJaO2+jErtVCrIQRIU0+
+rmgMddERYST4A9mA0DQIiTI4FQ0Lp440D3BWCgpq3LlNWewGzduaWwym5rN6
+cwHz5ccDqOcqbd9X0GXXGy/ZH/ljSgzuVMIytMAXKdF/vrRrVgH/+I7cxvm9
+HwnhjMN5dF0j4aEt996H2T7cbtzSr2GN9SWGW8Gyu7I8Zx73hgrGUI7gDiJB
+Afaff+P6hfkkHSGOItr94dde8J/7AUF4VEwwxdVVPvsNEFyvv6gRIbYtOCa2
+6RE6h1V/QTxW2O7zZgzWALrE2ui0oaYr9QuqQSssd9CdgExLfdPbI+3/ZAnE
+v31Idzpk3/6ILiakYHtXkElPXvf46mCNpobty8ysT34irF+fy3C1p3oGwAsx
+5VDV9OSFU6z5U+UPbSPYAy9rkc5ZssuIKxCER2oTvZ2L8Q5cfUvEUiJtRGGn
+CJlHrVDdp3FssKv2tlKgLkvxJLyoOjuEkj44H1qRk+D02FzmmUT/0sAHAYYx
+lTir6mjHeLpcGjn4waUuWIAJyph8SxUexP60bic0L0NBa6Qp5SxxijKsPIDb
+FPHxWwfJSDZRrgUyYT7089YFB/ZM4FHyH9TZcnxn0f0xIB7NS6YNDsxzN2zT
+EVEYf+De4qT/dQTsdww78Chtcv9JY9r2kDm77dk2MUGHL2j7n8jasbLtgA7h
+pn2DMIWLrGamMLWRmlwslolKr1sMV5x8w+5Ias6C33iBMl9phkg42an0gYmc
+byVJHvLO/XErtC+GNIJeMg==
+=liRq
+-----END PGP MESSAGE-----
+`
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go
new file mode 100644
index 0000000000000000000000000000000000000000..6871b84fc9f60c82701a7cfe0a85317f02669072
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k.go
@@ -0,0 +1,436 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package s2k implements the various OpenPGP string-to-key transforms as
+// specified in RFC 4800 section 3.7.1, and Argon2 specified in
+// draft-ietf-openpgp-crypto-refresh-08 section 3.7.1.4.
+package s2k // import "github.com/ProtonMail/go-crypto/openpgp/s2k"
+
+import (
+ "crypto"
+ "hash"
+ "io"
+ "strconv"
+
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
+ "golang.org/x/crypto/argon2"
+)
+
+type Mode uint8
+
+// Defines the default S2KMode constants
+//
+// 0 (simple), 1(salted), 3(iterated), 4(argon2)
+const (
+ SimpleS2K Mode = 0
+ SaltedS2K Mode = 1
+ IteratedSaltedS2K Mode = 3
+ Argon2S2K Mode = 4
+ GnuS2K Mode = 101
+)
+
+const Argon2SaltSize int = 16
+
+// Params contains all the parameters of the s2k packet
+type Params struct {
+ // mode is the mode of s2k function.
+ // It can be 0 (simple), 1(salted), 3(iterated)
+ // 2(reserved) 100-110(private/experimental).
+ mode Mode
+ // hashId is the ID of the hash function used in any of the modes
+ hashId byte
+ // salt is a byte array to use as a salt in hashing process or argon2
+ saltBytes [Argon2SaltSize]byte
+ // countByte is used to determine how many rounds of hashing are to
+ // be performed in s2k mode 3. See RFC 4880 Section 3.7.1.3.
+ countByte byte
+ // passes is a parameter in Argon2 to determine the number of iterations
+ // See RFC the crypto refresh Section 3.7.1.4.
+ passes byte
+ // parallelism is a parameter in Argon2 to determine the degree of paralellism
+ // See RFC the crypto refresh Section 3.7.1.4.
+ parallelism byte
+ // memoryExp is a parameter in Argon2 to determine the memory usage
+ // i.e., 2 ** memoryExp kibibytes
+ // See RFC the crypto refresh Section 3.7.1.4.
+ memoryExp byte
+}
+
+// encodeCount converts an iterative "count" in the range 1024 to
+// 65011712, inclusive, to an encoded count. The return value is the
+// octet that is actually stored in the GPG file. encodeCount panics
+// if i is not in the above range (encodedCount above takes care to
+// pass i in the correct range). See RFC 4880 Section 3.7.7.1.
+func encodeCount(i int) uint8 {
+ if i < 65536 || i > 65011712 {
+ panic("count arg i outside the required range")
+ }
+
+ for encoded := 96; encoded < 256; encoded++ {
+ count := decodeCount(uint8(encoded))
+ if count >= i {
+ return uint8(encoded)
+ }
+ }
+
+ return 255
+}
+
+// decodeCount returns the s2k mode 3 iterative "count" corresponding to
+// the encoded octet c.
+func decodeCount(c uint8) int {
+ return (16 + int(c&15)) << (uint32(c>>4) + 6)
+}
+
+// encodeMemory converts the Argon2 "memory" in the range parallelism*8 to
+// 2**31, inclusive, to an encoded memory. The return value is the
+// octet that is actually stored in the GPG file. encodeMemory panics
+// if is not in the above range
+// See OpenPGP crypto refresh Section 3.7.1.4.
+func encodeMemory(memory uint32, parallelism uint8) uint8 {
+ if memory < (8*uint32(parallelism)) || memory > uint32(2147483648) {
+ panic("Memory argument memory is outside the required range")
+ }
+
+ for exp := 3; exp < 31; exp++ {
+ compare := decodeMemory(uint8(exp))
+ if compare >= memory {
+ return uint8(exp)
+ }
+ }
+
+ return 31
+}
+
+// decodeMemory computes the decoded memory in kibibytes as 2**memoryExponent
+func decodeMemory(memoryExponent uint8) uint32 {
+ return uint32(1) << memoryExponent
+}
+
+// Simple writes to out the result of computing the Simple S2K function (RFC
+// 4880, section 3.7.1.1) using the given hash and input passphrase.
+func Simple(out []byte, h hash.Hash, in []byte) {
+ Salted(out, h, in, nil)
+}
+
+var zero [1]byte
+
+// Salted writes to out the result of computing the Salted S2K function (RFC
+// 4880, section 3.7.1.2) using the given hash, input passphrase and salt.
+func Salted(out []byte, h hash.Hash, in []byte, salt []byte) {
+ done := 0
+ var digest []byte
+
+ for i := 0; done < len(out); i++ {
+ h.Reset()
+ for j := 0; j < i; j++ {
+ h.Write(zero[:])
+ }
+ h.Write(salt)
+ h.Write(in)
+ digest = h.Sum(digest[:0])
+ n := copy(out[done:], digest)
+ done += n
+ }
+}
+
+// Iterated writes to out the result of computing the Iterated and Salted S2K
+// function (RFC 4880, section 3.7.1.3) using the given hash, input passphrase,
+// salt and iteration count.
+func Iterated(out []byte, h hash.Hash, in []byte, salt []byte, count int) {
+ combined := make([]byte, len(in)+len(salt))
+ copy(combined, salt)
+ copy(combined[len(salt):], in)
+
+ if count < len(combined) {
+ count = len(combined)
+ }
+
+ done := 0
+ var digest []byte
+ for i := 0; done < len(out); i++ {
+ h.Reset()
+ for j := 0; j < i; j++ {
+ h.Write(zero[:])
+ }
+ written := 0
+ for written < count {
+ if written+len(combined) > count {
+ todo := count - written
+ h.Write(combined[:todo])
+ written = count
+ } else {
+ h.Write(combined)
+ written += len(combined)
+ }
+ }
+ digest = h.Sum(digest[:0])
+ n := copy(out[done:], digest)
+ done += n
+ }
+}
+
+// Argon2 writes to out the key derived from the password (in) with the Argon2
+// function (the crypto refresh, section 3.7.1.4)
+func Argon2(out []byte, in []byte, salt []byte, passes uint8, paralellism uint8, memoryExp uint8) {
+ key := argon2.IDKey(in, salt, uint32(passes), decodeMemory(memoryExp), paralellism, uint32(len(out)))
+ copy(out[:], key)
+}
+
+// Generate generates valid parameters from given configuration.
+// It will enforce the Iterated and Salted or Argon2 S2K method.
+func Generate(rand io.Reader, c *Config) (*Params, error) {
+ var params *Params
+ if c != nil && c.Mode() == Argon2S2K {
+ // handle Argon2 case
+ argonConfig := c.Argon2()
+ params = &Params{
+ mode: Argon2S2K,
+ passes: argonConfig.Passes(),
+ parallelism: argonConfig.Parallelism(),
+ memoryExp: argonConfig.EncodedMemory(),
+ }
+ } else if c != nil && c.PassphraseIsHighEntropy && c.Mode() == SaltedS2K { // Allow SaltedS2K if PassphraseIsHighEntropy
+ hashId, ok := algorithm.HashToHashId(c.hash())
+ if !ok {
+ return nil, errors.UnsupportedError("no such hash")
+ }
+
+ params = &Params{
+ mode: SaltedS2K,
+ hashId: hashId,
+ }
+ } else { // Enforce IteratedSaltedS2K method otherwise
+ hashId, ok := algorithm.HashToHashId(c.hash())
+ if !ok {
+ return nil, errors.UnsupportedError("no such hash")
+ }
+ if c != nil {
+ c.S2KMode = IteratedSaltedS2K
+ }
+ params = &Params{
+ mode: IteratedSaltedS2K,
+ hashId: hashId,
+ countByte: c.EncodedCount(),
+ }
+ }
+ if _, err := io.ReadFull(rand, params.salt()); err != nil {
+ return nil, err
+ }
+ return params, nil
+}
+
+// Parse reads a binary specification for a string-to-key transformation from r
+// and returns a function which performs that transform. If the S2K is a special
+// GNU extension that indicates that the private key is missing, then the error
+// returned is errors.ErrDummyPrivateKey.
+func Parse(r io.Reader) (f func(out, in []byte), err error) {
+ params, err := ParseIntoParams(r)
+ if err != nil {
+ return nil, err
+ }
+
+ return params.Function()
+}
+
+// ParseIntoParams reads a binary specification for a string-to-key
+// transformation from r and returns a struct describing the s2k parameters.
+func ParseIntoParams(r io.Reader) (params *Params, err error) {
+ var buf [Argon2SaltSize + 3]byte
+
+ _, err = io.ReadFull(r, buf[:1])
+ if err != nil {
+ return
+ }
+
+ params = &Params{
+ mode: Mode(buf[0]),
+ }
+
+ switch params.mode {
+ case SimpleS2K:
+ _, err = io.ReadFull(r, buf[:1])
+ if err != nil {
+ return nil, err
+ }
+ params.hashId = buf[0]
+ return params, nil
+ case SaltedS2K:
+ _, err = io.ReadFull(r, buf[:9])
+ if err != nil {
+ return nil, err
+ }
+ params.hashId = buf[0]
+ copy(params.salt(), buf[1:9])
+ return params, nil
+ case IteratedSaltedS2K:
+ _, err = io.ReadFull(r, buf[:10])
+ if err != nil {
+ return nil, err
+ }
+ params.hashId = buf[0]
+ copy(params.salt(), buf[1:9])
+ params.countByte = buf[9]
+ return params, nil
+ case Argon2S2K:
+ _, err = io.ReadFull(r, buf[:Argon2SaltSize+3])
+ if err != nil {
+ return nil, err
+ }
+ copy(params.salt(), buf[:Argon2SaltSize])
+ params.passes = buf[Argon2SaltSize]
+ params.parallelism = buf[Argon2SaltSize+1]
+ params.memoryExp = buf[Argon2SaltSize+2]
+ if err := validateArgon2Params(params); err != nil {
+ return nil, err
+ }
+ return params, nil
+ case GnuS2K:
+ // This is a GNU extension. See
+ // https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob;f=doc/DETAILS;h=fe55ae16ab4e26d8356dc574c9e8bc935e71aef1;hb=23191d7851eae2217ecdac6484349849a24fd94a#l1109
+ if _, err = io.ReadFull(r, buf[:5]); err != nil {
+ return nil, err
+ }
+ params.hashId = buf[0]
+ if buf[1] == 'G' && buf[2] == 'N' && buf[3] == 'U' && buf[4] == 1 {
+ return params, nil
+ }
+ return nil, errors.UnsupportedError("GNU S2K extension")
+ }
+
+ return nil, errors.UnsupportedError("S2K function")
+}
+
+func (params *Params) Mode() Mode {
+ return params.mode
+}
+
+func (params *Params) Dummy() bool {
+ return params != nil && params.mode == GnuS2K
+}
+
+func (params *Params) salt() []byte {
+ switch params.mode {
+ case SaltedS2K, IteratedSaltedS2K:
+ return params.saltBytes[:8]
+ case Argon2S2K:
+ return params.saltBytes[:Argon2SaltSize]
+ default:
+ return nil
+ }
+}
+
+func (params *Params) Function() (f func(out, in []byte), err error) {
+ if params.Dummy() {
+ return nil, errors.ErrDummyPrivateKey("dummy key found")
+ }
+ var hashObj crypto.Hash
+ if params.mode != Argon2S2K {
+ var ok bool
+ hashObj, ok = algorithm.HashIdToHashWithSha1(params.hashId)
+ if !ok {
+ return nil, errors.UnsupportedError("hash for S2K function: " + strconv.Itoa(int(params.hashId)))
+ }
+ if !hashObj.Available() {
+ return nil, errors.UnsupportedError("hash not available: " + strconv.Itoa(int(hashObj)))
+ }
+ }
+
+ switch params.mode {
+ case SimpleS2K:
+ f := func(out, in []byte) {
+ Simple(out, hashObj.New(), in)
+ }
+
+ return f, nil
+ case SaltedS2K:
+ f := func(out, in []byte) {
+ Salted(out, hashObj.New(), in, params.salt())
+ }
+
+ return f, nil
+ case IteratedSaltedS2K:
+ f := func(out, in []byte) {
+ Iterated(out, hashObj.New(), in, params.salt(), decodeCount(params.countByte))
+ }
+
+ return f, nil
+ case Argon2S2K:
+ f := func(out, in []byte) {
+ Argon2(out, in, params.salt(), params.passes, params.parallelism, params.memoryExp)
+ }
+ return f, nil
+ }
+
+ return nil, errors.UnsupportedError("S2K function")
+}
+
+func (params *Params) Serialize(w io.Writer) (err error) {
+ if _, err = w.Write([]byte{uint8(params.mode)}); err != nil {
+ return
+ }
+ if params.mode != Argon2S2K {
+ if _, err = w.Write([]byte{params.hashId}); err != nil {
+ return
+ }
+ }
+ if params.Dummy() {
+ _, err = w.Write(append([]byte("GNU"), 1))
+ return
+ }
+ if params.mode > 0 {
+ if _, err = w.Write(params.salt()); err != nil {
+ return
+ }
+ if params.mode == IteratedSaltedS2K {
+ _, err = w.Write([]byte{params.countByte})
+ }
+ if params.mode == Argon2S2K {
+ _, err = w.Write([]byte{params.passes, params.parallelism, params.memoryExp})
+ }
+ }
+ return
+}
+
+// Serialize salts and stretches the given passphrase and writes the
+// resulting key into key. It also serializes an S2K descriptor to
+// w. The key stretching can be configured with c, which may be
+// nil. In that case, sensible defaults will be used.
+func Serialize(w io.Writer, key []byte, rand io.Reader, passphrase []byte, c *Config) error {
+ params, err := Generate(rand, c)
+ if err != nil {
+ return err
+ }
+ err = params.Serialize(w)
+ if err != nil {
+ return err
+ }
+
+ f, err := params.Function()
+ if err != nil {
+ return err
+ }
+ f(key, passphrase)
+ return nil
+}
+
+// validateArgon2Params checks that the argon2 parameters are valid according to RFC9580.
+func validateArgon2Params(params *Params) error {
+ // The number of passes t and the degree of parallelism p MUST be non-zero.
+ if params.parallelism == 0 {
+ return errors.StructuralError("invalid argon2 params: parallelism is 0")
+ }
+ if params.passes == 0 {
+ return errors.StructuralError("invalid argon2 params: iterations is 0")
+ }
+
+ // The encoded memory size MUST be a value from 3+ceil(log2(p)) to 31,
+ // such that the decoded memory size m is a value from 8*p to 2^31.
+ if params.memoryExp > 31 || decodeMemory(params.memoryExp) < 8*uint32(params.parallelism) {
+ return errors.StructuralError("invalid argon2 params: memory is out of bounds")
+ }
+
+ return nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_cache.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_cache.go
new file mode 100644
index 0000000000000000000000000000000000000000..616e0d12c6c93d172654a65b7113d4dfa6e93ad0
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_cache.go
@@ -0,0 +1,26 @@
+package s2k
+
+// Cache stores keys derived with s2k functions from one passphrase
+// to avoid recomputation if multiple items are encrypted with
+// the same parameters.
+type Cache map[Params][]byte
+
+// GetOrComputeDerivedKey tries to retrieve the key
+// for the given s2k parameters from the cache.
+// If there is no hit, it derives the key with the s2k function from the passphrase,
+// updates the cache, and returns the key.
+func (c *Cache) GetOrComputeDerivedKey(passphrase []byte, params *Params, expectedKeySize int) ([]byte, error) {
+ key, found := (*c)[*params]
+ if !found || len(key) != expectedKeySize {
+ var err error
+ derivedKey := make([]byte, expectedKeySize)
+ s2k, err := params.Function()
+ if err != nil {
+ return nil, err
+ }
+ s2k(derivedKey, passphrase)
+ (*c)[*params] = key
+ return derivedKey, nil
+ }
+ return key, nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_config.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_config.go
new file mode 100644
index 0000000000000000000000000000000000000000..b93db1ab853e76d5c966f90776cbf2d3a2fa7f14
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/s2k/s2k_config.go
@@ -0,0 +1,129 @@
+package s2k
+
+import "crypto"
+
+// Config collects configuration parameters for s2k key-stretching
+// transformations. A nil *Config is valid and results in all default
+// values.
+type Config struct {
+ // S2K (String to Key) mode, used for key derivation in the context of secret key encryption
+ // and passphrase-encrypted data. Either s2k.Argon2S2K or s2k.IteratedSaltedS2K may be used.
+ // If the passphrase is a high-entropy key, indicated by setting PassphraseIsHighEntropy to true,
+ // s2k.SaltedS2K can also be used.
+ // Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it
+ //(pending standardisation).
+ // 0 (simple), 1(salted), 3(iterated), 4(argon2)
+ // 2(reserved) 100-110(private/experimental).
+ S2KMode Mode
+ // Only relevant if S2KMode is not set to s2k.Argon2S2K.
+ // Hash is the default hash function to be used. If
+ // nil, SHA256 is used.
+ Hash crypto.Hash
+ // Argon2 parameters for S2K (String to Key).
+ // Only relevant if S2KMode is set to s2k.Argon2S2K.
+ // If nil, default parameters are used.
+ // For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4.
+ Argon2Config *Argon2Config
+ // Only relevant if S2KMode is set to s2k.IteratedSaltedS2K.
+ // Iteration count for Iterated S2K (String to Key). It
+ // determines the strength of the passphrase stretching when
+ // the said passphrase is hashed to produce a key. S2KCount
+ // should be between 65536 and 65011712, inclusive. If Config
+ // is nil or S2KCount is 0, the value 16777216 used. Not all
+ // values in the above range can be represented. S2KCount will
+ // be rounded up to the next representable value if it cannot
+ // be encoded exactly. When set, it is strongly encrouraged to
+ // use a value that is at least 65536. See RFC 4880 Section
+ // 3.7.1.3.
+ S2KCount int
+ // Indicates whether the passphrase passed by the application is a
+ // high-entropy key (e.g. it's randomly generated or derived from
+ // another passphrase using a strong key derivation function).
+ // When true, allows the S2KMode to be s2k.SaltedS2K.
+ // When the passphrase is not a high-entropy key, using SaltedS2K is
+ // insecure, and not allowed by draft-ietf-openpgp-crypto-refresh-08.
+ PassphraseIsHighEntropy bool
+}
+
+// Argon2Config stores the Argon2 parameters
+// A nil *Argon2Config is valid and results in all default
+type Argon2Config struct {
+ NumberOfPasses uint8
+ DegreeOfParallelism uint8
+ // Memory specifies the desired Argon2 memory usage in kibibytes.
+ // For example memory=64*1024 sets the memory cost to ~64 MB.
+ Memory uint32
+}
+
+func (c *Config) Mode() Mode {
+ if c == nil {
+ return IteratedSaltedS2K
+ }
+ return c.S2KMode
+}
+
+func (c *Config) hash() crypto.Hash {
+ if c == nil || uint(c.Hash) == 0 {
+ return crypto.SHA256
+ }
+
+ return c.Hash
+}
+
+func (c *Config) Argon2() *Argon2Config {
+ if c == nil || c.Argon2Config == nil {
+ return nil
+ }
+ return c.Argon2Config
+}
+
+// EncodedCount get encoded count
+func (c *Config) EncodedCount() uint8 {
+ if c == nil || c.S2KCount == 0 {
+ return 224 // The common case. Corresponding to 16777216
+ }
+
+ i := c.S2KCount
+
+ switch {
+ case i < 65536:
+ i = 65536
+ case i > 65011712:
+ i = 65011712
+ }
+
+ return encodeCount(i)
+}
+
+func (c *Argon2Config) Passes() uint8 {
+ if c == nil || c.NumberOfPasses == 0 {
+ return 3
+ }
+ return c.NumberOfPasses
+}
+
+func (c *Argon2Config) Parallelism() uint8 {
+ if c == nil || c.DegreeOfParallelism == 0 {
+ return 4
+ }
+ return c.DegreeOfParallelism
+}
+
+func (c *Argon2Config) EncodedMemory() uint8 {
+ if c == nil || c.Memory == 0 {
+ return 16 // 64 MiB of RAM
+ }
+
+ memory := c.Memory
+ lowerBound := uint32(c.Parallelism()) * 8
+ upperBound := uint32(2147483648)
+
+ switch {
+ case memory < lowerBound:
+ memory = lowerBound
+ case memory > upperBound:
+ memory = upperBound
+ }
+
+ return encodeMemory(memory, c.Parallelism())
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/write.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/write.go
new file mode 100644
index 0000000000000000000000000000000000000000..b0f6ef7b092c22ec71d03d82994a1f7bcf0445c8
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/write.go
@@ -0,0 +1,620 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package openpgp
+
+import (
+ "crypto"
+ "hash"
+ "io"
+ "strconv"
+ "time"
+
+ "github.com/ProtonMail/go-crypto/openpgp/armor"
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ "github.com/ProtonMail/go-crypto/openpgp/internal/algorithm"
+ "github.com/ProtonMail/go-crypto/openpgp/packet"
+)
+
+// DetachSign signs message with the private key from signer (which must
+// already have been decrypted) and writes the signature to w.
+// If config is nil, sensible defaults will be used.
+func DetachSign(w io.Writer, signer *Entity, message io.Reader, config *packet.Config) error {
+ return detachSign(w, signer, message, packet.SigTypeBinary, config)
+}
+
+// ArmoredDetachSign signs message with the private key from signer (which
+// must already have been decrypted) and writes an armored signature to w.
+// If config is nil, sensible defaults will be used.
+func ArmoredDetachSign(w io.Writer, signer *Entity, message io.Reader, config *packet.Config) (err error) {
+ return armoredDetachSign(w, signer, message, packet.SigTypeBinary, config)
+}
+
+// DetachSignText signs message (after canonicalising the line endings) with
+// the private key from signer (which must already have been decrypted) and
+// writes the signature to w.
+// If config is nil, sensible defaults will be used.
+func DetachSignText(w io.Writer, signer *Entity, message io.Reader, config *packet.Config) error {
+ return detachSign(w, signer, message, packet.SigTypeText, config)
+}
+
+// ArmoredDetachSignText signs message (after canonicalising the line endings)
+// with the private key from signer (which must already have been decrypted)
+// and writes an armored signature to w.
+// If config is nil, sensible defaults will be used.
+func ArmoredDetachSignText(w io.Writer, signer *Entity, message io.Reader, config *packet.Config) error {
+ return armoredDetachSign(w, signer, message, packet.SigTypeText, config)
+}
+
+func armoredDetachSign(w io.Writer, signer *Entity, message io.Reader, sigType packet.SignatureType, config *packet.Config) (err error) {
+ out, err := armor.Encode(w, SignatureType, nil)
+ if err != nil {
+ return
+ }
+ err = detachSign(out, signer, message, sigType, config)
+ if err != nil {
+ return
+ }
+ return out.Close()
+}
+
+func detachSign(w io.Writer, signer *Entity, message io.Reader, sigType packet.SignatureType, config *packet.Config) (err error) {
+ signingKey, ok := signer.SigningKeyById(config.Now(), config.SigningKey())
+ if !ok {
+ return errors.InvalidArgumentError("no valid signing keys")
+ }
+ if signingKey.PrivateKey == nil {
+ return errors.InvalidArgumentError("signing key doesn't have a private key")
+ }
+ if signingKey.PrivateKey.Encrypted {
+ return errors.InvalidArgumentError("signing key is encrypted")
+ }
+ if _, ok := algorithm.HashToHashId(config.Hash()); !ok {
+ return errors.InvalidArgumentError("invalid hash function")
+ }
+
+ sig := createSignaturePacket(signingKey.PublicKey, sigType, config)
+
+ h, err := sig.PrepareSign(config)
+ if err != nil {
+ return
+ }
+ wrappedHash, err := wrapHashForSignature(h, sig.SigType)
+ if err != nil {
+ return
+ }
+ if _, err = io.Copy(wrappedHash, message); err != nil {
+ return err
+ }
+
+ err = sig.Sign(h, signingKey.PrivateKey, config)
+ if err != nil {
+ return
+ }
+
+ return sig.Serialize(w)
+}
+
+// FileHints contains metadata about encrypted files. This metadata is, itself,
+// encrypted.
+type FileHints struct {
+ // IsBinary can be set to hint that the contents are binary data.
+ IsBinary bool
+ // FileName hints at the name of the file that should be written. It's
+ // truncated to 255 bytes if longer. It may be empty to suggest that the
+ // file should not be written to disk. It may be equal to "_CONSOLE" to
+ // suggest the data should not be written to disk.
+ FileName string
+ // ModTime contains the modification time of the file, or the zero time if not applicable.
+ ModTime time.Time
+}
+
+// SymmetricallyEncrypt acts like gpg -c: it encrypts a file with a passphrase.
+// The resulting WriteCloser must be closed after the contents of the file have
+// been written.
+// If config is nil, sensible defaults will be used.
+func SymmetricallyEncrypt(ciphertext io.Writer, passphrase []byte, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
+ if hints == nil {
+ hints = &FileHints{}
+ }
+
+ key, err := packet.SerializeSymmetricKeyEncrypted(ciphertext, passphrase, config)
+ if err != nil {
+ return
+ }
+
+ var w io.WriteCloser
+ cipherSuite := packet.CipherSuite{
+ Cipher: config.Cipher(),
+ Mode: config.AEAD().Mode(),
+ }
+ w, err = packet.SerializeSymmetricallyEncrypted(ciphertext, config.Cipher(), config.AEAD() != nil, cipherSuite, key, config)
+ if err != nil {
+ return
+ }
+
+ literalData := w
+ if algo := config.Compression(); algo != packet.CompressionNone {
+ var compConfig *packet.CompressionConfig
+ if config != nil {
+ compConfig = config.CompressionConfig
+ }
+ literalData, err = packet.SerializeCompressed(w, algo, compConfig)
+ if err != nil {
+ return
+ }
+ }
+
+ var epochSeconds uint32
+ if !hints.ModTime.IsZero() {
+ epochSeconds = uint32(hints.ModTime.Unix())
+ }
+ return packet.SerializeLiteral(literalData, hints.IsBinary, hints.FileName, epochSeconds)
+}
+
+// intersectPreferences mutates and returns a prefix of a that contains only
+// the values in the intersection of a and b. The order of a is preserved.
+func intersectPreferences(a []uint8, b []uint8) (intersection []uint8) {
+ var j int
+ for _, v := range a {
+ for _, v2 := range b {
+ if v == v2 {
+ a[j] = v
+ j++
+ break
+ }
+ }
+ }
+
+ return a[:j]
+}
+
+// intersectPreferences mutates and returns a prefix of a that contains only
+// the values in the intersection of a and b. The order of a is preserved.
+func intersectCipherSuites(a [][2]uint8, b [][2]uint8) (intersection [][2]uint8) {
+ var j int
+ for _, v := range a {
+ for _, v2 := range b {
+ if v[0] == v2[0] && v[1] == v2[1] {
+ a[j] = v
+ j++
+ break
+ }
+ }
+ }
+
+ return a[:j]
+}
+
+func hashToHashId(h crypto.Hash) uint8 {
+ v, ok := algorithm.HashToHashId(h)
+ if !ok {
+ panic("tried to convert unknown hash")
+ }
+ return v
+}
+
+// EncryptText encrypts a message to a number of recipients and, optionally,
+// signs it. Optional information is contained in 'hints', also encrypted, that
+// aids the recipients in processing the message. The resulting WriteCloser
+// must be closed after the contents of the file have been written. If config
+// is nil, sensible defaults will be used. The signing is done in text mode.
+func EncryptText(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
+ return encrypt(ciphertext, ciphertext, to, signed, hints, packet.SigTypeText, config)
+}
+
+// Encrypt encrypts a message to a number of recipients and, optionally, signs
+// it. hints contains optional information, that is also encrypted, that aids
+// the recipients in processing the message. The resulting WriteCloser must
+// be closed after the contents of the file have been written.
+// If config is nil, sensible defaults will be used.
+func Encrypt(ciphertext io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
+ return encrypt(ciphertext, ciphertext, to, signed, hints, packet.SigTypeBinary, config)
+}
+
+// EncryptSplit encrypts a message to a number of recipients and, optionally, signs
+// it. hints contains optional information, that is also encrypted, that aids
+// the recipients in processing the message. The resulting WriteCloser must
+// be closed after the contents of the file have been written.
+// If config is nil, sensible defaults will be used.
+func EncryptSplit(keyWriter io.Writer, dataWriter io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
+ return encrypt(keyWriter, dataWriter, to, signed, hints, packet.SigTypeBinary, config)
+}
+
+// EncryptTextSplit encrypts a message to a number of recipients and, optionally, signs
+// it. hints contains optional information, that is also encrypted, that aids
+// the recipients in processing the message. The resulting WriteCloser must
+// be closed after the contents of the file have been written.
+// If config is nil, sensible defaults will be used.
+func EncryptTextSplit(keyWriter io.Writer, dataWriter io.Writer, to []*Entity, signed *Entity, hints *FileHints, config *packet.Config) (plaintext io.WriteCloser, err error) {
+ return encrypt(keyWriter, dataWriter, to, signed, hints, packet.SigTypeText, config)
+}
+
+// writeAndSign writes the data as a payload package and, optionally, signs
+// it. hints contains optional information, that is also encrypted,
+// that aids the recipients in processing the message. The resulting
+// WriteCloser must be closed after the contents of the file have been
+// written. If config is nil, sensible defaults will be used.
+func writeAndSign(payload io.WriteCloser, candidateHashes []uint8, signed *Entity, hints *FileHints, sigType packet.SignatureType, config *packet.Config) (plaintext io.WriteCloser, err error) {
+ var signer *packet.PrivateKey
+ if signed != nil {
+ signKey, ok := signed.SigningKeyById(config.Now(), config.SigningKey())
+ if !ok {
+ return nil, errors.InvalidArgumentError("no valid signing keys")
+ }
+ signer = signKey.PrivateKey
+ if signer == nil {
+ return nil, errors.InvalidArgumentError("no private key in signing key")
+ }
+ if signer.Encrypted {
+ return nil, errors.InvalidArgumentError("signing key must be decrypted")
+ }
+ }
+
+ var hash crypto.Hash
+ for _, hashId := range candidateHashes {
+ if h, ok := algorithm.HashIdToHash(hashId); ok && h.Available() {
+ hash = h
+ break
+ }
+ }
+
+ // If the hash specified by config is a candidate, we'll use that.
+ if configuredHash := config.Hash(); configuredHash.Available() {
+ for _, hashId := range candidateHashes {
+ if h, ok := algorithm.HashIdToHash(hashId); ok && h == configuredHash {
+ hash = h
+ break
+ }
+ }
+ }
+
+ if hash == 0 {
+ hashId := candidateHashes[0]
+ name, ok := algorithm.HashIdToString(hashId)
+ if !ok {
+ name = "#" + strconv.Itoa(int(hashId))
+ }
+ return nil, errors.InvalidArgumentError("cannot encrypt because no candidate hash functions are compiled in. (Wanted " + name + " in this case.)")
+ }
+
+ var salt []byte
+ if signer != nil {
+ var opsVersion = 3
+ if signer.Version == 6 {
+ opsVersion = signer.Version
+ }
+ ops := &packet.OnePassSignature{
+ Version: opsVersion,
+ SigType: sigType,
+ Hash: hash,
+ PubKeyAlgo: signer.PubKeyAlgo,
+ KeyId: signer.KeyId,
+ IsLast: true,
+ }
+ if opsVersion == 6 {
+ ops.KeyFingerprint = signer.Fingerprint
+ salt, err = packet.SignatureSaltForHash(hash, config.Random())
+ if err != nil {
+ return nil, err
+ }
+ ops.Salt = salt
+ }
+ if err := ops.Serialize(payload); err != nil {
+ return nil, err
+ }
+ }
+
+ if hints == nil {
+ hints = &FileHints{}
+ }
+
+ w := payload
+ if signer != nil {
+ // If we need to write a signature packet after the literal
+ // data then we need to stop literalData from closing
+ // encryptedData.
+ w = noOpCloser{w}
+
+ }
+ var epochSeconds uint32
+ if !hints.ModTime.IsZero() {
+ epochSeconds = uint32(hints.ModTime.Unix())
+ }
+ literalData, err := packet.SerializeLiteral(w, hints.IsBinary, hints.FileName, epochSeconds)
+ if err != nil {
+ return nil, err
+ }
+
+ if signer != nil {
+ h, wrappedHash, err := hashForSignature(hash, sigType, salt)
+ if err != nil {
+ return nil, err
+ }
+ metadata := &packet.LiteralData{
+ Format: 'u',
+ FileName: hints.FileName,
+ Time: epochSeconds,
+ }
+ if hints.IsBinary {
+ metadata.Format = 'b'
+ }
+ return signatureWriter{payload, literalData, hash, wrappedHash, h, salt, signer, sigType, config, metadata}, nil
+ }
+ return literalData, nil
+}
+
+// encrypt encrypts a message to a number of recipients and, optionally, signs
+// it. hints contains optional information, that is also encrypted, that aids
+// the recipients in processing the message. The resulting WriteCloser must
+// be closed after the contents of the file have been written.
+// If config is nil, sensible defaults will be used.
+func encrypt(keyWriter io.Writer, dataWriter io.Writer, to []*Entity, signed *Entity, hints *FileHints, sigType packet.SignatureType, config *packet.Config) (plaintext io.WriteCloser, err error) {
+ if len(to) == 0 {
+ return nil, errors.InvalidArgumentError("no encryption recipient provided")
+ }
+
+ // These are the possible ciphers that we'll use for the message.
+ candidateCiphers := []uint8{
+ uint8(packet.CipherAES256),
+ uint8(packet.CipherAES128),
+ }
+
+ // These are the possible hash functions that we'll use for the signature.
+ candidateHashes := []uint8{
+ hashToHashId(crypto.SHA256),
+ hashToHashId(crypto.SHA384),
+ hashToHashId(crypto.SHA512),
+ hashToHashId(crypto.SHA3_256),
+ hashToHashId(crypto.SHA3_512),
+ }
+
+ // Prefer GCM if everyone supports it
+ candidateCipherSuites := [][2]uint8{
+ {uint8(packet.CipherAES256), uint8(packet.AEADModeGCM)},
+ {uint8(packet.CipherAES256), uint8(packet.AEADModeEAX)},
+ {uint8(packet.CipherAES256), uint8(packet.AEADModeOCB)},
+ {uint8(packet.CipherAES128), uint8(packet.AEADModeGCM)},
+ {uint8(packet.CipherAES128), uint8(packet.AEADModeEAX)},
+ {uint8(packet.CipherAES128), uint8(packet.AEADModeOCB)},
+ }
+
+ candidateCompression := []uint8{
+ uint8(packet.CompressionNone),
+ uint8(packet.CompressionZIP),
+ uint8(packet.CompressionZLIB),
+ }
+
+ encryptKeys := make([]Key, len(to))
+
+ // AEAD is used only if config enables it and every key supports it
+ aeadSupported := config.AEAD() != nil
+
+ for i := range to {
+ var ok bool
+ encryptKeys[i], ok = to[i].EncryptionKey(config.Now())
+ if !ok {
+ return nil, errors.InvalidArgumentError("cannot encrypt a message to key id " + strconv.FormatUint(to[i].PrimaryKey.KeyId, 16) + " because it has no valid encryption keys")
+ }
+
+ primarySelfSignature, _ := to[i].PrimarySelfSignature()
+ if primarySelfSignature == nil {
+ return nil, errors.InvalidArgumentError("entity without a self-signature")
+ }
+
+ if !primarySelfSignature.SEIPDv2 {
+ aeadSupported = false
+ }
+
+ candidateCiphers = intersectPreferences(candidateCiphers, primarySelfSignature.PreferredSymmetric)
+ candidateHashes = intersectPreferences(candidateHashes, primarySelfSignature.PreferredHash)
+ candidateCipherSuites = intersectCipherSuites(candidateCipherSuites, primarySelfSignature.PreferredCipherSuites)
+ candidateCompression = intersectPreferences(candidateCompression, primarySelfSignature.PreferredCompression)
+ }
+
+ // In the event that the intersection of supported algorithms is empty we use the ones
+ // labelled as MUST that every implementation supports.
+ if len(candidateCiphers) == 0 {
+ // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-9.3
+ candidateCiphers = []uint8{uint8(packet.CipherAES128)}
+ }
+ if len(candidateHashes) == 0 {
+ // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#hash-algos
+ candidateHashes = []uint8{hashToHashId(crypto.SHA256)}
+ }
+ if len(candidateCipherSuites) == 0 {
+ // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-9.6
+ candidateCipherSuites = [][2]uint8{{uint8(packet.CipherAES128), uint8(packet.AEADModeOCB)}}
+ }
+
+ cipher := packet.CipherFunction(candidateCiphers[0])
+ aeadCipherSuite := packet.CipherSuite{
+ Cipher: packet.CipherFunction(candidateCipherSuites[0][0]),
+ Mode: packet.AEADMode(candidateCipherSuites[0][1]),
+ }
+
+ // If the cipher specified by config is a candidate, we'll use that.
+ configuredCipher := config.Cipher()
+ for _, c := range candidateCiphers {
+ cipherFunc := packet.CipherFunction(c)
+ if cipherFunc == configuredCipher {
+ cipher = cipherFunc
+ break
+ }
+ }
+
+ var symKey []byte
+ if aeadSupported {
+ symKey = make([]byte, aeadCipherSuite.Cipher.KeySize())
+ } else {
+ symKey = make([]byte, cipher.KeySize())
+ }
+
+ if _, err := io.ReadFull(config.Random(), symKey); err != nil {
+ return nil, err
+ }
+
+ for _, key := range encryptKeys {
+ if err := packet.SerializeEncryptedKeyAEAD(keyWriter, key.PublicKey, cipher, aeadSupported, symKey, config); err != nil {
+ return nil, err
+ }
+ }
+
+ var payload io.WriteCloser
+ payload, err = packet.SerializeSymmetricallyEncrypted(dataWriter, cipher, aeadSupported, aeadCipherSuite, symKey, config)
+ if err != nil {
+ return
+ }
+
+ payload, err = handleCompression(payload, candidateCompression, config)
+ if err != nil {
+ return nil, err
+ }
+
+ return writeAndSign(payload, candidateHashes, signed, hints, sigType, config)
+}
+
+// Sign signs a message. The resulting WriteCloser must be closed after the
+// contents of the file have been written. hints contains optional information
+// that aids the recipients in processing the message.
+// If config is nil, sensible defaults will be used.
+func Sign(output io.Writer, signed *Entity, hints *FileHints, config *packet.Config) (input io.WriteCloser, err error) {
+ if signed == nil {
+ return nil, errors.InvalidArgumentError("no signer provided")
+ }
+
+ // These are the possible hash functions that we'll use for the signature.
+ candidateHashes := []uint8{
+ hashToHashId(crypto.SHA256),
+ hashToHashId(crypto.SHA384),
+ hashToHashId(crypto.SHA512),
+ hashToHashId(crypto.SHA3_256),
+ hashToHashId(crypto.SHA3_512),
+ }
+ defaultHashes := candidateHashes[0:1]
+ primarySelfSignature, _ := signed.PrimarySelfSignature()
+ if primarySelfSignature == nil {
+ return nil, errors.StructuralError("signed entity has no self-signature")
+ }
+ preferredHashes := primarySelfSignature.PreferredHash
+ if len(preferredHashes) == 0 {
+ preferredHashes = defaultHashes
+ }
+ candidateHashes = intersectPreferences(candidateHashes, preferredHashes)
+ if len(candidateHashes) == 0 {
+ return nil, errors.StructuralError("cannot sign because signing key shares no common algorithms with candidate hashes")
+ }
+
+ return writeAndSign(noOpCloser{output}, candidateHashes, signed, hints, packet.SigTypeBinary, config)
+}
+
+// signatureWriter hashes the contents of a message while passing it along to
+// literalData. When closed, it closes literalData, writes a signature packet
+// to encryptedData and then also closes encryptedData.
+type signatureWriter struct {
+ encryptedData io.WriteCloser
+ literalData io.WriteCloser
+ hashType crypto.Hash
+ wrappedHash hash.Hash
+ h hash.Hash
+ salt []byte // v6 only
+ signer *packet.PrivateKey
+ sigType packet.SignatureType
+ config *packet.Config
+ metadata *packet.LiteralData // V5 signatures protect document metadata
+}
+
+func (s signatureWriter) Write(data []byte) (int, error) {
+ s.wrappedHash.Write(data)
+ switch s.sigType {
+ case packet.SigTypeBinary:
+ return s.literalData.Write(data)
+ case packet.SigTypeText:
+ flag := 0
+ return writeCanonical(s.literalData, data, &flag)
+ }
+ return 0, errors.UnsupportedError("unsupported signature type: " + strconv.Itoa(int(s.sigType)))
+}
+
+func (s signatureWriter) Close() error {
+ sig := createSignaturePacket(&s.signer.PublicKey, s.sigType, s.config)
+ sig.Hash = s.hashType
+ sig.Metadata = s.metadata
+
+ if err := sig.SetSalt(s.salt); err != nil {
+ return err
+ }
+
+ if err := sig.Sign(s.h, s.signer, s.config); err != nil {
+ return err
+ }
+ if err := s.literalData.Close(); err != nil {
+ return err
+ }
+ if err := sig.Serialize(s.encryptedData); err != nil {
+ return err
+ }
+ return s.encryptedData.Close()
+}
+
+func createSignaturePacket(signer *packet.PublicKey, sigType packet.SignatureType, config *packet.Config) *packet.Signature {
+ sigLifetimeSecs := config.SigLifetime()
+ return &packet.Signature{
+ Version: signer.Version,
+ SigType: sigType,
+ PubKeyAlgo: signer.PubKeyAlgo,
+ Hash: config.Hash(),
+ CreationTime: config.Now(),
+ IssuerKeyId: &signer.KeyId,
+ IssuerFingerprint: signer.Fingerprint,
+ Notations: config.Notations(),
+ SigLifetimeSecs: &sigLifetimeSecs,
+ }
+}
+
+// noOpCloser is like an ioutil.NopCloser, but for an io.Writer.
+// TODO: we have two of these in OpenPGP packages alone. This probably needs
+// to be promoted somewhere more common.
+type noOpCloser struct {
+ w io.Writer
+}
+
+func (c noOpCloser) Write(data []byte) (n int, err error) {
+ return c.w.Write(data)
+}
+
+func (c noOpCloser) Close() error {
+ return nil
+}
+
+func handleCompression(compressed io.WriteCloser, candidateCompression []uint8, config *packet.Config) (data io.WriteCloser, err error) {
+ data = compressed
+ confAlgo := config.Compression()
+ if confAlgo == packet.CompressionNone {
+ return
+ }
+
+ // Set algorithm labelled as MUST as fallback
+ // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-9.4
+ finalAlgo := packet.CompressionNone
+ // if compression specified by config available we will use it
+ for _, c := range candidateCompression {
+ if uint8(confAlgo) == c {
+ finalAlgo = confAlgo
+ break
+ }
+ }
+
+ if finalAlgo != packet.CompressionNone {
+ var compConfig *packet.CompressionConfig
+ if config != nil {
+ compConfig = config.CompressionConfig
+ }
+ data, err = packet.SerializeCompressed(compressed, finalAlgo, compConfig)
+ if err != nil {
+ return
+ }
+ }
+ return data, nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/x25519/x25519.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/x25519/x25519.go
new file mode 100644
index 0000000000000000000000000000000000000000..38afcc74fa3b983e709e7c5a69da7e92319ca931
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/x25519/x25519.go
@@ -0,0 +1,221 @@
+package x25519
+
+import (
+ "crypto/sha256"
+ "crypto/subtle"
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/aes/keywrap"
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ x25519lib "github.com/cloudflare/circl/dh/x25519"
+ "golang.org/x/crypto/hkdf"
+)
+
+const (
+ hkdfInfo = "OpenPGP X25519"
+ aes128KeySize = 16
+ // The size of a public or private key in bytes.
+ KeySize = x25519lib.Size
+)
+
+type PublicKey struct {
+ // Point represents the encoded elliptic curve point of the public key.
+ Point []byte
+}
+
+type PrivateKey struct {
+ PublicKey
+ // Secret represents the secret of the private key.
+ Secret []byte
+}
+
+// NewPrivateKey creates a new empty private key including the public key.
+func NewPrivateKey(key PublicKey) *PrivateKey {
+ return &PrivateKey{
+ PublicKey: key,
+ }
+}
+
+// Validate validates that the provided public key matches the private key.
+func Validate(pk *PrivateKey) (err error) {
+ var expectedPublicKey, privateKey x25519lib.Key
+ subtle.ConstantTimeCopy(1, privateKey[:], pk.Secret)
+ x25519lib.KeyGen(&expectedPublicKey, &privateKey)
+ if subtle.ConstantTimeCompare(expectedPublicKey[:], pk.PublicKey.Point) == 0 {
+ return errors.KeyInvalidError("x25519: invalid key")
+ }
+ return nil
+}
+
+// GenerateKey generates a new x25519 key pair.
+func GenerateKey(rand io.Reader) (*PrivateKey, error) {
+ var privateKey, publicKey x25519lib.Key
+ privateKeyOut := new(PrivateKey)
+ err := generateKey(rand, &privateKey, &publicKey)
+ if err != nil {
+ return nil, err
+ }
+ privateKeyOut.PublicKey.Point = publicKey[:]
+ privateKeyOut.Secret = privateKey[:]
+ return privateKeyOut, nil
+}
+
+func generateKey(rand io.Reader, privateKey *x25519lib.Key, publicKey *x25519lib.Key) error {
+ maxRounds := 10
+ isZero := true
+ for round := 0; isZero; round++ {
+ if round == maxRounds {
+ return errors.InvalidArgumentError("x25519: zero keys only, randomness source might be corrupt")
+ }
+ _, err := io.ReadFull(rand, privateKey[:])
+ if err != nil {
+ return err
+ }
+ isZero = constantTimeIsZero(privateKey[:])
+ }
+ x25519lib.KeyGen(publicKey, privateKey)
+ return nil
+}
+
+// Encrypt encrypts a sessionKey with x25519 according to
+// the OpenPGP crypto refresh specification section 5.1.6. The function assumes that the
+// sessionKey has the correct format and padding according to the specification.
+func Encrypt(rand io.Reader, publicKey *PublicKey, sessionKey []byte) (ephemeralPublicKey *PublicKey, encryptedSessionKey []byte, err error) {
+ var ephemeralPrivate, ephemeralPublic, staticPublic, shared x25519lib.Key
+ // Check that the input static public key has 32 bytes
+ if len(publicKey.Point) != KeySize {
+ err = errors.KeyInvalidError("x25519: the public key has the wrong size")
+ return
+ }
+ copy(staticPublic[:], publicKey.Point)
+ // Generate ephemeral keyPair
+ err = generateKey(rand, &ephemeralPrivate, &ephemeralPublic)
+ if err != nil {
+ return
+ }
+ // Compute shared key
+ ok := x25519lib.Shared(&shared, &ephemeralPrivate, &staticPublic)
+ if !ok {
+ err = errors.KeyInvalidError("x25519: the public key is a low order point")
+ return
+ }
+ // Derive the encryption key from the shared secret
+ encryptionKey := applyHKDF(ephemeralPublic[:], publicKey.Point[:], shared[:])
+ ephemeralPublicKey = &PublicKey{
+ Point: ephemeralPublic[:],
+ }
+ // Encrypt the sessionKey with aes key wrapping
+ encryptedSessionKey, err = keywrap.Wrap(encryptionKey, sessionKey)
+ return
+}
+
+// Decrypt decrypts a session key stored in ciphertext with the provided x25519
+// private key and ephemeral public key.
+func Decrypt(privateKey *PrivateKey, ephemeralPublicKey *PublicKey, ciphertext []byte) (encodedSessionKey []byte, err error) {
+ var ephemeralPublic, staticPrivate, shared x25519lib.Key
+ // Check that the input ephemeral public key has 32 bytes
+ if len(ephemeralPublicKey.Point) != KeySize {
+ err = errors.KeyInvalidError("x25519: the public key has the wrong size")
+ return
+ }
+ copy(ephemeralPublic[:], ephemeralPublicKey.Point)
+ subtle.ConstantTimeCopy(1, staticPrivate[:], privateKey.Secret)
+ // Compute shared key
+ ok := x25519lib.Shared(&shared, &staticPrivate, &ephemeralPublic)
+ if !ok {
+ err = errors.KeyInvalidError("x25519: the ephemeral public key is a low order point")
+ return
+ }
+ // Derive the encryption key from the shared secret
+ encryptionKey := applyHKDF(ephemeralPublicKey.Point[:], privateKey.PublicKey.Point[:], shared[:])
+ // Decrypt the session key with aes key wrapping
+ encodedSessionKey, err = keywrap.Unwrap(encryptionKey, ciphertext)
+ return
+}
+
+func applyHKDF(ephemeralPublicKey []byte, publicKey []byte, sharedSecret []byte) []byte {
+ inputKey := make([]byte, 3*KeySize)
+ // ephemeral public key | recipient public key | shared secret
+ subtle.ConstantTimeCopy(1, inputKey[:KeySize], ephemeralPublicKey)
+ subtle.ConstantTimeCopy(1, inputKey[KeySize:2*KeySize], publicKey)
+ subtle.ConstantTimeCopy(1, inputKey[2*KeySize:], sharedSecret)
+ hkdfReader := hkdf.New(sha256.New, inputKey, []byte{}, []byte(hkdfInfo))
+ encryptionKey := make([]byte, aes128KeySize)
+ _, _ = io.ReadFull(hkdfReader, encryptionKey)
+ return encryptionKey
+}
+
+func constantTimeIsZero(bytes []byte) bool {
+ isZero := byte(0)
+ for _, b := range bytes {
+ isZero |= b
+ }
+ return isZero == 0
+}
+
+// ENCODING/DECODING ciphertexts:
+
+// EncodeFieldsLength returns the length of the ciphertext encoding
+// given the encrypted session key.
+func EncodedFieldsLength(encryptedSessionKey []byte, v6 bool) int {
+ lenCipherFunction := 0
+ if !v6 {
+ lenCipherFunction = 1
+ }
+ return KeySize + 1 + len(encryptedSessionKey) + lenCipherFunction
+}
+
+// EncodeField encodes x25519 session key encryption fields as
+// ephemeral x25519 public key | follow byte length | cipherFunction (v3 only) | encryptedSessionKey
+// and writes it to writer.
+func EncodeFields(writer io.Writer, ephemeralPublicKey *PublicKey, encryptedSessionKey []byte, cipherFunction byte, v6 bool) (err error) {
+ lenAlgorithm := 0
+ if !v6 {
+ lenAlgorithm = 1
+ }
+ if _, err = writer.Write(ephemeralPublicKey.Point); err != nil {
+ return err
+ }
+ if _, err = writer.Write([]byte{byte(len(encryptedSessionKey) + lenAlgorithm)}); err != nil {
+ return err
+ }
+ if !v6 {
+ if _, err = writer.Write([]byte{cipherFunction}); err != nil {
+ return err
+ }
+ }
+ _, err = writer.Write(encryptedSessionKey)
+ return err
+}
+
+// DecodeField decodes a x25519 session key encryption as
+// ephemeral x25519 public key | follow byte length | cipherFunction (v3 only) | encryptedSessionKey.
+func DecodeFields(reader io.Reader, v6 bool) (ephemeralPublicKey *PublicKey, encryptedSessionKey []byte, cipherFunction byte, err error) {
+ var buf [1]byte
+ ephemeralPublicKey = &PublicKey{
+ Point: make([]byte, KeySize),
+ }
+ // 32 octets representing an ephemeral x25519 public key.
+ if _, err = io.ReadFull(reader, ephemeralPublicKey.Point); err != nil {
+ return nil, nil, 0, err
+ }
+ // A one-octet size of the following fields.
+ if _, err = io.ReadFull(reader, buf[:]); err != nil {
+ return nil, nil, 0, err
+ }
+ followingLen := buf[0]
+ // The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet).
+ if !v6 {
+ if _, err = io.ReadFull(reader, buf[:]); err != nil {
+ return nil, nil, 0, err
+ }
+ cipherFunction = buf[0]
+ followingLen -= 1
+ }
+ // The encrypted session key.
+ encryptedSessionKey = make([]byte, followingLen)
+ if _, err = io.ReadFull(reader, encryptedSessionKey); err != nil {
+ return nil, nil, 0, err
+ }
+ return ephemeralPublicKey, encryptedSessionKey, cipherFunction, nil
+}
diff --git a/vendor/github.com/ProtonMail/go-crypto/openpgp/x448/x448.go b/vendor/github.com/ProtonMail/go-crypto/openpgp/x448/x448.go
new file mode 100644
index 0000000000000000000000000000000000000000..65a082dabd7cc9a9adede75aba9e528fb80fcb25
--- /dev/null
+++ b/vendor/github.com/ProtonMail/go-crypto/openpgp/x448/x448.go
@@ -0,0 +1,229 @@
+package x448
+
+import (
+ "crypto/sha512"
+ "crypto/subtle"
+ "io"
+
+ "github.com/ProtonMail/go-crypto/openpgp/aes/keywrap"
+ "github.com/ProtonMail/go-crypto/openpgp/errors"
+ x448lib "github.com/cloudflare/circl/dh/x448"
+ "golang.org/x/crypto/hkdf"
+)
+
+const (
+ hkdfInfo = "OpenPGP X448"
+ aes256KeySize = 32
+ // The size of a public or private key in bytes.
+ KeySize = x448lib.Size
+)
+
+type PublicKey struct {
+ // Point represents the encoded elliptic curve point of the public key.
+ Point []byte
+}
+
+type PrivateKey struct {
+ PublicKey
+ // Secret represents the secret of the private key.
+ Secret []byte
+}
+
+// NewPrivateKey creates a new empty private key including the public key.
+func NewPrivateKey(key PublicKey) *PrivateKey {
+ return &PrivateKey{
+ PublicKey: key,
+ }
+}
+
+// Validate validates that the provided public key matches
+// the private key.
+func Validate(pk *PrivateKey) (err error) {
+ var expectedPublicKey, privateKey x448lib.Key
+ subtle.ConstantTimeCopy(1, privateKey[:], pk.Secret)
+ x448lib.KeyGen(&expectedPublicKey, &privateKey)
+ if subtle.ConstantTimeCompare(expectedPublicKey[:], pk.PublicKey.Point) == 0 {
+ return errors.KeyInvalidError("x448: invalid key")
+ }
+ return nil
+}
+
+// GenerateKey generates a new x448 key pair.
+func GenerateKey(rand io.Reader) (*PrivateKey, error) {
+ var privateKey, publicKey x448lib.Key
+ privateKeyOut := new(PrivateKey)
+ err := generateKey(rand, &privateKey, &publicKey)
+ if err != nil {
+ return nil, err
+ }
+ privateKeyOut.PublicKey.Point = publicKey[:]
+ privateKeyOut.Secret = privateKey[:]
+ return privateKeyOut, nil
+}
+
+func generateKey(rand io.Reader, privateKey *x448lib.Key, publicKey *x448lib.Key) error {
+ maxRounds := 10
+ isZero := true
+ for round := 0; isZero; round++ {
+ if round == maxRounds {
+ return errors.InvalidArgumentError("x448: zero keys only, randomness source might be corrupt")
+ }
+ _, err := io.ReadFull(rand, privateKey[:])
+ if err != nil {
+ return err
+ }
+ isZero = constantTimeIsZero(privateKey[:])
+ }
+ x448lib.KeyGen(publicKey, privateKey)
+ return nil
+}
+
+// Encrypt encrypts a sessionKey with x448 according to
+// the OpenPGP crypto refresh specification section 5.1.7. The function assumes that the
+// sessionKey has the correct format and padding according to the specification.
+func Encrypt(rand io.Reader, publicKey *PublicKey, sessionKey []byte) (ephemeralPublicKey *PublicKey, encryptedSessionKey []byte, err error) {
+ var ephemeralPrivate, ephemeralPublic, staticPublic, shared x448lib.Key
+ // Check that the input static public key has 56 bytes.
+ if len(publicKey.Point) != KeySize {
+ err = errors.KeyInvalidError("x448: the public key has the wrong size")
+ return nil, nil, err
+ }
+ copy(staticPublic[:], publicKey.Point)
+ // Generate ephemeral keyPair.
+ if err = generateKey(rand, &ephemeralPrivate, &ephemeralPublic); err != nil {
+ return nil, nil, err
+ }
+ // Compute shared key.
+ ok := x448lib.Shared(&shared, &ephemeralPrivate, &staticPublic)
+ if !ok {
+ err = errors.KeyInvalidError("x448: the public key is a low order point")
+ return nil, nil, err
+ }
+ // Derive the encryption key from the shared secret.
+ encryptionKey := applyHKDF(ephemeralPublic[:], publicKey.Point[:], shared[:])
+ ephemeralPublicKey = &PublicKey{
+ Point: ephemeralPublic[:],
+ }
+ // Encrypt the sessionKey with aes key wrapping.
+ encryptedSessionKey, err = keywrap.Wrap(encryptionKey, sessionKey)
+ if err != nil {
+ return nil, nil, err
+ }
+ return ephemeralPublicKey, encryptedSessionKey, nil
+}
+
+// Decrypt decrypts a session key stored in ciphertext with the provided x448
+// private key and ephemeral public key.
+func Decrypt(privateKey *PrivateKey, ephemeralPublicKey *PublicKey, ciphertext []byte) (encodedSessionKey []byte, err error) {
+ var ephemeralPublic, staticPrivate, shared x448lib.Key
+ // Check that the input ephemeral public key has 56 bytes.
+ if len(ephemeralPublicKey.Point) != KeySize {
+ err = errors.KeyInvalidError("x448: the public key has the wrong size")
+ return nil, err
+ }
+ copy(ephemeralPublic[:], ephemeralPublicKey.Point)
+ subtle.ConstantTimeCopy(1, staticPrivate[:], privateKey.Secret)
+ // Compute shared key.
+ ok := x448lib.Shared(&shared, &staticPrivate, &ephemeralPublic)
+ if !ok {
+ err = errors.KeyInvalidError("x448: the ephemeral public key is a low order point")
+ return nil, err
+ }
+ // Derive the encryption key from the shared secret.
+ encryptionKey := applyHKDF(ephemeralPublicKey.Point[:], privateKey.PublicKey.Point[:], shared[:])
+ // Decrypt the session key with aes key wrapping.
+ encodedSessionKey, err = keywrap.Unwrap(encryptionKey, ciphertext)
+ if err != nil {
+ return nil, err
+ }
+ return encodedSessionKey, nil
+}
+
+func applyHKDF(ephemeralPublicKey []byte, publicKey []byte, sharedSecret []byte) []byte {
+ inputKey := make([]byte, 3*KeySize)
+ // ephemeral public key | recipient public key | shared secret.
+ subtle.ConstantTimeCopy(1, inputKey[:KeySize], ephemeralPublicKey)
+ subtle.ConstantTimeCopy(1, inputKey[KeySize:2*KeySize], publicKey)
+ subtle.ConstantTimeCopy(1, inputKey[2*KeySize:], sharedSecret)
+ hkdfReader := hkdf.New(sha512.New, inputKey, []byte{}, []byte(hkdfInfo))
+ encryptionKey := make([]byte, aes256KeySize)
+ _, _ = io.ReadFull(hkdfReader, encryptionKey)
+ return encryptionKey
+}
+
+func constantTimeIsZero(bytes []byte) bool {
+ isZero := byte(0)
+ for _, b := range bytes {
+ isZero |= b
+ }
+ return isZero == 0
+}
+
+// ENCODING/DECODING ciphertexts:
+
+// EncodeFieldsLength returns the length of the ciphertext encoding
+// given the encrypted session key.
+func EncodedFieldsLength(encryptedSessionKey []byte, v6 bool) int {
+ lenCipherFunction := 0
+ if !v6 {
+ lenCipherFunction = 1
+ }
+ return KeySize + 1 + len(encryptedSessionKey) + lenCipherFunction
+}
+
+// EncodeField encodes x448 session key encryption fields as
+// ephemeral x448 public key | follow byte length | cipherFunction (v3 only) | encryptedSessionKey
+// and writes it to writer.
+func EncodeFields(writer io.Writer, ephemeralPublicKey *PublicKey, encryptedSessionKey []byte, cipherFunction byte, v6 bool) (err error) {
+ lenAlgorithm := 0
+ if !v6 {
+ lenAlgorithm = 1
+ }
+ if _, err = writer.Write(ephemeralPublicKey.Point); err != nil {
+ return err
+ }
+ if _, err = writer.Write([]byte{byte(len(encryptedSessionKey) + lenAlgorithm)}); err != nil {
+ return err
+ }
+ if !v6 {
+ if _, err = writer.Write([]byte{cipherFunction}); err != nil {
+ return err
+ }
+ }
+ if _, err = writer.Write(encryptedSessionKey); err != nil {
+ return err
+ }
+ return nil
+}
+
+// DecodeField decodes a x448 session key encryption as
+// ephemeral x448 public key | follow byte length | cipherFunction (v3 only) | encryptedSessionKey.
+func DecodeFields(reader io.Reader, v6 bool) (ephemeralPublicKey *PublicKey, encryptedSessionKey []byte, cipherFunction byte, err error) {
+ var buf [1]byte
+ ephemeralPublicKey = &PublicKey{
+ Point: make([]byte, KeySize),
+ }
+ // 56 octets representing an ephemeral x448 public key.
+ if _, err = io.ReadFull(reader, ephemeralPublicKey.Point); err != nil {
+ return nil, nil, 0, err
+ }
+ // A one-octet size of the following fields.
+ if _, err = io.ReadFull(reader, buf[:]); err != nil {
+ return nil, nil, 0, err
+ }
+ followingLen := buf[0]
+ // The one-octet algorithm identifier, if it was passed (in the case of a v3 PKESK packet).
+ if !v6 {
+ if _, err = io.ReadFull(reader, buf[:]); err != nil {
+ return nil, nil, 0, err
+ }
+ cipherFunction = buf[0]
+ followingLen -= 1
+ }
+ // The encrypted session key.
+ encryptedSessionKey = make([]byte, followingLen)
+ if _, err = io.ReadFull(reader, encryptedSessionKey); err != nil {
+ return nil, nil, 0, err
+ }
+ return ephemeralPublicKey, encryptedSessionKey, cipherFunction, nil
+}
diff --git a/vendor/github.com/cloudflare/circl/LICENSE b/vendor/github.com/cloudflare/circl/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..67edaa90a0444fb1cbffd446075866aa3fa6dd66
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/LICENSE
@@ -0,0 +1,57 @@
+Copyright (c) 2019 Cloudflare. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+ * Neither the name of Cloudflare nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+========================================================================
+
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+ * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+ * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/curve.go b/vendor/github.com/cloudflare/circl/dh/x25519/curve.go
new file mode 100644
index 0000000000000000000000000000000000000000..f9057c2b8662bb0f0c031ba7d1956af7741fa799
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x25519/curve.go
@@ -0,0 +1,96 @@
+package x25519
+
+import (
+ fp "github.com/cloudflare/circl/math/fp25519"
+)
+
+// ladderJoye calculates a fixed-point multiplication with the generator point.
+// The algorithm is the right-to-left Joye's ladder as described
+// in "How to precompute a ladder" in SAC'2017.
+func ladderJoye(k *Key) {
+ w := [5]fp.Elt{} // [mu,x1,z1,x2,z2] order must be preserved.
+ fp.SetOne(&w[1]) // x1 = 1
+ fp.SetOne(&w[2]) // z1 = 1
+ w[3] = fp.Elt{ // x2 = G-S
+ 0xbd, 0xaa, 0x2f, 0xc8, 0xfe, 0xe1, 0x94, 0x7e,
+ 0xf8, 0xed, 0xb2, 0x14, 0xae, 0x95, 0xf0, 0xbb,
+ 0xe2, 0x48, 0x5d, 0x23, 0xb9, 0xa0, 0xc7, 0xad,
+ 0x34, 0xab, 0x7c, 0xe2, 0xee, 0xcd, 0xae, 0x1e,
+ }
+ fp.SetOne(&w[4]) // z2 = 1
+
+ const n = 255
+ const h = 3
+ swap := uint(1)
+ for s := 0; s < n-h; s++ {
+ i := (s + h) / 8
+ j := (s + h) % 8
+ bit := uint((k[i] >> uint(j)) & 1)
+ copy(w[0][:], tableGenerator[s*Size:(s+1)*Size])
+ diffAdd(&w, swap^bit)
+ swap = bit
+ }
+ for s := 0; s < h; s++ {
+ double(&w[1], &w[2])
+ }
+ toAffine((*[fp.Size]byte)(k), &w[1], &w[2])
+}
+
+// ladderMontgomery calculates a generic scalar point multiplication
+// The algorithm implemented is the left-to-right Montgomery's ladder.
+func ladderMontgomery(k, xP *Key) {
+ w := [5]fp.Elt{} // [x1, x2, z2, x3, z3] order must be preserved.
+ w[0] = *(*fp.Elt)(xP) // x1 = xP
+ fp.SetOne(&w[1]) // x2 = 1
+ w[3] = *(*fp.Elt)(xP) // x3 = xP
+ fp.SetOne(&w[4]) // z3 = 1
+
+ move := uint(0)
+ for s := 255 - 1; s >= 0; s-- {
+ i := s / 8
+ j := s % 8
+ bit := uint((k[i] >> uint(j)) & 1)
+ ladderStep(&w, move^bit)
+ move = bit
+ }
+ toAffine((*[fp.Size]byte)(k), &w[1], &w[2])
+}
+
+func toAffine(k *[fp.Size]byte, x, z *fp.Elt) {
+ fp.Inv(z, z)
+ fp.Mul(x, x, z)
+ _ = fp.ToBytes(k[:], x)
+}
+
+var lowOrderPoints = [5]fp.Elt{
+ { /* (0,_,1) point of order 2 on Curve25519 */
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ { /* (1,_,1) point of order 4 on Curve25519 */
+ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ { /* (x,_,1) first point of order 8 on Curve25519 */
+ 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae,
+ 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a,
+ 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd,
+ 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00,
+ },
+ { /* (x,_,1) second point of order 8 on Curve25519 */
+ 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24,
+ 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b,
+ 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86,
+ 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57,
+ },
+ { /* (-1,_,1) a point of order 4 on the twist of Curve25519 */
+ 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f,
+ },
+}
diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.go b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.go
new file mode 100644
index 0000000000000000000000000000000000000000..8a3d54c570f073a6da0a77493ab98fed3f252c68
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.go
@@ -0,0 +1,30 @@
+//go:build amd64 && !purego
+// +build amd64,!purego
+
+package x25519
+
+import (
+ fp "github.com/cloudflare/circl/math/fp25519"
+ "golang.org/x/sys/cpu"
+)
+
+var hasBmi2Adx = cpu.X86.HasBMI2 && cpu.X86.HasADX
+
+var _ = hasBmi2Adx
+
+func double(x, z *fp.Elt) { doubleAmd64(x, z) }
+func diffAdd(w *[5]fp.Elt, b uint) { diffAddAmd64(w, b) }
+func ladderStep(w *[5]fp.Elt, b uint) { ladderStepAmd64(w, b) }
+func mulA24(z, x *fp.Elt) { mulA24Amd64(z, x) }
+
+//go:noescape
+func ladderStepAmd64(w *[5]fp.Elt, b uint)
+
+//go:noescape
+func diffAddAmd64(w *[5]fp.Elt, b uint)
+
+//go:noescape
+func doubleAmd64(x, z *fp.Elt)
+
+//go:noescape
+func mulA24Amd64(z, x *fp.Elt)
diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.h b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.h
new file mode 100644
index 0000000000000000000000000000000000000000..8c1ae4d0fbb470ed47f46db7d25d2438a32af242
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.h
@@ -0,0 +1,111 @@
+#define ladderStepLeg \
+ addSub(x2,z2) \
+ addSub(x3,z3) \
+ integerMulLeg(b0,x2,z3) \
+ integerMulLeg(b1,x3,z2) \
+ reduceFromDoubleLeg(t0,b0) \
+ reduceFromDoubleLeg(t1,b1) \
+ addSub(t0,t1) \
+ cselect(x2,x3,regMove) \
+ cselect(z2,z3,regMove) \
+ integerSqrLeg(b0,t0) \
+ integerSqrLeg(b1,t1) \
+ reduceFromDoubleLeg(x3,b0) \
+ reduceFromDoubleLeg(z3,b1) \
+ integerMulLeg(b0,x1,z3) \
+ reduceFromDoubleLeg(z3,b0) \
+ integerSqrLeg(b0,x2) \
+ integerSqrLeg(b1,z2) \
+ reduceFromDoubleLeg(x2,b0) \
+ reduceFromDoubleLeg(z2,b1) \
+ subtraction(t0,x2,z2) \
+ multiplyA24Leg(t1,t0) \
+ additionLeg(t1,t1,z2) \
+ integerMulLeg(b0,x2,z2) \
+ integerMulLeg(b1,t0,t1) \
+ reduceFromDoubleLeg(x2,b0) \
+ reduceFromDoubleLeg(z2,b1)
+
+#define ladderStepBmi2Adx \
+ addSub(x2,z2) \
+ addSub(x3,z3) \
+ integerMulAdx(b0,x2,z3) \
+ integerMulAdx(b1,x3,z2) \
+ reduceFromDoubleAdx(t0,b0) \
+ reduceFromDoubleAdx(t1,b1) \
+ addSub(t0,t1) \
+ cselect(x2,x3,regMove) \
+ cselect(z2,z3,regMove) \
+ integerSqrAdx(b0,t0) \
+ integerSqrAdx(b1,t1) \
+ reduceFromDoubleAdx(x3,b0) \
+ reduceFromDoubleAdx(z3,b1) \
+ integerMulAdx(b0,x1,z3) \
+ reduceFromDoubleAdx(z3,b0) \
+ integerSqrAdx(b0,x2) \
+ integerSqrAdx(b1,z2) \
+ reduceFromDoubleAdx(x2,b0) \
+ reduceFromDoubleAdx(z2,b1) \
+ subtraction(t0,x2,z2) \
+ multiplyA24Adx(t1,t0) \
+ additionAdx(t1,t1,z2) \
+ integerMulAdx(b0,x2,z2) \
+ integerMulAdx(b1,t0,t1) \
+ reduceFromDoubleAdx(x2,b0) \
+ reduceFromDoubleAdx(z2,b1)
+
+#define difAddLeg \
+ addSub(x1,z1) \
+ integerMulLeg(b0,z1,ui) \
+ reduceFromDoubleLeg(z1,b0) \
+ addSub(x1,z1) \
+ integerSqrLeg(b0,x1) \
+ integerSqrLeg(b1,z1) \
+ reduceFromDoubleLeg(x1,b0) \
+ reduceFromDoubleLeg(z1,b1) \
+ integerMulLeg(b0,x1,z2) \
+ integerMulLeg(b1,z1,x2) \
+ reduceFromDoubleLeg(x1,b0) \
+ reduceFromDoubleLeg(z1,b1)
+
+#define difAddBmi2Adx \
+ addSub(x1,z1) \
+ integerMulAdx(b0,z1,ui) \
+ reduceFromDoubleAdx(z1,b0) \
+ addSub(x1,z1) \
+ integerSqrAdx(b0,x1) \
+ integerSqrAdx(b1,z1) \
+ reduceFromDoubleAdx(x1,b0) \
+ reduceFromDoubleAdx(z1,b1) \
+ integerMulAdx(b0,x1,z2) \
+ integerMulAdx(b1,z1,x2) \
+ reduceFromDoubleAdx(x1,b0) \
+ reduceFromDoubleAdx(z1,b1)
+
+#define doubleLeg \
+ addSub(x1,z1) \
+ integerSqrLeg(b0,x1) \
+ integerSqrLeg(b1,z1) \
+ reduceFromDoubleLeg(x1,b0) \
+ reduceFromDoubleLeg(z1,b1) \
+ subtraction(t0,x1,z1) \
+ multiplyA24Leg(t1,t0) \
+ additionLeg(t1,t1,z1) \
+ integerMulLeg(b0,x1,z1) \
+ integerMulLeg(b1,t0,t1) \
+ reduceFromDoubleLeg(x1,b0) \
+ reduceFromDoubleLeg(z1,b1)
+
+#define doubleBmi2Adx \
+ addSub(x1,z1) \
+ integerSqrAdx(b0,x1) \
+ integerSqrAdx(b1,z1) \
+ reduceFromDoubleAdx(x1,b0) \
+ reduceFromDoubleAdx(z1,b1) \
+ subtraction(t0,x1,z1) \
+ multiplyA24Adx(t1,t0) \
+ additionAdx(t1,t1,z1) \
+ integerMulAdx(b0,x1,z1) \
+ integerMulAdx(b1,t0,t1) \
+ reduceFromDoubleAdx(x1,b0) \
+ reduceFromDoubleAdx(z1,b1)
diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s
new file mode 100644
index 0000000000000000000000000000000000000000..b7723185b61a887fe9e1f80a58e40cee8a37cff7
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x25519/curve_amd64.s
@@ -0,0 +1,156 @@
+// +build amd64
+
+#include "textflag.h"
+
+// Depends on circl/math/fp25519 package
+#include "../../math/fp25519/fp_amd64.h"
+#include "curve_amd64.h"
+
+// CTE_A24 is (A+2)/4 from Curve25519
+#define CTE_A24 121666
+
+#define Size 32
+
+// multiplyA24Leg multiplies x times CTE_A24 and stores in z
+// Uses: AX, DX, R8-R13, FLAGS
+// Instr: x86_64, cmov
+#define multiplyA24Leg(z,x) \
+ MOVL $CTE_A24, AX; MULQ 0+x; MOVQ AX, R8; MOVQ DX, R9; \
+ MOVL $CTE_A24, AX; MULQ 8+x; MOVQ AX, R12; MOVQ DX, R10; \
+ MOVL $CTE_A24, AX; MULQ 16+x; MOVQ AX, R13; MOVQ DX, R11; \
+ MOVL $CTE_A24, AX; MULQ 24+x; \
+ ADDQ R12, R9; \
+ ADCQ R13, R10; \
+ ADCQ AX, R11; \
+ ADCQ $0, DX; \
+ MOVL $38, AX; /* 2*C = 38 = 2^256 MOD 2^255-19*/ \
+ IMULQ AX, DX; \
+ ADDQ DX, R8; \
+ ADCQ $0, R9; MOVQ R9, 8+z; \
+ ADCQ $0, R10; MOVQ R10, 16+z; \
+ ADCQ $0, R11; MOVQ R11, 24+z; \
+ MOVQ $0, DX; \
+ CMOVQCS AX, DX; \
+ ADDQ DX, R8; MOVQ R8, 0+z;
+
+// multiplyA24Adx multiplies x times CTE_A24 and stores in z
+// Uses: AX, DX, R8-R12, FLAGS
+// Instr: x86_64, cmov, bmi2
+#define multiplyA24Adx(z,x) \
+ MOVQ $CTE_A24, DX; \
+ MULXQ 0+x, R8, R10; \
+ MULXQ 8+x, R9, R11; ADDQ R10, R9; \
+ MULXQ 16+x, R10, AX; ADCQ R11, R10; \
+ MULXQ 24+x, R11, R12; ADCQ AX, R11; \
+ ;;;;;;;;;;;;;;;;;;;;; ADCQ $0, R12; \
+ MOVL $38, DX; /* 2*C = 38 = 2^256 MOD 2^255-19*/ \
+ IMULQ DX, R12; \
+ ADDQ R12, R8; \
+ ADCQ $0, R9; MOVQ R9, 8+z; \
+ ADCQ $0, R10; MOVQ R10, 16+z; \
+ ADCQ $0, R11; MOVQ R11, 24+z; \
+ MOVQ $0, R12; \
+ CMOVQCS DX, R12; \
+ ADDQ R12, R8; MOVQ R8, 0+z;
+
+#define mulA24Legacy \
+ multiplyA24Leg(0(DI),0(SI))
+#define mulA24Bmi2Adx \
+ multiplyA24Adx(0(DI),0(SI))
+
+// func mulA24Amd64(z, x *fp255.Elt)
+TEXT ·mulA24Amd64(SB),NOSPLIT,$0-16
+ MOVQ z+0(FP), DI
+ MOVQ x+8(FP), SI
+ CHECK_BMI2ADX(LMA24, mulA24Legacy, mulA24Bmi2Adx)
+
+
+// func ladderStepAmd64(w *[5]fp255.Elt, b uint)
+// ladderStepAmd64 calculates a point addition and doubling as follows:
+// (x2,z2) = 2*(x2,z2) and (x3,z3) = (x2,z2)+(x3,z3) using as a difference (x1,-).
+// work = (x1,x2,z2,x3,z3) are five fp255.Elt of 32 bytes.
+// stack = (t0,t1) are two fp.Elt of fp.Size bytes, and
+// (b0,b1) are two-double precision fp.Elt of 2*fp.Size bytes.
+TEXT ·ladderStepAmd64(SB),NOSPLIT,$192-16
+ // Parameters
+ #define regWork DI
+ #define regMove SI
+ #define x1 0*Size(regWork)
+ #define x2 1*Size(regWork)
+ #define z2 2*Size(regWork)
+ #define x3 3*Size(regWork)
+ #define z3 4*Size(regWork)
+ // Local variables
+ #define t0 0*Size(SP)
+ #define t1 1*Size(SP)
+ #define b0 2*Size(SP)
+ #define b1 4*Size(SP)
+ MOVQ w+0(FP), regWork
+ MOVQ b+8(FP), regMove
+ CHECK_BMI2ADX(LLADSTEP, ladderStepLeg, ladderStepBmi2Adx)
+ #undef regWork
+ #undef regMove
+ #undef x1
+ #undef x2
+ #undef z2
+ #undef x3
+ #undef z3
+ #undef t0
+ #undef t1
+ #undef b0
+ #undef b1
+
+// func diffAddAmd64(w *[5]fp255.Elt, b uint)
+// diffAddAmd64 calculates a differential point addition using a precomputed point.
+// (x1,z1) = (x1,z1)+(mu) using a difference point (x2,z2)
+// w = (mu,x1,z1,x2,z2) are five fp.Elt, and
+// stack = (b0,b1) are two-double precision fp.Elt of 2*fp.Size bytes.
+TEXT ·diffAddAmd64(SB),NOSPLIT,$128-16
+ // Parameters
+ #define regWork DI
+ #define regSwap SI
+ #define ui 0*Size(regWork)
+ #define x1 1*Size(regWork)
+ #define z1 2*Size(regWork)
+ #define x2 3*Size(regWork)
+ #define z2 4*Size(regWork)
+ // Local variables
+ #define b0 0*Size(SP)
+ #define b1 2*Size(SP)
+ MOVQ w+0(FP), regWork
+ MOVQ b+8(FP), regSwap
+ cswap(x1,x2,regSwap)
+ cswap(z1,z2,regSwap)
+ CHECK_BMI2ADX(LDIFADD, difAddLeg, difAddBmi2Adx)
+ #undef regWork
+ #undef regSwap
+ #undef ui
+ #undef x1
+ #undef z1
+ #undef x2
+ #undef z2
+ #undef b0
+ #undef b1
+
+// func doubleAmd64(x, z *fp255.Elt)
+// doubleAmd64 calculates a point doubling (x1,z1) = 2*(x1,z1).
+// stack = (t0,t1) are two fp.Elt of fp.Size bytes, and
+// (b0,b1) are two-double precision fp.Elt of 2*fp.Size bytes.
+TEXT ·doubleAmd64(SB),NOSPLIT,$192-16
+ // Parameters
+ #define x1 0(DI)
+ #define z1 0(SI)
+ // Local variables
+ #define t0 0*Size(SP)
+ #define t1 1*Size(SP)
+ #define b0 2*Size(SP)
+ #define b1 4*Size(SP)
+ MOVQ x+0(FP), DI
+ MOVQ z+8(FP), SI
+ CHECK_BMI2ADX(LDOUB,doubleLeg,doubleBmi2Adx)
+ #undef x1
+ #undef z1
+ #undef t0
+ #undef t1
+ #undef b0
+ #undef b1
diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/curve_generic.go b/vendor/github.com/cloudflare/circl/dh/x25519/curve_generic.go
new file mode 100644
index 0000000000000000000000000000000000000000..dae67ea37df47986102a53137030d63121c696a5
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x25519/curve_generic.go
@@ -0,0 +1,85 @@
+package x25519
+
+import (
+ "encoding/binary"
+ "math/bits"
+
+ fp "github.com/cloudflare/circl/math/fp25519"
+)
+
+func doubleGeneric(x, z *fp.Elt) {
+ t0, t1 := &fp.Elt{}, &fp.Elt{}
+ fp.AddSub(x, z)
+ fp.Sqr(x, x)
+ fp.Sqr(z, z)
+ fp.Sub(t0, x, z)
+ mulA24Generic(t1, t0)
+ fp.Add(t1, t1, z)
+ fp.Mul(x, x, z)
+ fp.Mul(z, t0, t1)
+}
+
+func diffAddGeneric(w *[5]fp.Elt, b uint) {
+ mu, x1, z1, x2, z2 := &w[0], &w[1], &w[2], &w[3], &w[4]
+ fp.Cswap(x1, x2, b)
+ fp.Cswap(z1, z2, b)
+ fp.AddSub(x1, z1)
+ fp.Mul(z1, z1, mu)
+ fp.AddSub(x1, z1)
+ fp.Sqr(x1, x1)
+ fp.Sqr(z1, z1)
+ fp.Mul(x1, x1, z2)
+ fp.Mul(z1, z1, x2)
+}
+
+func ladderStepGeneric(w *[5]fp.Elt, b uint) {
+ x1, x2, z2, x3, z3 := &w[0], &w[1], &w[2], &w[3], &w[4]
+ t0 := &fp.Elt{}
+ t1 := &fp.Elt{}
+ fp.AddSub(x2, z2)
+ fp.AddSub(x3, z3)
+ fp.Mul(t0, x2, z3)
+ fp.Mul(t1, x3, z2)
+ fp.AddSub(t0, t1)
+ fp.Cmov(x2, x3, b)
+ fp.Cmov(z2, z3, b)
+ fp.Sqr(x3, t0)
+ fp.Sqr(z3, t1)
+ fp.Mul(z3, x1, z3)
+ fp.Sqr(x2, x2)
+ fp.Sqr(z2, z2)
+ fp.Sub(t0, x2, z2)
+ mulA24Generic(t1, t0)
+ fp.Add(t1, t1, z2)
+ fp.Mul(x2, x2, z2)
+ fp.Mul(z2, t0, t1)
+}
+
+func mulA24Generic(z, x *fp.Elt) {
+ const A24 = 121666
+ const n = 8
+ var xx [4]uint64
+ for i := range xx {
+ xx[i] = binary.LittleEndian.Uint64(x[i*n : (i+1)*n])
+ }
+
+ h0, l0 := bits.Mul64(xx[0], A24)
+ h1, l1 := bits.Mul64(xx[1], A24)
+ h2, l2 := bits.Mul64(xx[2], A24)
+ h3, l3 := bits.Mul64(xx[3], A24)
+
+ var c3 uint64
+ l1, c0 := bits.Add64(h0, l1, 0)
+ l2, c1 := bits.Add64(h1, l2, c0)
+ l3, c2 := bits.Add64(h2, l3, c1)
+ l4, _ := bits.Add64(h3, 0, c2)
+ _, l4 = bits.Mul64(l4, 38)
+ l0, c0 = bits.Add64(l0, l4, 0)
+ xx[1], c1 = bits.Add64(l1, 0, c0)
+ xx[2], c2 = bits.Add64(l2, 0, c1)
+ xx[3], c3 = bits.Add64(l3, 0, c2)
+ xx[0], _ = bits.Add64(l0, (-c3)&38, 0)
+ for i := range xx {
+ binary.LittleEndian.PutUint64(z[i*n:(i+1)*n], xx[i])
+ }
+}
diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/curve_noasm.go b/vendor/github.com/cloudflare/circl/dh/x25519/curve_noasm.go
new file mode 100644
index 0000000000000000000000000000000000000000..07fab97d2af615aec3cd079a4183db77405075f4
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x25519/curve_noasm.go
@@ -0,0 +1,11 @@
+//go:build !amd64 || purego
+// +build !amd64 purego
+
+package x25519
+
+import fp "github.com/cloudflare/circl/math/fp25519"
+
+func double(x, z *fp.Elt) { doubleGeneric(x, z) }
+func diffAdd(w *[5]fp.Elt, b uint) { diffAddGeneric(w, b) }
+func ladderStep(w *[5]fp.Elt, b uint) { ladderStepGeneric(w, b) }
+func mulA24(z, x *fp.Elt) { mulA24Generic(z, x) }
diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/doc.go b/vendor/github.com/cloudflare/circl/dh/x25519/doc.go
new file mode 100644
index 0000000000000000000000000000000000000000..3ce102d1457fadc200b75d7e26cf5611a746f5a4
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x25519/doc.go
@@ -0,0 +1,19 @@
+/*
+Package x25519 provides Diffie-Hellman functions as specified in RFC-7748.
+
+Validation of public keys.
+
+The Diffie-Hellman function, as described in RFC-7748 [1], works for any
+public key. However, if a different protocol requires contributory
+behaviour [2,3], then the public keys must be validated against low-order
+points [3,4]. To do that, the Shared function performs this validation
+internally and returns false when the public key is invalid (i.e., it
+is a low-order point).
+
+References:
+ - [1] RFC7748 by Langley, Hamburg, Turner (https://rfc-editor.org/rfc/rfc7748.txt)
+ - [2] Curve25519 by Bernstein (https://cr.yp.to/ecdh.html)
+ - [3] Bernstein (https://cr.yp.to/ecdh.html#validate)
+ - [4] Cremers&Jackson (https://eprint.iacr.org/2019/526)
+*/
+package x25519
diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/key.go b/vendor/github.com/cloudflare/circl/dh/x25519/key.go
new file mode 100644
index 0000000000000000000000000000000000000000..c76f72ac7fa044ec44467e81499bc18e96bb7f3a
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x25519/key.go
@@ -0,0 +1,47 @@
+package x25519
+
+import (
+ "crypto/subtle"
+
+ fp "github.com/cloudflare/circl/math/fp25519"
+)
+
+// Size is the length in bytes of a X25519 key.
+const Size = 32
+
+// Key represents a X25519 key.
+type Key [Size]byte
+
+func (k *Key) clamp(in *Key) *Key {
+ *k = *in
+ k[0] &= 248
+ k[31] = (k[31] & 127) | 64
+ return k
+}
+
+// isValidPubKey verifies if the public key is not a low-order point.
+func (k *Key) isValidPubKey() bool {
+ fp.Modp((*fp.Elt)(k))
+ var isLowOrder int
+ for _, P := range lowOrderPoints {
+ isLowOrder |= subtle.ConstantTimeCompare(P[:], k[:])
+ }
+ return isLowOrder == 0
+}
+
+// KeyGen obtains a public key given a secret key.
+func KeyGen(public, secret *Key) {
+ ladderJoye(public.clamp(secret))
+}
+
+// Shared calculates Alice's shared key from Alice's secret key and Bob's
+// public key returning true on success. A failure case happens when the public
+// key is a low-order point, thus the shared key is all-zeros and the function
+// returns false.
+func Shared(shared, secret, public *Key) bool {
+ validPk := *public
+ validPk[31] &= (1 << (255 % 8)) - 1
+ ok := validPk.isValidPubKey()
+ ladderMontgomery(shared.clamp(secret), &validPk)
+ return ok
+}
diff --git a/vendor/github.com/cloudflare/circl/dh/x25519/table.go b/vendor/github.com/cloudflare/circl/dh/x25519/table.go
new file mode 100644
index 0000000000000000000000000000000000000000..28c8c4ac03223d5fea55db977e445bc3522c7c02
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x25519/table.go
@@ -0,0 +1,268 @@
+package x25519
+
+import "github.com/cloudflare/circl/math/fp25519"
+
+// tableGenerator contains the set of points:
+//
+// t[i] = (xi+1)/(xi-1),
+//
+// where (xi,yi) = 2^iG and G is the generator point
+// Size = (256)*(256/8) = 8192 bytes.
+var tableGenerator = [256 * fp25519.Size]byte{
+ /* (2^ 0)P */ 0xf3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x5f,
+ /* (2^ 1)P */ 0x96, 0xfe, 0xaa, 0x16, 0xf4, 0x20, 0x82, 0x6b, 0x34, 0x6a, 0x56, 0x4f, 0x2b, 0xeb, 0xeb, 0x82, 0x0f, 0x95, 0xa5, 0x75, 0xb0, 0xa5, 0xa9, 0xd5, 0xf4, 0x88, 0x24, 0x4b, 0xcf, 0xb2, 0x42, 0x51,
+ /* (2^ 2)P */ 0x0c, 0x68, 0x69, 0x00, 0x75, 0xbc, 0xae, 0x6a, 0x41, 0x9c, 0xf9, 0xa0, 0x20, 0x78, 0xcf, 0x89, 0xf4, 0xd0, 0x56, 0x3b, 0x18, 0xd9, 0x58, 0x2a, 0xa4, 0x11, 0x60, 0xe3, 0x80, 0xca, 0x5a, 0x4b,
+ /* (2^ 3)P */ 0x5d, 0x74, 0x29, 0x8c, 0x34, 0x32, 0x91, 0x32, 0xd7, 0x2f, 0x64, 0xe1, 0x16, 0xe6, 0xa2, 0xf4, 0x34, 0xbc, 0x67, 0xff, 0x03, 0xbb, 0x45, 0x1e, 0x4a, 0x9b, 0x2a, 0xf4, 0xd0, 0x12, 0x69, 0x30,
+ /* (2^ 4)P */ 0x54, 0x71, 0xaf, 0xe6, 0x07, 0x65, 0x88, 0xff, 0x2f, 0xc8, 0xee, 0xdf, 0x13, 0x0e, 0xf5, 0x04, 0xce, 0xb5, 0xba, 0x2a, 0xe8, 0x2f, 0x51, 0xaa, 0x22, 0xf2, 0xd5, 0x68, 0x1a, 0x25, 0x4e, 0x17,
+ /* (2^ 5)P */ 0x98, 0x88, 0x02, 0x82, 0x0d, 0x70, 0x96, 0xcf, 0xc5, 0x02, 0x2c, 0x0a, 0x37, 0xe3, 0x43, 0x17, 0xaa, 0x6e, 0xe8, 0xb4, 0x98, 0xec, 0x9e, 0x37, 0x2e, 0x48, 0xe0, 0x51, 0x8a, 0x88, 0x59, 0x0c,
+ /* (2^ 6)P */ 0x89, 0xd1, 0xb5, 0x99, 0xd6, 0xf1, 0xcb, 0xfb, 0x84, 0xdc, 0x9f, 0x8e, 0xd5, 0xf0, 0xae, 0xac, 0x14, 0x76, 0x1f, 0x23, 0x06, 0x0d, 0xc2, 0xc1, 0x72, 0xf9, 0x74, 0xa2, 0x8d, 0x21, 0x38, 0x29,
+ /* (2^ 7)P */ 0x18, 0x7f, 0x1d, 0xff, 0xbe, 0x49, 0xaf, 0xf6, 0xc2, 0xc9, 0x7a, 0x38, 0x22, 0x1c, 0x54, 0xcc, 0x6b, 0xc5, 0x15, 0x40, 0xef, 0xc9, 0xfc, 0x96, 0xa9, 0x13, 0x09, 0x69, 0x7c, 0x62, 0xc1, 0x69,
+ /* (2^ 8)P */ 0x0e, 0xdb, 0x33, 0x47, 0x2f, 0xfd, 0x86, 0x7a, 0xe9, 0x7d, 0x08, 0x9e, 0xf2, 0xc4, 0xb8, 0xfd, 0x29, 0xa2, 0xa2, 0x8e, 0x1a, 0x4b, 0x5e, 0x09, 0x79, 0x7a, 0xb3, 0x29, 0xc8, 0xa7, 0xd7, 0x1a,
+ /* (2^ 9)P */ 0xc0, 0xa0, 0x7e, 0xd1, 0xca, 0x89, 0x2d, 0x34, 0x51, 0x20, 0xed, 0xcc, 0xa6, 0xdd, 0xbe, 0x67, 0x74, 0x2f, 0xb4, 0x2b, 0xbf, 0x31, 0xca, 0x19, 0xbb, 0xac, 0x80, 0x49, 0xc8, 0xb4, 0xf7, 0x3d,
+ /* (2^ 10)P */ 0x83, 0xd8, 0x0a, 0xc8, 0x4d, 0x44, 0xc6, 0xa8, 0x85, 0xab, 0xe3, 0x66, 0x03, 0x44, 0x1e, 0xb9, 0xd8, 0xf6, 0x64, 0x01, 0xa0, 0xcd, 0x15, 0xc2, 0x68, 0xe6, 0x47, 0xf2, 0x6e, 0x7c, 0x86, 0x3d,
+ /* (2^ 11)P */ 0x8c, 0x65, 0x3e, 0xcc, 0x2b, 0x58, 0xdd, 0xc7, 0x28, 0x55, 0x0e, 0xee, 0x48, 0x47, 0x2c, 0xfd, 0x71, 0x4f, 0x9f, 0xcc, 0x95, 0x9b, 0xfd, 0xa0, 0xdf, 0x5d, 0x67, 0xb0, 0x71, 0xd8, 0x29, 0x75,
+ /* (2^ 12)P */ 0x78, 0xbd, 0x3c, 0x2d, 0xb4, 0x68, 0xf5, 0xb8, 0x82, 0xda, 0xf3, 0x91, 0x1b, 0x01, 0x33, 0x12, 0x62, 0x3b, 0x7c, 0x4a, 0xcd, 0x6c, 0xce, 0x2d, 0x03, 0x86, 0x49, 0x9e, 0x8e, 0xfc, 0xe7, 0x75,
+ /* (2^ 13)P */ 0xec, 0xb6, 0xd0, 0xfc, 0xf1, 0x13, 0x4f, 0x2f, 0x45, 0x7a, 0xff, 0x29, 0x1f, 0xca, 0xa8, 0xf1, 0x9b, 0xe2, 0x81, 0x29, 0xa7, 0xc1, 0x49, 0xc2, 0x6a, 0xb5, 0x83, 0x8c, 0xbb, 0x0d, 0xbe, 0x6e,
+ /* (2^ 14)P */ 0x22, 0xb2, 0x0b, 0x17, 0x8d, 0xfa, 0x14, 0x71, 0x5f, 0x93, 0x93, 0xbf, 0xd5, 0xdc, 0xa2, 0x65, 0x9a, 0x97, 0x9c, 0xb5, 0x68, 0x1f, 0xc4, 0xbd, 0x89, 0x92, 0xce, 0xa2, 0x79, 0xef, 0x0e, 0x2f,
+ /* (2^ 15)P */ 0xce, 0x37, 0x3c, 0x08, 0x0c, 0xbf, 0xec, 0x42, 0x22, 0x63, 0x49, 0xec, 0x09, 0xbc, 0x30, 0x29, 0x0d, 0xac, 0xfe, 0x9c, 0xc1, 0xb0, 0x94, 0xf2, 0x80, 0xbb, 0xfa, 0xed, 0x4b, 0xaa, 0x80, 0x37,
+ /* (2^ 16)P */ 0x29, 0xd9, 0xea, 0x7c, 0x3e, 0x7d, 0xc1, 0x56, 0xc5, 0x22, 0x57, 0x2e, 0xeb, 0x4b, 0xcb, 0xe7, 0x5a, 0xe1, 0xbf, 0x2d, 0x73, 0x31, 0xe9, 0x0c, 0xf8, 0x52, 0x10, 0x62, 0xc7, 0x83, 0xb8, 0x41,
+ /* (2^ 17)P */ 0x50, 0x53, 0xd2, 0xc3, 0xa0, 0x5c, 0xf7, 0xdb, 0x51, 0xe3, 0xb1, 0x6e, 0x08, 0xbe, 0x36, 0x29, 0x12, 0xb2, 0xa9, 0xb4, 0x3c, 0xe0, 0x36, 0xc9, 0xaa, 0x25, 0x22, 0x32, 0x82, 0xbf, 0x45, 0x1d,
+ /* (2^ 18)P */ 0xc5, 0x4c, 0x02, 0x6a, 0x03, 0xb1, 0x1a, 0xe8, 0x72, 0x9a, 0x4c, 0x30, 0x1c, 0x20, 0x12, 0xe2, 0xfc, 0xb1, 0x32, 0x68, 0xba, 0x3f, 0xd7, 0xc5, 0x81, 0x95, 0x83, 0x4d, 0x5a, 0xdb, 0xff, 0x20,
+ /* (2^ 19)P */ 0xad, 0x0f, 0x5d, 0xbe, 0x67, 0xd3, 0x83, 0xa2, 0x75, 0x44, 0x16, 0x8b, 0xca, 0x25, 0x2b, 0x6c, 0x2e, 0xf2, 0xaa, 0x7c, 0x46, 0x35, 0x49, 0x9d, 0x49, 0xff, 0x85, 0xee, 0x8e, 0x40, 0x66, 0x51,
+ /* (2^ 20)P */ 0x61, 0xe3, 0xb4, 0xfa, 0xa2, 0xba, 0x67, 0x3c, 0xef, 0x5c, 0xf3, 0x7e, 0xc6, 0x33, 0xe4, 0xb3, 0x1c, 0x9b, 0x15, 0x41, 0x92, 0x72, 0x59, 0x52, 0x33, 0xab, 0xb0, 0xd5, 0x92, 0x18, 0x62, 0x6a,
+ /* (2^ 21)P */ 0xcb, 0xcd, 0x55, 0x75, 0x38, 0x4a, 0xb7, 0x20, 0x3f, 0x92, 0x08, 0x12, 0x0e, 0xa1, 0x2a, 0x53, 0xd1, 0x1d, 0x28, 0x62, 0x77, 0x7b, 0xa1, 0xea, 0xbf, 0x44, 0x5c, 0xf0, 0x43, 0x34, 0xab, 0x61,
+ /* (2^ 22)P */ 0xf8, 0xde, 0x24, 0x23, 0x42, 0x6c, 0x7a, 0x25, 0x7f, 0xcf, 0xe3, 0x17, 0x10, 0x6c, 0x1c, 0x13, 0x57, 0xa2, 0x30, 0xf6, 0x39, 0x87, 0x75, 0x23, 0x80, 0x85, 0xa7, 0x01, 0x7a, 0x40, 0x5a, 0x29,
+ /* (2^ 23)P */ 0xd9, 0xa8, 0x5d, 0x6d, 0x24, 0x43, 0xc4, 0xf8, 0x5d, 0xfa, 0x52, 0x0c, 0x45, 0x75, 0xd7, 0x19, 0x3d, 0xf8, 0x1b, 0x73, 0x92, 0xfc, 0xfc, 0x2a, 0x00, 0x47, 0x2b, 0x1b, 0xe8, 0xc8, 0x10, 0x7d,
+ /* (2^ 24)P */ 0x0b, 0xa2, 0xba, 0x70, 0x1f, 0x27, 0xe0, 0xc8, 0x57, 0x39, 0xa6, 0x7c, 0x86, 0x48, 0x37, 0x99, 0xbb, 0xd4, 0x7e, 0xcb, 0xb3, 0xef, 0x12, 0x54, 0x75, 0x29, 0xe6, 0x73, 0x61, 0xd3, 0x96, 0x31,
+ /* (2^ 25)P */ 0xfc, 0xdf, 0xc7, 0x41, 0xd1, 0xca, 0x5b, 0xde, 0x48, 0xc8, 0x95, 0xb3, 0xd2, 0x8c, 0xcc, 0x47, 0xcb, 0xf3, 0x1a, 0xe1, 0x42, 0xd9, 0x4c, 0xa3, 0xc2, 0xce, 0x4e, 0xd0, 0xf2, 0xdb, 0x56, 0x02,
+ /* (2^ 26)P */ 0x7f, 0x66, 0x0e, 0x4b, 0xe9, 0xb7, 0x5a, 0x87, 0x10, 0x0d, 0x85, 0xc0, 0x83, 0xdd, 0xd4, 0xca, 0x9f, 0xc7, 0x72, 0x4e, 0x8f, 0x2e, 0xf1, 0x47, 0x9b, 0xb1, 0x85, 0x8c, 0xbb, 0x87, 0x1a, 0x5f,
+ /* (2^ 27)P */ 0xb8, 0x51, 0x7f, 0x43, 0xb6, 0xd0, 0xe9, 0x7a, 0x65, 0x90, 0x87, 0x18, 0x55, 0xce, 0xc7, 0x12, 0xee, 0x7a, 0xf7, 0x5c, 0xfe, 0x09, 0xde, 0x2a, 0x27, 0x56, 0x2c, 0x7d, 0x2f, 0x5a, 0xa0, 0x23,
+ /* (2^ 28)P */ 0x9a, 0x16, 0x7c, 0xf1, 0x28, 0xe1, 0x08, 0x59, 0x2d, 0x85, 0xd0, 0x8a, 0xdd, 0x98, 0x74, 0xf7, 0x64, 0x2f, 0x10, 0xab, 0xce, 0xc4, 0xb4, 0x74, 0x45, 0x98, 0x13, 0x10, 0xdd, 0xba, 0x3a, 0x18,
+ /* (2^ 29)P */ 0xac, 0xaa, 0x92, 0xaa, 0x8d, 0xba, 0x65, 0xb1, 0x05, 0x67, 0x38, 0x99, 0x95, 0xef, 0xc5, 0xd5, 0xd1, 0x40, 0xfc, 0xf8, 0x0c, 0x8f, 0x2f, 0xbe, 0x14, 0x45, 0x20, 0xee, 0x35, 0xe6, 0x01, 0x27,
+ /* (2^ 30)P */ 0x14, 0x65, 0x15, 0x20, 0x00, 0xa8, 0x9f, 0x62, 0xce, 0xc1, 0xa8, 0x64, 0x87, 0x86, 0x23, 0xf2, 0x0e, 0x06, 0x3f, 0x0b, 0xff, 0x4f, 0x89, 0x5b, 0xfa, 0xa3, 0x08, 0xf7, 0x4c, 0x94, 0xd9, 0x60,
+ /* (2^ 31)P */ 0x1f, 0x20, 0x7a, 0x1c, 0x1a, 0x00, 0xea, 0xae, 0x63, 0xce, 0xe2, 0x3e, 0x63, 0x6a, 0xf1, 0xeb, 0xe1, 0x07, 0x7a, 0x4c, 0x59, 0x09, 0x77, 0x6f, 0xcb, 0x08, 0x02, 0x0d, 0x15, 0x58, 0xb9, 0x79,
+ /* (2^ 32)P */ 0xe7, 0x10, 0xd4, 0x01, 0x53, 0x5e, 0xb5, 0x24, 0x4d, 0xc8, 0xfd, 0xf3, 0xdf, 0x4e, 0xa3, 0xe3, 0xd8, 0x32, 0x40, 0x90, 0xe4, 0x68, 0x87, 0xd8, 0xec, 0xae, 0x3a, 0x7b, 0x42, 0x84, 0x13, 0x13,
+ /* (2^ 33)P */ 0x14, 0x4f, 0x23, 0x86, 0x12, 0xe5, 0x05, 0x84, 0x29, 0xc5, 0xb4, 0xad, 0x39, 0x47, 0xdc, 0x14, 0xfd, 0x4f, 0x63, 0x50, 0xb2, 0xb5, 0xa2, 0xb8, 0x93, 0xff, 0xa7, 0xd8, 0x4a, 0xa9, 0xe2, 0x2f,
+ /* (2^ 34)P */ 0xdd, 0xfa, 0x43, 0xe8, 0xef, 0x57, 0x5c, 0xec, 0x18, 0x99, 0xbb, 0xf0, 0x40, 0xce, 0x43, 0x28, 0x05, 0x63, 0x3d, 0xcf, 0xd6, 0x61, 0xb5, 0xa4, 0x7e, 0x77, 0xfb, 0xe8, 0xbd, 0x29, 0x36, 0x74,
+ /* (2^ 35)P */ 0x8f, 0x73, 0xaf, 0xbb, 0x46, 0xdd, 0x3e, 0x34, 0x51, 0xa6, 0x01, 0xb1, 0x28, 0x18, 0x98, 0xed, 0x7a, 0x79, 0x2c, 0x88, 0x0b, 0x76, 0x01, 0xa4, 0x30, 0x87, 0xc8, 0x8d, 0xe2, 0x23, 0xc2, 0x1f,
+ /* (2^ 36)P */ 0x0e, 0xba, 0x0f, 0xfc, 0x91, 0x4e, 0x60, 0x48, 0xa4, 0x6f, 0x2c, 0x05, 0x8f, 0xf7, 0x37, 0xb6, 0x9c, 0x23, 0xe9, 0x09, 0x3d, 0xac, 0xcc, 0x91, 0x7c, 0x68, 0x7a, 0x43, 0xd4, 0xee, 0xf7, 0x23,
+ /* (2^ 37)P */ 0x00, 0xd8, 0x9b, 0x8d, 0x11, 0xb1, 0x73, 0x51, 0xa7, 0xd4, 0x89, 0x31, 0xb6, 0x41, 0xd6, 0x29, 0x86, 0xc5, 0xbb, 0x88, 0x79, 0x17, 0xbf, 0xfd, 0xf5, 0x1d, 0xd8, 0xca, 0x4f, 0x89, 0x59, 0x29,
+ /* (2^ 38)P */ 0x99, 0xc8, 0xbb, 0xb4, 0xf3, 0x8e, 0xbc, 0xae, 0xb9, 0x92, 0x69, 0xb2, 0x5a, 0x99, 0x48, 0x41, 0xfb, 0x2c, 0xf9, 0x34, 0x01, 0x0b, 0xe2, 0x24, 0xe8, 0xde, 0x05, 0x4a, 0x89, 0x58, 0xd1, 0x40,
+ /* (2^ 39)P */ 0xf6, 0x76, 0xaf, 0x85, 0x11, 0x0b, 0xb0, 0x46, 0x79, 0x7a, 0x18, 0x73, 0x78, 0xc7, 0xba, 0x26, 0x5f, 0xff, 0x8f, 0xab, 0x95, 0xbf, 0xc0, 0x3d, 0xd7, 0x24, 0x55, 0x94, 0xd8, 0x8b, 0x60, 0x2a,
+ /* (2^ 40)P */ 0x02, 0x63, 0x44, 0xbd, 0x88, 0x95, 0x44, 0x26, 0x9c, 0x43, 0x88, 0x03, 0x1c, 0xc2, 0x4b, 0x7c, 0xb2, 0x11, 0xbd, 0x83, 0xf3, 0xa4, 0x98, 0x8e, 0xb9, 0x76, 0xd8, 0xc9, 0x7b, 0x8d, 0x21, 0x26,
+ /* (2^ 41)P */ 0x8a, 0x17, 0x7c, 0x99, 0x42, 0x15, 0x08, 0xe3, 0x6f, 0x60, 0xb6, 0x6f, 0xa8, 0x29, 0x2d, 0x3c, 0x74, 0x93, 0x27, 0xfa, 0x36, 0x77, 0x21, 0x5c, 0xfa, 0xb1, 0xfe, 0x4a, 0x73, 0x05, 0xde, 0x7d,
+ /* (2^ 42)P */ 0xab, 0x2b, 0xd4, 0x06, 0x39, 0x0e, 0xf1, 0x3b, 0x9c, 0x64, 0x80, 0x19, 0x3e, 0x80, 0xf7, 0xe4, 0x7a, 0xbf, 0x95, 0x95, 0xf8, 0x3b, 0x05, 0xe6, 0x30, 0x55, 0x24, 0xda, 0x38, 0xaf, 0x4f, 0x39,
+ /* (2^ 43)P */ 0xf4, 0x28, 0x69, 0x89, 0x58, 0xfb, 0x8e, 0x7a, 0x3c, 0x11, 0x6a, 0xcc, 0xe9, 0x78, 0xc7, 0xfb, 0x6f, 0x59, 0xaf, 0x30, 0xe3, 0x0c, 0x67, 0x72, 0xf7, 0x6c, 0x3d, 0x1d, 0xa8, 0x22, 0xf2, 0x48,
+ /* (2^ 44)P */ 0xa7, 0xca, 0x72, 0x0d, 0x41, 0xce, 0x1f, 0xf0, 0x95, 0x55, 0x3b, 0x21, 0xc7, 0xec, 0x20, 0x5a, 0x83, 0x14, 0xfa, 0xc1, 0x65, 0x11, 0xc2, 0x7b, 0x41, 0xa7, 0xa8, 0x1d, 0xe3, 0x9a, 0xf8, 0x07,
+ /* (2^ 45)P */ 0xf9, 0x0f, 0x83, 0xc6, 0xb4, 0xc2, 0xd2, 0x05, 0x93, 0x62, 0x31, 0xc6, 0x0f, 0x33, 0x3e, 0xd4, 0x04, 0xa9, 0xd3, 0x96, 0x0a, 0x59, 0xa5, 0xa5, 0xb6, 0x33, 0x53, 0xa6, 0x91, 0xdb, 0x5e, 0x70,
+ /* (2^ 46)P */ 0xf7, 0xa5, 0xb9, 0x0b, 0x5e, 0xe1, 0x8e, 0x04, 0x5d, 0xaf, 0x0a, 0x9e, 0xca, 0xcf, 0x40, 0x32, 0x0b, 0xa4, 0xc4, 0xed, 0xce, 0x71, 0x4b, 0x8f, 0x6d, 0x4a, 0x54, 0xde, 0xa3, 0x0d, 0x1c, 0x62,
+ /* (2^ 47)P */ 0x91, 0x40, 0x8c, 0xa0, 0x36, 0x28, 0x87, 0x92, 0x45, 0x14, 0xc9, 0x10, 0xb0, 0x75, 0x83, 0xce, 0x94, 0x63, 0x27, 0x4f, 0x52, 0xeb, 0x72, 0x8a, 0x35, 0x36, 0xc8, 0x7e, 0xfa, 0xfc, 0x67, 0x26,
+ /* (2^ 48)P */ 0x2a, 0x75, 0xe8, 0x45, 0x33, 0x17, 0x4c, 0x7f, 0xa5, 0x79, 0x70, 0xee, 0xfe, 0x47, 0x1b, 0x06, 0x34, 0xff, 0x86, 0x9f, 0xfa, 0x9a, 0xdd, 0x25, 0x9c, 0xc8, 0x5d, 0x42, 0xf5, 0xce, 0x80, 0x37,
+ /* (2^ 49)P */ 0xe9, 0xb4, 0x3b, 0x51, 0x5a, 0x03, 0x46, 0x1a, 0xda, 0x5a, 0x57, 0xac, 0x79, 0xf3, 0x1e, 0x3e, 0x50, 0x4b, 0xa2, 0x5f, 0x1c, 0x5f, 0x8c, 0xc7, 0x22, 0x9f, 0xfd, 0x34, 0x76, 0x96, 0x1a, 0x32,
+ /* (2^ 50)P */ 0xfa, 0x27, 0x6e, 0x82, 0xb8, 0x07, 0x67, 0x94, 0xd0, 0x6f, 0x50, 0x4c, 0xd6, 0x84, 0xca, 0x3d, 0x36, 0x14, 0xe9, 0x75, 0x80, 0x21, 0x89, 0xc1, 0x84, 0x84, 0x3b, 0x9b, 0x16, 0x84, 0x92, 0x6d,
+ /* (2^ 51)P */ 0xdf, 0x2d, 0x3f, 0x38, 0x40, 0xe8, 0x67, 0x3a, 0x75, 0x9b, 0x4f, 0x0c, 0xa3, 0xc9, 0xee, 0x33, 0x47, 0xef, 0x83, 0xa7, 0x6f, 0xc8, 0xc7, 0x3e, 0xc4, 0xfb, 0xc9, 0xba, 0x9f, 0x44, 0xec, 0x26,
+ /* (2^ 52)P */ 0x7d, 0x9e, 0x9b, 0xa0, 0xcb, 0x38, 0x0f, 0x5c, 0x8c, 0x47, 0xa3, 0x62, 0xc7, 0x8c, 0x16, 0x81, 0x1c, 0x12, 0xfc, 0x06, 0xd3, 0xb0, 0x23, 0x3e, 0xdd, 0xdc, 0xef, 0xa5, 0xa0, 0x8a, 0x23, 0x5a,
+ /* (2^ 53)P */ 0xff, 0x43, 0xea, 0xc4, 0x21, 0x61, 0xa2, 0x1b, 0xb5, 0x32, 0x88, 0x7c, 0x7f, 0xc7, 0xf8, 0x36, 0x9a, 0xf9, 0xdc, 0x0a, 0x0b, 0xea, 0xfb, 0x88, 0xf9, 0xeb, 0x5b, 0xc2, 0x8e, 0x93, 0xa9, 0x5c,
+ /* (2^ 54)P */ 0xa0, 0xcd, 0xfc, 0x51, 0x5e, 0x6a, 0x43, 0xd5, 0x3b, 0x89, 0xcd, 0xc2, 0x97, 0x47, 0xbc, 0x1d, 0x08, 0x4a, 0x22, 0xd3, 0x65, 0x6a, 0x34, 0x19, 0x66, 0xf4, 0x9a, 0x9b, 0xe4, 0x34, 0x50, 0x0f,
+ /* (2^ 55)P */ 0x6e, 0xb9, 0xe0, 0xa1, 0x67, 0x39, 0x3c, 0xf2, 0x88, 0x4d, 0x7a, 0x86, 0xfa, 0x08, 0x8b, 0xe5, 0x79, 0x16, 0x34, 0xa7, 0xc6, 0xab, 0x2f, 0xfb, 0x46, 0x69, 0x02, 0xb6, 0x1e, 0x38, 0x75, 0x2a,
+ /* (2^ 56)P */ 0xac, 0x20, 0x94, 0xc1, 0xe4, 0x3b, 0x0a, 0xc8, 0xdc, 0xb6, 0xf2, 0x81, 0xc6, 0xf6, 0xb1, 0x66, 0x88, 0x33, 0xe9, 0x61, 0x67, 0x03, 0xf7, 0x7c, 0xc4, 0xa4, 0x60, 0xa6, 0xd8, 0xbb, 0xab, 0x25,
+ /* (2^ 57)P */ 0x98, 0x51, 0xfd, 0x14, 0xba, 0x12, 0xea, 0x91, 0xa9, 0xff, 0x3c, 0x4a, 0xfc, 0x50, 0x49, 0x68, 0x28, 0xad, 0xf5, 0x30, 0x21, 0x84, 0x26, 0xf8, 0x41, 0xa4, 0x01, 0x53, 0xf7, 0x88, 0xa9, 0x3e,
+ /* (2^ 58)P */ 0x6f, 0x8c, 0x5f, 0x69, 0x9a, 0x10, 0x78, 0xc9, 0xf3, 0xc3, 0x30, 0x05, 0x4a, 0xeb, 0x46, 0x17, 0x95, 0x99, 0x45, 0xb4, 0x77, 0x6d, 0x4d, 0x44, 0xc7, 0x5c, 0x4e, 0x05, 0x8c, 0x2b, 0x95, 0x75,
+ /* (2^ 59)P */ 0xaa, 0xd6, 0xf4, 0x15, 0x79, 0x3f, 0x70, 0xa3, 0xd8, 0x47, 0x26, 0x2f, 0x20, 0x46, 0xc3, 0x66, 0x4b, 0x64, 0x1d, 0x81, 0xdf, 0x69, 0x14, 0xd0, 0x1f, 0xd7, 0xa5, 0x81, 0x7d, 0xa4, 0xfe, 0x77,
+ /* (2^ 60)P */ 0x81, 0xa3, 0x7c, 0xf5, 0x9e, 0x52, 0xe9, 0xc5, 0x1a, 0x88, 0x2f, 0xce, 0xb9, 0xb4, 0xee, 0x6e, 0xd6, 0x9b, 0x00, 0xe8, 0x28, 0x1a, 0xe9, 0xb6, 0xec, 0x3f, 0xfc, 0x9a, 0x3e, 0xbe, 0x80, 0x4b,
+ /* (2^ 61)P */ 0xc5, 0xd2, 0xae, 0x26, 0xc5, 0x73, 0x37, 0x7e, 0x9d, 0xa4, 0xc9, 0x53, 0xb4, 0xfc, 0x4a, 0x1b, 0x4d, 0xb2, 0xff, 0xba, 0xd7, 0xbd, 0x20, 0xa9, 0x0e, 0x40, 0x2d, 0x12, 0x9f, 0x69, 0x54, 0x7c,
+ /* (2^ 62)P */ 0xc8, 0x4b, 0xa9, 0x4f, 0xe1, 0xc8, 0x46, 0xef, 0x5e, 0xed, 0x52, 0x29, 0xce, 0x74, 0xb0, 0xe0, 0xd5, 0x85, 0xd8, 0xdb, 0xe1, 0x50, 0xa4, 0xbe, 0x2c, 0x71, 0x0f, 0x32, 0x49, 0x86, 0xb6, 0x61,
+ /* (2^ 63)P */ 0xd1, 0xbd, 0xcc, 0x09, 0x73, 0x5f, 0x48, 0x8a, 0x2d, 0x1a, 0x4d, 0x7d, 0x0d, 0x32, 0x06, 0xbd, 0xf4, 0xbe, 0x2d, 0x32, 0x73, 0x29, 0x23, 0x25, 0x70, 0xf7, 0x17, 0x8c, 0x75, 0xc4, 0x5d, 0x44,
+ /* (2^ 64)P */ 0x3c, 0x93, 0xc8, 0x7c, 0x17, 0x34, 0x04, 0xdb, 0x9f, 0x05, 0xea, 0x75, 0x21, 0xe8, 0x6f, 0xed, 0x34, 0xdb, 0x53, 0xc0, 0xfd, 0xbe, 0xfe, 0x1e, 0x99, 0xaf, 0x5d, 0xc6, 0x67, 0xe8, 0xdb, 0x4a,
+ /* (2^ 65)P */ 0xdf, 0x09, 0x06, 0xa9, 0xa2, 0x71, 0xcd, 0x3a, 0x50, 0x40, 0xd0, 0x6d, 0x85, 0x91, 0xe9, 0xe5, 0x3c, 0xc2, 0x57, 0x81, 0x68, 0x9b, 0xc6, 0x1e, 0x4d, 0xfe, 0x5c, 0x88, 0xf6, 0x27, 0x74, 0x69,
+ /* (2^ 66)P */ 0x51, 0xa8, 0xe1, 0x65, 0x9b, 0x7b, 0xbe, 0xd7, 0xdd, 0x36, 0xc5, 0x22, 0xd5, 0x28, 0x3d, 0xa0, 0x45, 0xb6, 0xd2, 0x8f, 0x65, 0x9d, 0x39, 0x28, 0xe1, 0x41, 0x26, 0x7c, 0xe1, 0xb7, 0xe5, 0x49,
+ /* (2^ 67)P */ 0xa4, 0x57, 0x04, 0x70, 0x98, 0x3a, 0x8c, 0x6f, 0x78, 0x67, 0xbb, 0x5e, 0xa2, 0xf0, 0x78, 0x50, 0x0f, 0x96, 0x82, 0xc3, 0xcb, 0x3c, 0x3c, 0xd1, 0xb1, 0x84, 0xdf, 0xa7, 0x58, 0x32, 0x00, 0x2e,
+ /* (2^ 68)P */ 0x1c, 0x6a, 0x29, 0xe6, 0x9b, 0xf3, 0xd1, 0x8a, 0xb2, 0xbf, 0x5f, 0x2a, 0x65, 0xaa, 0xee, 0xc1, 0xcb, 0xf3, 0x26, 0xfd, 0x73, 0x06, 0xee, 0x33, 0xcc, 0x2c, 0x9d, 0xa6, 0x73, 0x61, 0x25, 0x59,
+ /* (2^ 69)P */ 0x41, 0xfc, 0x18, 0x4e, 0xaa, 0x07, 0xea, 0x41, 0x1e, 0xa5, 0x87, 0x7c, 0x52, 0x19, 0xfc, 0xd9, 0x6f, 0xca, 0x31, 0x58, 0x80, 0xcb, 0xaa, 0xbd, 0x4f, 0x69, 0x16, 0xc9, 0x2d, 0x65, 0x5b, 0x44,
+ /* (2^ 70)P */ 0x15, 0x23, 0x17, 0xf2, 0xa7, 0xa3, 0x92, 0xce, 0x64, 0x99, 0x1b, 0xe1, 0x2d, 0x28, 0xdc, 0x1e, 0x4a, 0x31, 0x4c, 0xe0, 0xaf, 0x3a, 0x82, 0xa1, 0x86, 0xf5, 0x7c, 0x43, 0x94, 0x2d, 0x0a, 0x79,
+ /* (2^ 71)P */ 0x09, 0xe0, 0xf6, 0x93, 0xfb, 0x47, 0xc4, 0x71, 0x76, 0x52, 0x84, 0x22, 0x67, 0xa5, 0x22, 0x89, 0x69, 0x51, 0x4f, 0x20, 0x3b, 0x90, 0x70, 0xbf, 0xfe, 0x19, 0xa3, 0x1b, 0x89, 0x89, 0x7a, 0x2f,
+ /* (2^ 72)P */ 0x0c, 0x14, 0xe2, 0x77, 0xb5, 0x8e, 0xa0, 0x02, 0xf4, 0xdc, 0x7b, 0x42, 0xd4, 0x4e, 0x9a, 0xed, 0xd1, 0x3c, 0x32, 0xe4, 0x44, 0xec, 0x53, 0x52, 0x5b, 0x35, 0xe9, 0x14, 0x3c, 0x36, 0x88, 0x3e,
+ /* (2^ 73)P */ 0x8c, 0x0b, 0x11, 0x77, 0x42, 0xc1, 0x66, 0xaa, 0x90, 0x33, 0xa2, 0x10, 0x16, 0x39, 0xe0, 0x1a, 0xa2, 0xc2, 0x3f, 0xc9, 0x12, 0xbd, 0x30, 0x20, 0xab, 0xc7, 0x55, 0x95, 0x57, 0x41, 0xe1, 0x3e,
+ /* (2^ 74)P */ 0x41, 0x7d, 0x6e, 0x6d, 0x3a, 0xde, 0x14, 0x92, 0xfe, 0x7e, 0xf1, 0x07, 0x86, 0xd8, 0xcd, 0x3c, 0x17, 0x12, 0xe1, 0xf8, 0x88, 0x12, 0x4f, 0x67, 0xd0, 0x93, 0x9f, 0x32, 0x0f, 0x25, 0x82, 0x56,
+ /* (2^ 75)P */ 0x6e, 0x39, 0x2e, 0x6d, 0x13, 0x0b, 0xf0, 0x6c, 0xbf, 0xde, 0x14, 0x10, 0x6f, 0xf8, 0x4c, 0x6e, 0x83, 0x4e, 0xcc, 0xbf, 0xb5, 0xb1, 0x30, 0x59, 0xb6, 0x16, 0xba, 0x8a, 0xb4, 0x69, 0x70, 0x04,
+ /* (2^ 76)P */ 0x93, 0x07, 0xb2, 0x69, 0xab, 0xe4, 0x4c, 0x0d, 0x9e, 0xfb, 0xd0, 0x97, 0x1a, 0xb9, 0x4d, 0xb2, 0x1d, 0xd0, 0x00, 0x4e, 0xf5, 0x50, 0xfa, 0xcd, 0xb5, 0xdd, 0x8b, 0x36, 0x85, 0x10, 0x1b, 0x22,
+ /* (2^ 77)P */ 0xd2, 0xd8, 0xe3, 0xb1, 0x68, 0x94, 0xe5, 0xe7, 0x93, 0x2f, 0x12, 0xbd, 0x63, 0x65, 0xc5, 0x53, 0x09, 0x3f, 0x66, 0xe0, 0x03, 0xa9, 0xe8, 0xee, 0x42, 0x3d, 0xbe, 0xcb, 0x62, 0xa6, 0xef, 0x61,
+ /* (2^ 78)P */ 0x2a, 0xab, 0x6e, 0xde, 0xdd, 0xdd, 0xf8, 0x2c, 0x31, 0xf2, 0x35, 0x14, 0xd5, 0x0a, 0xf8, 0x9b, 0x73, 0x49, 0xf0, 0xc9, 0xce, 0xda, 0xea, 0x5d, 0x27, 0x9b, 0xd2, 0x41, 0x5d, 0x5b, 0x27, 0x29,
+ /* (2^ 79)P */ 0x4f, 0xf1, 0xeb, 0x95, 0x08, 0x0f, 0xde, 0xcf, 0xa7, 0x05, 0x49, 0x05, 0x6b, 0xb9, 0xaa, 0xb9, 0xfd, 0x20, 0xc4, 0xa1, 0xd9, 0x0d, 0xe8, 0xca, 0xc7, 0xbb, 0x73, 0x16, 0x2f, 0xbf, 0x63, 0x0a,
+ /* (2^ 80)P */ 0x8c, 0xbc, 0x8f, 0x95, 0x11, 0x6e, 0x2f, 0x09, 0xad, 0x2f, 0x82, 0x04, 0xe8, 0x81, 0x2a, 0x67, 0x17, 0x25, 0xd5, 0x60, 0x15, 0x35, 0xc8, 0xca, 0xf8, 0x92, 0xf1, 0xc8, 0x22, 0x77, 0x3f, 0x6f,
+ /* (2^ 81)P */ 0xb7, 0x94, 0xe8, 0xc2, 0xcc, 0x90, 0xba, 0xf8, 0x0d, 0x9f, 0xff, 0x38, 0xa4, 0x57, 0x75, 0x2c, 0x59, 0x23, 0xe5, 0x5a, 0x85, 0x1d, 0x4d, 0x89, 0x69, 0x3d, 0x74, 0x7b, 0x15, 0x22, 0xe1, 0x68,
+ /* (2^ 82)P */ 0xf3, 0x19, 0xb9, 0xcf, 0x70, 0x55, 0x7e, 0xd8, 0xb9, 0x8d, 0x79, 0x95, 0xcd, 0xde, 0x2c, 0x3f, 0xce, 0xa2, 0xc0, 0x10, 0x47, 0x15, 0x21, 0x21, 0xb2, 0xc5, 0x6d, 0x24, 0x15, 0xa1, 0x66, 0x3c,
+ /* (2^ 83)P */ 0x72, 0xcb, 0x4e, 0x29, 0x62, 0xc5, 0xed, 0xcb, 0x16, 0x0b, 0x28, 0x6a, 0xc3, 0x43, 0x71, 0xba, 0x67, 0x8b, 0x07, 0xd4, 0xef, 0xc2, 0x10, 0x96, 0x1e, 0x4b, 0x6a, 0x94, 0x5d, 0x73, 0x44, 0x61,
+ /* (2^ 84)P */ 0x50, 0x33, 0x5b, 0xd7, 0x1e, 0x11, 0x6f, 0x53, 0x1b, 0xd8, 0x41, 0x20, 0x8c, 0xdb, 0x11, 0x02, 0x3c, 0x41, 0x10, 0x0e, 0x00, 0xb1, 0x3c, 0xf9, 0x76, 0x88, 0x9e, 0x03, 0x3c, 0xfd, 0x9d, 0x14,
+ /* (2^ 85)P */ 0x5b, 0x15, 0x63, 0x6b, 0xe4, 0xdd, 0x79, 0xd4, 0x76, 0x79, 0x83, 0x3c, 0xe9, 0x15, 0x6e, 0xb6, 0x38, 0xe0, 0x13, 0x1f, 0x3b, 0xe4, 0xfd, 0xda, 0x35, 0x0b, 0x4b, 0x2e, 0x1a, 0xda, 0xaf, 0x5f,
+ /* (2^ 86)P */ 0x81, 0x75, 0x19, 0x17, 0xdf, 0xbb, 0x00, 0x36, 0xc2, 0xd2, 0x3c, 0xbe, 0x0b, 0x05, 0x72, 0x39, 0x86, 0xbe, 0xd5, 0xbd, 0x6d, 0x90, 0x38, 0x59, 0x0f, 0x86, 0x9b, 0x3f, 0xe4, 0xe5, 0xfc, 0x34,
+ /* (2^ 87)P */ 0x02, 0x4d, 0xd1, 0x42, 0xcd, 0xa4, 0xa8, 0x75, 0x65, 0xdf, 0x41, 0x34, 0xc5, 0xab, 0x8d, 0x82, 0xd3, 0x31, 0xe1, 0xd2, 0xed, 0xab, 0xdc, 0x33, 0x5f, 0xd2, 0x14, 0xb8, 0x6f, 0xd7, 0xba, 0x3e,
+ /* (2^ 88)P */ 0x0f, 0xe1, 0x70, 0x6f, 0x56, 0x6f, 0x90, 0xd4, 0x5a, 0x0f, 0x69, 0x51, 0xaa, 0xf7, 0x12, 0x5d, 0xf2, 0xfc, 0xce, 0x76, 0x6e, 0xb1, 0xad, 0x45, 0x99, 0x29, 0x23, 0xad, 0xae, 0x68, 0xf7, 0x01,
+ /* (2^ 89)P */ 0xbd, 0xfe, 0x48, 0x62, 0x7b, 0xc7, 0x6c, 0x2b, 0xfd, 0xaf, 0x3a, 0xec, 0x28, 0x06, 0xd3, 0x3c, 0x6a, 0x48, 0xef, 0xd4, 0x80, 0x0b, 0x1c, 0xce, 0x23, 0x6c, 0xf6, 0xa6, 0x2e, 0xff, 0x3b, 0x4c,
+ /* (2^ 90)P */ 0x5f, 0xeb, 0xea, 0x4a, 0x09, 0xc4, 0x2e, 0x3f, 0xa7, 0x2c, 0x37, 0x6e, 0x28, 0x9b, 0xb1, 0x61, 0x1d, 0x70, 0x2a, 0xde, 0x66, 0xa9, 0xef, 0x5e, 0xef, 0xe3, 0x55, 0xde, 0x65, 0x05, 0xb2, 0x23,
+ /* (2^ 91)P */ 0x57, 0x85, 0xd5, 0x79, 0x52, 0xca, 0x01, 0xe3, 0x4f, 0x87, 0xc2, 0x27, 0xce, 0xd4, 0xb2, 0x07, 0x67, 0x1d, 0xcf, 0x9d, 0x8a, 0xcd, 0x32, 0xa5, 0x56, 0xff, 0x2b, 0x3f, 0xe2, 0xfe, 0x52, 0x2a,
+ /* (2^ 92)P */ 0x3d, 0x66, 0xd8, 0x7c, 0xb3, 0xef, 0x24, 0x86, 0x94, 0x75, 0xbd, 0xff, 0x20, 0xac, 0xc7, 0xbb, 0x45, 0x74, 0xd3, 0x82, 0x9c, 0x5e, 0xb8, 0x57, 0x66, 0xec, 0xa6, 0x86, 0xcb, 0x52, 0x30, 0x7b,
+ /* (2^ 93)P */ 0x1e, 0xe9, 0x25, 0x25, 0xad, 0xf0, 0x82, 0x34, 0xa0, 0xdc, 0x8e, 0xd2, 0x43, 0x80, 0xb6, 0x2c, 0x3a, 0x00, 0x1b, 0x2e, 0x05, 0x6d, 0x4f, 0xaf, 0x0a, 0x1b, 0x78, 0x29, 0x25, 0x8c, 0x5f, 0x18,
+ /* (2^ 94)P */ 0xd6, 0xe0, 0x0c, 0xd8, 0x5b, 0xde, 0x41, 0xaa, 0xd6, 0xe9, 0x53, 0x68, 0x41, 0xb2, 0x07, 0x94, 0x3a, 0x4c, 0x7f, 0x35, 0x6e, 0xc3, 0x3e, 0x56, 0xce, 0x7b, 0x29, 0x0e, 0xdd, 0xb8, 0xc4, 0x4c,
+ /* (2^ 95)P */ 0x0e, 0x73, 0xb8, 0xff, 0x52, 0x1a, 0xfc, 0xa2, 0x37, 0x8e, 0x05, 0x67, 0x6e, 0xf1, 0x11, 0x18, 0xe1, 0x4e, 0xdf, 0xcd, 0x66, 0xa3, 0xf9, 0x10, 0x99, 0xf0, 0xb9, 0xa0, 0xc4, 0xa0, 0xf4, 0x72,
+ /* (2^ 96)P */ 0xa7, 0x4e, 0x3f, 0x66, 0x6f, 0xc0, 0x16, 0x8c, 0xba, 0x0f, 0x97, 0x4e, 0xf7, 0x3a, 0x3b, 0x69, 0x45, 0xc3, 0x9e, 0xd6, 0xf1, 0xe7, 0x02, 0x21, 0x89, 0x80, 0x8a, 0x96, 0xbc, 0x3c, 0xa5, 0x0b,
+ /* (2^ 97)P */ 0x37, 0x55, 0xa1, 0xfe, 0xc7, 0x9d, 0x3d, 0xca, 0x93, 0x64, 0x53, 0x51, 0xbb, 0x24, 0x68, 0x4c, 0xb1, 0x06, 0x40, 0x84, 0x14, 0x63, 0x88, 0xb9, 0x60, 0xcc, 0x54, 0xb4, 0x2a, 0xa7, 0xd2, 0x40,
+ /* (2^ 98)P */ 0x75, 0x09, 0x57, 0x12, 0xb7, 0xa1, 0x36, 0x59, 0x57, 0xa6, 0xbd, 0xde, 0x48, 0xd6, 0xb9, 0x91, 0xea, 0x30, 0x43, 0xb6, 0x4b, 0x09, 0x44, 0x33, 0xd0, 0x51, 0xee, 0x12, 0x0d, 0xa1, 0x6b, 0x00,
+ /* (2^ 99)P */ 0x58, 0x5d, 0xde, 0xf5, 0x68, 0x84, 0x22, 0x19, 0xb0, 0x05, 0xcc, 0x38, 0x4c, 0x2f, 0xb1, 0x0e, 0x90, 0x19, 0x60, 0xd5, 0x9d, 0x9f, 0x03, 0xa1, 0x0b, 0x0e, 0xff, 0x4f, 0xce, 0xd4, 0x02, 0x45,
+ /* (2^100)P */ 0x89, 0xc1, 0x37, 0x68, 0x10, 0x54, 0x20, 0xeb, 0x3c, 0xb9, 0xd3, 0x6d, 0x4c, 0x54, 0xf6, 0xd0, 0x4f, 0xd7, 0x16, 0xc4, 0x64, 0x70, 0x72, 0x40, 0xf0, 0x2e, 0x50, 0x4b, 0x11, 0xc6, 0x15, 0x6e,
+ /* (2^101)P */ 0x6b, 0xa7, 0xb1, 0xcf, 0x98, 0xa3, 0xf2, 0x4d, 0xb1, 0xf6, 0xf2, 0x19, 0x74, 0x6c, 0x25, 0x11, 0x43, 0x60, 0x6e, 0x06, 0x62, 0x79, 0x49, 0x4a, 0x44, 0x5b, 0x35, 0x41, 0xab, 0x3a, 0x5b, 0x70,
+ /* (2^102)P */ 0xd8, 0xb1, 0x97, 0xd7, 0x36, 0xf5, 0x5e, 0x36, 0xdb, 0xf0, 0xdd, 0x22, 0xd6, 0x6b, 0x07, 0x00, 0x88, 0x5a, 0x57, 0xe0, 0xb0, 0x33, 0xbf, 0x3b, 0x4d, 0xca, 0xe4, 0xc8, 0x05, 0xaa, 0x77, 0x37,
+ /* (2^103)P */ 0x5f, 0xdb, 0x78, 0x55, 0xc8, 0x45, 0x27, 0x39, 0xe2, 0x5a, 0xae, 0xdb, 0x49, 0x41, 0xda, 0x6f, 0x67, 0x98, 0xdc, 0x8a, 0x0b, 0xb0, 0xf0, 0xb1, 0xa3, 0x1d, 0x6f, 0xd3, 0x37, 0x34, 0x96, 0x09,
+ /* (2^104)P */ 0x53, 0x38, 0xdc, 0xa5, 0x90, 0x4e, 0x82, 0x7e, 0xbd, 0x5c, 0x13, 0x1f, 0x64, 0xf6, 0xb5, 0xcc, 0xcc, 0x8f, 0xce, 0x87, 0x6c, 0xd8, 0x36, 0x67, 0x9f, 0x24, 0x04, 0x66, 0xe2, 0x3c, 0x5f, 0x62,
+ /* (2^105)P */ 0x3f, 0xf6, 0x02, 0x95, 0x05, 0xc8, 0x8a, 0xaf, 0x69, 0x14, 0x35, 0x2e, 0x0a, 0xe7, 0x05, 0x0c, 0x05, 0x63, 0x4b, 0x76, 0x9c, 0x2e, 0x29, 0x35, 0xc3, 0x3a, 0xe2, 0xc7, 0x60, 0x43, 0x39, 0x1a,
+ /* (2^106)P */ 0x64, 0x32, 0x18, 0x51, 0x32, 0xd5, 0xc6, 0xd5, 0x4f, 0xb7, 0xc2, 0x43, 0xbd, 0x5a, 0x06, 0x62, 0x9b, 0x3f, 0x97, 0x3b, 0xd0, 0xf5, 0xfb, 0xb5, 0x5e, 0x6e, 0x20, 0x61, 0x36, 0xda, 0xa3, 0x13,
+ /* (2^107)P */ 0xe5, 0x94, 0x5d, 0x72, 0x37, 0x58, 0xbd, 0xc6, 0xc5, 0x16, 0x50, 0x20, 0x12, 0x09, 0xe3, 0x18, 0x68, 0x3c, 0x03, 0x70, 0x15, 0xce, 0x88, 0x20, 0x87, 0x79, 0x83, 0x5c, 0x49, 0x1f, 0xba, 0x7f,
+ /* (2^108)P */ 0x9d, 0x07, 0xf9, 0xf2, 0x23, 0x74, 0x8c, 0x5a, 0xc5, 0x3f, 0x02, 0x34, 0x7b, 0x15, 0x35, 0x17, 0x51, 0xb3, 0xfa, 0xd2, 0x9a, 0xb4, 0xf9, 0xe4, 0x3c, 0xe3, 0x78, 0xc8, 0x72, 0xff, 0x91, 0x66,
+ /* (2^109)P */ 0x3e, 0xff, 0x5e, 0xdc, 0xde, 0x2a, 0x2c, 0x12, 0xf4, 0x6c, 0x95, 0xd8, 0xf1, 0x4b, 0xdd, 0xf8, 0xda, 0x5b, 0x9e, 0x9e, 0x5d, 0x20, 0x86, 0xeb, 0x43, 0xc7, 0x75, 0xd9, 0xb9, 0x92, 0x9b, 0x04,
+ /* (2^110)P */ 0x5a, 0xc0, 0xf6, 0xb0, 0x30, 0x97, 0x37, 0xa5, 0x53, 0xa5, 0xf3, 0xc6, 0xac, 0xff, 0xa0, 0x72, 0x6d, 0xcd, 0x0d, 0xb2, 0x34, 0x2c, 0x03, 0xb0, 0x4a, 0x16, 0xd5, 0x88, 0xbc, 0x9d, 0x0e, 0x47,
+ /* (2^111)P */ 0x47, 0xc0, 0x37, 0xa2, 0x0c, 0xf1, 0x9c, 0xb1, 0xa2, 0x81, 0x6c, 0x1f, 0x71, 0x66, 0x54, 0xb6, 0x43, 0x0b, 0xd8, 0x6d, 0xd1, 0x1b, 0x32, 0xb3, 0x8e, 0xbe, 0x5f, 0x0c, 0x60, 0x4f, 0xc1, 0x48,
+ /* (2^112)P */ 0x03, 0xc8, 0xa6, 0x4a, 0x26, 0x1c, 0x45, 0x66, 0xa6, 0x7d, 0xfa, 0xa4, 0x04, 0x39, 0x6e, 0xb6, 0x95, 0x83, 0x12, 0xb3, 0xb0, 0x19, 0x5f, 0xd4, 0x10, 0xbc, 0xc9, 0xc3, 0x27, 0x26, 0x60, 0x31,
+ /* (2^113)P */ 0x0d, 0xe1, 0xe4, 0x32, 0x48, 0xdc, 0x20, 0x31, 0xf7, 0x17, 0xc7, 0x56, 0x67, 0xc4, 0x20, 0xeb, 0x94, 0x02, 0x28, 0x67, 0x3f, 0x2e, 0xf5, 0x00, 0x09, 0xc5, 0x30, 0x47, 0xc1, 0x4f, 0x6d, 0x56,
+ /* (2^114)P */ 0x06, 0x72, 0x83, 0xfd, 0x40, 0x5d, 0x3a, 0x7e, 0x7a, 0x54, 0x59, 0x71, 0xdc, 0x26, 0xe9, 0xc1, 0x95, 0x60, 0x8d, 0xa6, 0xfb, 0x30, 0x67, 0x21, 0xa7, 0xce, 0x69, 0x3f, 0x84, 0xc3, 0xe8, 0x22,
+ /* (2^115)P */ 0x2b, 0x4b, 0x0e, 0x93, 0xe8, 0x74, 0xd0, 0x33, 0x16, 0x58, 0xd1, 0x84, 0x0e, 0x35, 0xe4, 0xb6, 0x65, 0x23, 0xba, 0xd6, 0x6a, 0xc2, 0x34, 0x55, 0xf3, 0xf3, 0xf1, 0x89, 0x2f, 0xc1, 0x73, 0x77,
+ /* (2^116)P */ 0xaa, 0x62, 0x79, 0xa5, 0x4d, 0x40, 0xba, 0x8c, 0x56, 0xce, 0x99, 0x19, 0xa8, 0x97, 0x98, 0x5b, 0xfc, 0x92, 0x16, 0x12, 0x2f, 0x86, 0x8e, 0x50, 0x91, 0xc2, 0x93, 0xa0, 0x7f, 0x90, 0x81, 0x3a,
+ /* (2^117)P */ 0x10, 0xa5, 0x25, 0x47, 0xff, 0xd0, 0xde, 0x0d, 0x03, 0xc5, 0x3f, 0x67, 0x10, 0xcc, 0xd8, 0x10, 0x89, 0x4e, 0x1f, 0x9f, 0x1c, 0x15, 0x9d, 0x5b, 0x4c, 0xa4, 0x09, 0xcb, 0xd5, 0xc1, 0xa5, 0x32,
+ /* (2^118)P */ 0xfb, 0x41, 0x05, 0xb9, 0x42, 0xa4, 0x0a, 0x1e, 0xdb, 0x85, 0xb4, 0xc1, 0x7c, 0xeb, 0x85, 0x5f, 0xe5, 0xf2, 0x9d, 0x8a, 0xce, 0x95, 0xe5, 0xbe, 0x36, 0x22, 0x42, 0x22, 0xc7, 0x96, 0xe4, 0x25,
+ /* (2^119)P */ 0xb9, 0xe5, 0x0f, 0xcd, 0x46, 0x3c, 0xdf, 0x5e, 0x88, 0x33, 0xa4, 0xd2, 0x7e, 0x5a, 0xe7, 0x34, 0x52, 0xe3, 0x61, 0xd7, 0x11, 0xde, 0x88, 0xe4, 0x5c, 0x54, 0x85, 0xa0, 0x01, 0x8a, 0x87, 0x0e,
+ /* (2^120)P */ 0x04, 0xbb, 0x21, 0xe0, 0x77, 0x3c, 0x49, 0xba, 0x9a, 0x89, 0xdf, 0xc7, 0x43, 0x18, 0x4d, 0x2b, 0x67, 0x0d, 0xe8, 0x7a, 0x48, 0x7a, 0xa3, 0x9e, 0x94, 0x17, 0xe4, 0x11, 0x80, 0x95, 0xa9, 0x67,
+ /* (2^121)P */ 0x65, 0xb0, 0x97, 0x66, 0x1a, 0x05, 0x58, 0x4b, 0xd4, 0xa6, 0x6b, 0x8d, 0x7d, 0x3f, 0xe3, 0x47, 0xc1, 0x46, 0xca, 0x83, 0xd4, 0xa8, 0x4d, 0xbb, 0x0d, 0xdb, 0xc2, 0x81, 0xa1, 0xca, 0xbe, 0x68,
+ /* (2^122)P */ 0xa5, 0x9a, 0x98, 0x0b, 0xe9, 0x80, 0x89, 0x8d, 0x9b, 0xc9, 0x93, 0x2c, 0x4a, 0xb1, 0x5e, 0xf9, 0xa2, 0x73, 0x6e, 0x79, 0xc4, 0xc7, 0xc6, 0x51, 0x69, 0xb5, 0xef, 0xb5, 0x63, 0x83, 0x22, 0x6e,
+ /* (2^123)P */ 0xc8, 0x24, 0xd6, 0x2d, 0xb0, 0xc0, 0xbb, 0xc6, 0xee, 0x70, 0x81, 0xec, 0x7d, 0xb4, 0x7e, 0x77, 0xa9, 0xaf, 0xcf, 0x04, 0xa0, 0x15, 0xde, 0x3c, 0x9b, 0xbf, 0x60, 0x71, 0x08, 0xbc, 0xc6, 0x1d,
+ /* (2^124)P */ 0x02, 0x40, 0xc3, 0xee, 0x43, 0xe0, 0x07, 0x2e, 0x7f, 0xdc, 0x68, 0x7a, 0x67, 0xfc, 0xe9, 0x18, 0x9a, 0x5b, 0xd1, 0x8b, 0x18, 0x03, 0xda, 0xd8, 0x53, 0x82, 0x56, 0x00, 0xbb, 0xc3, 0xfb, 0x48,
+ /* (2^125)P */ 0xe1, 0x4c, 0x65, 0xfb, 0x4c, 0x7d, 0x54, 0x57, 0xad, 0xe2, 0x58, 0xa0, 0x82, 0x5b, 0x56, 0xd3, 0x78, 0x44, 0x15, 0xbf, 0x0b, 0xaf, 0x3e, 0xf6, 0x18, 0xbb, 0xdf, 0x14, 0xf1, 0x1e, 0x53, 0x47,
+ /* (2^126)P */ 0x87, 0xc5, 0x78, 0x42, 0x0a, 0x63, 0xec, 0xe1, 0xf3, 0x83, 0x8e, 0xca, 0x46, 0xd5, 0x07, 0x55, 0x2b, 0x0c, 0xdc, 0x3a, 0xc6, 0x35, 0xe1, 0x85, 0x4e, 0x84, 0x82, 0x56, 0xa8, 0xef, 0xa7, 0x0a,
+ /* (2^127)P */ 0x15, 0xf6, 0xe1, 0xb3, 0xa8, 0x1b, 0x69, 0x72, 0xfa, 0x3f, 0xbe, 0x1f, 0x70, 0xe9, 0xb4, 0x32, 0x68, 0x78, 0xbb, 0x39, 0x2e, 0xd9, 0xb6, 0x97, 0xe8, 0x39, 0x2e, 0xa0, 0xde, 0x53, 0xfe, 0x2c,
+ /* (2^128)P */ 0xb0, 0x52, 0xcd, 0x85, 0xcd, 0x92, 0x73, 0x68, 0x31, 0x98, 0xe2, 0x10, 0xc9, 0x66, 0xff, 0x27, 0x06, 0x2d, 0x83, 0xa9, 0x56, 0x45, 0x13, 0x97, 0xa0, 0xf8, 0x84, 0x0a, 0x36, 0xb0, 0x9b, 0x26,
+ /* (2^129)P */ 0x5c, 0xf8, 0x43, 0x76, 0x45, 0x55, 0x6e, 0x70, 0x1b, 0x7d, 0x59, 0x9b, 0x8c, 0xa4, 0x34, 0x37, 0x72, 0xa4, 0xef, 0xc6, 0xe8, 0x91, 0xee, 0x7a, 0xe0, 0xd9, 0xa9, 0x98, 0xc1, 0xab, 0xd6, 0x5c,
+ /* (2^130)P */ 0x1a, 0xe4, 0x3c, 0xcb, 0x06, 0xde, 0x04, 0x0e, 0x38, 0xe1, 0x02, 0x34, 0x89, 0xeb, 0xc6, 0xd8, 0x72, 0x37, 0x6e, 0x68, 0xbb, 0x59, 0x46, 0x90, 0xc8, 0xa8, 0x6b, 0x74, 0x71, 0xc3, 0x15, 0x72,
+ /* (2^131)P */ 0xd9, 0xa2, 0xe4, 0xea, 0x7e, 0xa9, 0x12, 0xfd, 0xc5, 0xf2, 0x94, 0x63, 0x51, 0xb7, 0x14, 0x95, 0x94, 0xf2, 0x08, 0x92, 0x80, 0xd5, 0x6f, 0x26, 0xb9, 0x26, 0x9a, 0x61, 0x85, 0x70, 0x84, 0x5c,
+ /* (2^132)P */ 0xea, 0x94, 0xd6, 0xfe, 0x10, 0x54, 0x98, 0x52, 0x54, 0xd2, 0x2e, 0x4a, 0x93, 0x5b, 0x90, 0x3c, 0x67, 0xe4, 0x3b, 0x2d, 0x69, 0x47, 0xbb, 0x10, 0xe1, 0xe9, 0xe5, 0x69, 0x2d, 0x3d, 0x3b, 0x06,
+ /* (2^133)P */ 0xeb, 0x7d, 0xa5, 0xdd, 0xee, 0x26, 0x27, 0x47, 0x91, 0x18, 0xf4, 0x10, 0xae, 0xc4, 0xb6, 0xef, 0x14, 0x76, 0x30, 0x7b, 0x91, 0x41, 0x16, 0x2b, 0x7c, 0x5b, 0xf4, 0xc4, 0x4f, 0x55, 0x7c, 0x11,
+ /* (2^134)P */ 0x12, 0x88, 0x9d, 0x8f, 0x11, 0xf3, 0x7c, 0xc0, 0x39, 0x79, 0x01, 0x50, 0x20, 0xd8, 0xdb, 0x01, 0x27, 0x28, 0x1b, 0x17, 0xf4, 0x03, 0xe8, 0xd7, 0xea, 0x25, 0xd2, 0x87, 0x74, 0xe8, 0x15, 0x10,
+ /* (2^135)P */ 0x4d, 0xcc, 0x3a, 0xd2, 0xfe, 0xe3, 0x8d, 0xc5, 0x2d, 0xbe, 0xa7, 0x94, 0xc2, 0x91, 0xdb, 0x50, 0x57, 0xf4, 0x9c, 0x1c, 0x3d, 0xd4, 0x94, 0x0b, 0x4a, 0x52, 0x37, 0x6e, 0xfa, 0x40, 0x16, 0x6b,
+ /* (2^136)P */ 0x09, 0x0d, 0xda, 0x5f, 0x6c, 0x34, 0x2f, 0x69, 0x51, 0x31, 0x4d, 0xfa, 0x59, 0x1c, 0x0b, 0x20, 0x96, 0xa2, 0x77, 0x07, 0x76, 0x6f, 0xc4, 0xb8, 0xcf, 0xfb, 0xfd, 0x3f, 0x5f, 0x39, 0x38, 0x4b,
+ /* (2^137)P */ 0x71, 0xd6, 0x54, 0xbe, 0x00, 0x5e, 0xd2, 0x18, 0xa6, 0xab, 0xc8, 0xbe, 0x82, 0x05, 0xd5, 0x60, 0x82, 0xb9, 0x78, 0x3b, 0x26, 0x8f, 0xad, 0x87, 0x32, 0x04, 0xda, 0x9c, 0x4e, 0xf6, 0xfd, 0x50,
+ /* (2^138)P */ 0xf0, 0xdc, 0x78, 0xc5, 0xaa, 0x67, 0xf5, 0x90, 0x3b, 0x13, 0xa3, 0xf2, 0x0e, 0x9b, 0x1e, 0xef, 0x71, 0xde, 0xd9, 0x42, 0x92, 0xba, 0xeb, 0x0e, 0xc7, 0x01, 0x31, 0xf0, 0x9b, 0x3c, 0x47, 0x15,
+ /* (2^139)P */ 0x95, 0x80, 0xb7, 0x56, 0xae, 0xe8, 0x77, 0x7c, 0x8e, 0x07, 0x6f, 0x6e, 0x66, 0xe7, 0x78, 0xb6, 0x1f, 0xba, 0x48, 0x53, 0x61, 0xb9, 0xa0, 0x2d, 0x0b, 0x3f, 0x73, 0xff, 0xc1, 0x31, 0xf9, 0x7c,
+ /* (2^140)P */ 0x6c, 0x36, 0x0a, 0x0a, 0xf5, 0x57, 0xb3, 0x26, 0x32, 0xd7, 0x87, 0x2b, 0xf4, 0x8c, 0x70, 0xe9, 0xc0, 0xb2, 0x1c, 0xf9, 0xa5, 0xee, 0x3a, 0xc1, 0x4c, 0xbb, 0x43, 0x11, 0x99, 0x0c, 0xd9, 0x35,
+ /* (2^141)P */ 0xdc, 0xd9, 0xa0, 0xa9, 0x04, 0xc4, 0xc1, 0x47, 0x51, 0xd2, 0x72, 0x19, 0x45, 0x58, 0x9e, 0x65, 0x31, 0x8c, 0xb3, 0x73, 0xc4, 0xa8, 0x75, 0x38, 0x24, 0x1f, 0x56, 0x79, 0xd3, 0x9e, 0xbd, 0x1f,
+ /* (2^142)P */ 0x8d, 0xc2, 0x1e, 0xd4, 0x6f, 0xbc, 0xfa, 0x11, 0xca, 0x2d, 0x2a, 0xcd, 0xe3, 0xdf, 0xf8, 0x7e, 0x95, 0x45, 0x40, 0x8c, 0x5d, 0x3b, 0xe7, 0x72, 0x27, 0x2f, 0xb7, 0x54, 0x49, 0xfa, 0x35, 0x61,
+ /* (2^143)P */ 0x9c, 0xb6, 0x24, 0xde, 0xa2, 0x32, 0xfc, 0xcc, 0x88, 0x5d, 0x09, 0x1f, 0x8c, 0x69, 0x55, 0x3f, 0x29, 0xf9, 0xc3, 0x5a, 0xed, 0x50, 0x33, 0xbe, 0xeb, 0x7e, 0x47, 0xca, 0x06, 0xf8, 0x9b, 0x5e,
+ /* (2^144)P */ 0x68, 0x9f, 0x30, 0x3c, 0xb6, 0x8f, 0xce, 0xe9, 0xf4, 0xf9, 0xe1, 0x65, 0x35, 0xf6, 0x76, 0x53, 0xf1, 0x93, 0x63, 0x5a, 0xb3, 0xcf, 0xaf, 0xd1, 0x06, 0x35, 0x62, 0xe5, 0xed, 0xa1, 0x32, 0x66,
+ /* (2^145)P */ 0x4c, 0xed, 0x2d, 0x0c, 0x39, 0x6c, 0x7d, 0x0b, 0x1f, 0xcb, 0x04, 0xdf, 0x81, 0x32, 0xcb, 0x56, 0xc7, 0xc3, 0xec, 0x49, 0x12, 0x5a, 0x30, 0x66, 0x2a, 0xa7, 0x8c, 0xa3, 0x60, 0x8b, 0x58, 0x5d,
+ /* (2^146)P */ 0x2d, 0xf4, 0xe5, 0xe8, 0x78, 0xbf, 0xec, 0xa6, 0xec, 0x3e, 0x8a, 0x3c, 0x4b, 0xb4, 0xee, 0x86, 0x04, 0x16, 0xd2, 0xfb, 0x48, 0x9c, 0x21, 0xec, 0x31, 0x67, 0xc3, 0x17, 0xf5, 0x1a, 0xaf, 0x1a,
+ /* (2^147)P */ 0xe7, 0xbd, 0x69, 0x67, 0x83, 0xa2, 0x06, 0xc3, 0xdb, 0x2a, 0x1e, 0x2b, 0x62, 0x80, 0x82, 0x20, 0xa6, 0x94, 0xff, 0xfb, 0x1f, 0xf5, 0x27, 0x80, 0x6b, 0xf2, 0x24, 0x11, 0xce, 0xa1, 0xcf, 0x76,
+ /* (2^148)P */ 0xb6, 0xab, 0x22, 0x24, 0x56, 0x00, 0xeb, 0x18, 0xc3, 0x29, 0x8c, 0x8f, 0xd5, 0xc4, 0x77, 0xf3, 0x1a, 0x56, 0x31, 0xf5, 0x07, 0xc2, 0xbb, 0x4d, 0x27, 0x8a, 0x12, 0x82, 0xf0, 0xb7, 0x53, 0x02,
+ /* (2^149)P */ 0xe0, 0x17, 0x2c, 0xb6, 0x1c, 0x09, 0x1f, 0x3d, 0xa9, 0x28, 0x46, 0xd6, 0xab, 0xe1, 0x60, 0x48, 0x53, 0x42, 0x9d, 0x30, 0x36, 0x74, 0xd1, 0x52, 0x76, 0xe5, 0xfa, 0x3e, 0xe1, 0x97, 0x6f, 0x35,
+ /* (2^150)P */ 0x5b, 0x53, 0x50, 0xa1, 0x1a, 0xe1, 0x51, 0xd3, 0xcc, 0x78, 0xd8, 0x1d, 0xbb, 0x45, 0x6b, 0x3e, 0x98, 0x2c, 0xd9, 0xbe, 0x28, 0x61, 0x77, 0x0c, 0xb8, 0x85, 0x28, 0x03, 0x93, 0xae, 0x34, 0x1d,
+ /* (2^151)P */ 0xc3, 0xa4, 0x5b, 0xa8, 0x8c, 0x48, 0xa0, 0x4b, 0xce, 0xe6, 0x9c, 0x3c, 0xc3, 0x48, 0x53, 0x98, 0x70, 0xa7, 0xbd, 0x97, 0x6f, 0x4c, 0x12, 0x66, 0x4a, 0x12, 0x54, 0x06, 0x29, 0xa0, 0x81, 0x0f,
+ /* (2^152)P */ 0xfd, 0x86, 0x9b, 0x56, 0xa6, 0x9c, 0xd0, 0x9e, 0x2d, 0x9a, 0xaf, 0x18, 0xfd, 0x09, 0x10, 0x81, 0x0a, 0xc2, 0xd8, 0x93, 0x3f, 0xd0, 0x08, 0xff, 0x6b, 0xf2, 0xae, 0x9f, 0x19, 0x48, 0xa1, 0x52,
+ /* (2^153)P */ 0x73, 0x1b, 0x8d, 0x2d, 0xdc, 0xf9, 0x03, 0x3e, 0x70, 0x1a, 0x96, 0x73, 0x18, 0x80, 0x05, 0x42, 0x70, 0x59, 0xa3, 0x41, 0xf0, 0x87, 0xd9, 0xc0, 0x49, 0xd5, 0xc0, 0xa1, 0x15, 0x1f, 0xaa, 0x07,
+ /* (2^154)P */ 0x24, 0x72, 0xd2, 0x8c, 0xe0, 0x6c, 0xd4, 0xdf, 0x39, 0x42, 0x4e, 0x93, 0x4f, 0x02, 0x0a, 0x6d, 0x59, 0x7b, 0x89, 0x99, 0x63, 0x7a, 0x8a, 0x80, 0xa2, 0x95, 0x3d, 0xe1, 0xe9, 0x56, 0x45, 0x0a,
+ /* (2^155)P */ 0x45, 0x30, 0xc1, 0xe9, 0x1f, 0x99, 0x1a, 0xd2, 0xb8, 0x51, 0x77, 0xfe, 0x48, 0x85, 0x0e, 0x9b, 0x35, 0x00, 0xf3, 0x4b, 0xcb, 0x43, 0xa6, 0x5d, 0x21, 0xf7, 0x40, 0x39, 0xd6, 0x28, 0xdb, 0x77,
+ /* (2^156)P */ 0x11, 0x90, 0xdc, 0x4a, 0x61, 0xeb, 0x5e, 0xfc, 0xeb, 0x11, 0xc4, 0xe8, 0x9a, 0x41, 0x29, 0x52, 0x74, 0xcf, 0x1d, 0x7d, 0x78, 0xe7, 0xc3, 0x9e, 0xb5, 0x4c, 0x6e, 0x21, 0x3e, 0x05, 0x0d, 0x34,
+ /* (2^157)P */ 0xb4, 0xf2, 0x8d, 0xb4, 0x39, 0xaf, 0xc7, 0xca, 0x94, 0x0a, 0xa1, 0x71, 0x28, 0xec, 0xfa, 0xc0, 0xed, 0x75, 0xa5, 0x5c, 0x24, 0x69, 0x0a, 0x14, 0x4c, 0x3a, 0x27, 0x34, 0x71, 0xc3, 0xf1, 0x0c,
+ /* (2^158)P */ 0xa5, 0xb8, 0x24, 0xc2, 0x6a, 0x30, 0xee, 0xc8, 0xb0, 0x30, 0x49, 0xcb, 0x7c, 0xee, 0xea, 0x57, 0x4f, 0xe7, 0xcb, 0xaa, 0xbd, 0x06, 0xe8, 0xa1, 0x7d, 0x65, 0xeb, 0x2e, 0x74, 0x62, 0x9a, 0x7d,
+ /* (2^159)P */ 0x30, 0x48, 0x6c, 0x54, 0xef, 0xb6, 0xb6, 0x9e, 0x2e, 0x6e, 0xb3, 0xdd, 0x1f, 0xca, 0x5c, 0x88, 0x05, 0x71, 0x0d, 0xef, 0x83, 0xf3, 0xb9, 0xe6, 0x12, 0x04, 0x2e, 0x9d, 0xef, 0x4f, 0x65, 0x58,
+ /* (2^160)P */ 0x26, 0x8e, 0x0e, 0xbe, 0xff, 0xc4, 0x05, 0xa9, 0x6e, 0x81, 0x31, 0x9b, 0xdf, 0xe5, 0x2d, 0x94, 0xe1, 0x88, 0x2e, 0x80, 0x3f, 0x72, 0x7d, 0x49, 0x8d, 0x40, 0x2f, 0x60, 0xea, 0x4d, 0x68, 0x30,
+ /* (2^161)P */ 0x34, 0xcb, 0xe6, 0xa3, 0x78, 0xa2, 0xe5, 0x21, 0xc4, 0x1d, 0x15, 0x5b, 0x6f, 0x6e, 0xfb, 0xae, 0x15, 0xca, 0x77, 0x9d, 0x04, 0x8e, 0x0b, 0xb3, 0x81, 0x89, 0xb9, 0x53, 0xcf, 0xc9, 0xc3, 0x28,
+ /* (2^162)P */ 0x2a, 0xdd, 0x6c, 0x55, 0x21, 0xb7, 0x7f, 0x28, 0x74, 0x22, 0x02, 0x97, 0xa8, 0x7c, 0x31, 0x0d, 0x58, 0x32, 0x54, 0x3a, 0x42, 0xc7, 0x68, 0x74, 0x2f, 0x64, 0xb5, 0x4e, 0x46, 0x11, 0x7f, 0x4a,
+ /* (2^163)P */ 0xa6, 0x3a, 0x19, 0x4d, 0x77, 0xa4, 0x37, 0xa2, 0xa1, 0x29, 0x21, 0xa9, 0x6e, 0x98, 0x65, 0xd8, 0x88, 0x1a, 0x7c, 0xf8, 0xec, 0x15, 0xc5, 0x24, 0xeb, 0xf5, 0x39, 0x5f, 0x57, 0x03, 0x40, 0x60,
+ /* (2^164)P */ 0x27, 0x9b, 0x0a, 0x57, 0x89, 0xf1, 0xb9, 0x47, 0x78, 0x4b, 0x5e, 0x46, 0xde, 0xce, 0x98, 0x2b, 0x20, 0x5c, 0xb8, 0xdb, 0x51, 0xf5, 0x6d, 0x02, 0x01, 0x19, 0xe2, 0x47, 0x10, 0xd9, 0xfc, 0x74,
+ /* (2^165)P */ 0xa3, 0xbf, 0xc1, 0x23, 0x0a, 0xa9, 0xe2, 0x13, 0xf6, 0x19, 0x85, 0x47, 0x4e, 0x07, 0xb0, 0x0c, 0x44, 0xcf, 0xf6, 0x3a, 0xbe, 0xcb, 0xf1, 0x5f, 0xbe, 0x2d, 0x81, 0xbe, 0x38, 0x54, 0xfe, 0x67,
+ /* (2^166)P */ 0xb0, 0x05, 0x0f, 0xa4, 0x4f, 0xf6, 0x3c, 0xd1, 0x87, 0x37, 0x28, 0x32, 0x2f, 0xfb, 0x4d, 0x05, 0xea, 0x2a, 0x0d, 0x7f, 0x5b, 0x91, 0x73, 0x41, 0x4e, 0x0d, 0x61, 0x1f, 0x4f, 0x14, 0x2f, 0x48,
+ /* (2^167)P */ 0x34, 0x82, 0x7f, 0xb4, 0x01, 0x02, 0x21, 0xf6, 0x90, 0xb9, 0x70, 0x9e, 0x92, 0xe1, 0x0a, 0x5d, 0x7c, 0x56, 0x49, 0xb0, 0x55, 0xf4, 0xd7, 0xdc, 0x01, 0x6f, 0x91, 0xf0, 0xf1, 0xd0, 0x93, 0x7e,
+ /* (2^168)P */ 0xfa, 0xb4, 0x7d, 0x8a, 0xf1, 0xcb, 0x79, 0xdd, 0x2f, 0xc6, 0x74, 0x6f, 0xbf, 0x91, 0x83, 0xbe, 0xbd, 0x91, 0x82, 0x4b, 0xd1, 0x45, 0x71, 0x02, 0x05, 0x17, 0xbf, 0x2c, 0xea, 0x73, 0x5a, 0x58,
+ /* (2^169)P */ 0xb2, 0x0d, 0x8a, 0x92, 0x3e, 0xa0, 0x5c, 0x48, 0xe7, 0x57, 0x28, 0x74, 0xa5, 0x01, 0xfc, 0x10, 0xa7, 0x51, 0xd5, 0xd6, 0xdb, 0x2e, 0x48, 0x2f, 0x8a, 0xdb, 0x8f, 0x04, 0xb5, 0x33, 0x04, 0x0f,
+ /* (2^170)P */ 0x47, 0x62, 0xdc, 0xd7, 0x8d, 0x2e, 0xda, 0x60, 0x9a, 0x81, 0xd4, 0x8c, 0xd3, 0xc9, 0xb4, 0x88, 0x97, 0x66, 0xf6, 0x01, 0xc0, 0x3a, 0x03, 0x13, 0x75, 0x7d, 0x36, 0x3b, 0xfe, 0x24, 0x3b, 0x27,
+ /* (2^171)P */ 0xd4, 0xb9, 0xb3, 0x31, 0x6a, 0xf6, 0xe8, 0xc6, 0xd5, 0x49, 0xdf, 0x94, 0xa4, 0x14, 0x15, 0x28, 0xa7, 0x3d, 0xb2, 0xc8, 0xdf, 0x6f, 0x72, 0xd1, 0x48, 0xe5, 0xde, 0x03, 0xd1, 0xe7, 0x3a, 0x4b,
+ /* (2^172)P */ 0x7e, 0x9d, 0x4b, 0xce, 0x19, 0x6e, 0x25, 0xc6, 0x1c, 0xc6, 0xe3, 0x86, 0xf1, 0x5c, 0x5c, 0xff, 0x45, 0xc1, 0x8e, 0x4b, 0xa3, 0x3c, 0xc6, 0xac, 0x74, 0x65, 0xe6, 0xfe, 0x88, 0x18, 0x62, 0x74,
+ /* (2^173)P */ 0x1e, 0x0a, 0x29, 0x45, 0x96, 0x40, 0x6f, 0x95, 0x2e, 0x96, 0x3a, 0x26, 0xe3, 0xf8, 0x0b, 0xef, 0x7b, 0x64, 0xc2, 0x5e, 0xeb, 0x50, 0x6a, 0xed, 0x02, 0x75, 0xca, 0x9d, 0x3a, 0x28, 0x94, 0x06,
+ /* (2^174)P */ 0xd1, 0xdc, 0xa2, 0x43, 0x36, 0x96, 0x9b, 0x76, 0x53, 0x53, 0xfc, 0x09, 0xea, 0xc8, 0xb7, 0x42, 0xab, 0x7e, 0x39, 0x13, 0xee, 0x2a, 0x00, 0x4f, 0x3a, 0xd6, 0xb7, 0x19, 0x2c, 0x5e, 0x00, 0x63,
+ /* (2^175)P */ 0xea, 0x3b, 0x02, 0x63, 0xda, 0x36, 0x67, 0xca, 0xb7, 0x99, 0x2a, 0xb1, 0x6d, 0x7f, 0x6c, 0x96, 0xe1, 0xc5, 0x37, 0xc5, 0x90, 0x93, 0xe0, 0xac, 0xee, 0x89, 0xaa, 0xa1, 0x63, 0x60, 0x69, 0x0b,
+ /* (2^176)P */ 0xe5, 0x56, 0x8c, 0x28, 0x97, 0x3e, 0xb0, 0xeb, 0xe8, 0x8b, 0x8c, 0x93, 0x9f, 0x9f, 0x2a, 0x43, 0x71, 0x7f, 0x71, 0x5b, 0x3d, 0xa9, 0xa5, 0xa6, 0x97, 0x9d, 0x8f, 0xe1, 0xc3, 0xb4, 0x5f, 0x1a,
+ /* (2^177)P */ 0xce, 0xcd, 0x60, 0x1c, 0xad, 0xe7, 0x94, 0x1c, 0xa0, 0xc4, 0x02, 0xfc, 0x43, 0x2a, 0x20, 0xee, 0x20, 0x6a, 0xc4, 0x67, 0xd8, 0xe4, 0xaf, 0x8d, 0x58, 0x7b, 0xc2, 0x8a, 0x3c, 0x26, 0x10, 0x0a,
+ /* (2^178)P */ 0x4a, 0x2a, 0x43, 0xe4, 0xdf, 0xa9, 0xde, 0xd0, 0xc5, 0x77, 0x92, 0xbe, 0x7b, 0xf8, 0x6a, 0x85, 0x1a, 0xc7, 0x12, 0xc2, 0xac, 0x72, 0x84, 0xce, 0x91, 0x1e, 0xbb, 0x9b, 0x6d, 0x1b, 0x15, 0x6f,
+ /* (2^179)P */ 0x6a, 0xd5, 0xee, 0x7c, 0x52, 0x6c, 0x77, 0x26, 0xec, 0xfa, 0xf8, 0xfb, 0xb7, 0x1c, 0x21, 0x7d, 0xcc, 0x09, 0x46, 0xfd, 0xa6, 0x66, 0xae, 0x37, 0x42, 0x0c, 0x77, 0xd2, 0x02, 0xb7, 0x81, 0x1f,
+ /* (2^180)P */ 0x92, 0x83, 0xc5, 0xea, 0x57, 0xb0, 0xb0, 0x2f, 0x9d, 0x4e, 0x74, 0x29, 0xfe, 0x89, 0xdd, 0xe1, 0xf8, 0xb4, 0xbe, 0x17, 0xeb, 0xf8, 0x64, 0xc9, 0x1e, 0xd4, 0xa2, 0xc9, 0x73, 0x10, 0x57, 0x29,
+ /* (2^181)P */ 0x54, 0xe2, 0xc0, 0x81, 0x89, 0xa1, 0x48, 0xa9, 0x30, 0x28, 0xb2, 0x65, 0x9b, 0x36, 0xf6, 0x2d, 0xc6, 0xd3, 0xcf, 0x5f, 0xd7, 0xb2, 0x3e, 0xa3, 0x1f, 0xa0, 0x99, 0x41, 0xec, 0xd6, 0x8c, 0x07,
+ /* (2^182)P */ 0x2f, 0x0d, 0x90, 0xad, 0x41, 0x4a, 0x58, 0x4a, 0x52, 0x4c, 0xc7, 0xe2, 0x78, 0x2b, 0x14, 0x32, 0x78, 0xc9, 0x31, 0x84, 0x33, 0xe8, 0xc4, 0x68, 0xc2, 0x9f, 0x68, 0x08, 0x90, 0xea, 0x69, 0x7f,
+ /* (2^183)P */ 0x65, 0x82, 0xa3, 0x46, 0x1e, 0xc8, 0xf2, 0x52, 0xfd, 0x32, 0xa8, 0x04, 0x2d, 0x07, 0x78, 0xfd, 0x94, 0x9e, 0x35, 0x25, 0xfa, 0xd5, 0xd7, 0x8c, 0xd2, 0x29, 0xcc, 0x54, 0x74, 0x1b, 0xe7, 0x4d,
+ /* (2^184)P */ 0xc9, 0x6a, 0xda, 0x1e, 0xad, 0x60, 0xeb, 0x42, 0x3a, 0x9c, 0xc0, 0xdb, 0xdf, 0x37, 0xad, 0x0a, 0x91, 0xc1, 0x3c, 0xe3, 0x71, 0x4b, 0x00, 0x81, 0x3c, 0x80, 0x22, 0x51, 0x34, 0xbe, 0xe6, 0x44,
+ /* (2^185)P */ 0xdb, 0x20, 0x19, 0xba, 0x88, 0x83, 0xfe, 0x03, 0x08, 0xb0, 0x0d, 0x15, 0x32, 0x7c, 0xd5, 0xf5, 0x29, 0x0c, 0xf6, 0x1a, 0x28, 0xc4, 0xc8, 0x49, 0xee, 0x1a, 0x70, 0xde, 0x18, 0xb5, 0xed, 0x21,
+ /* (2^186)P */ 0x99, 0xdc, 0x06, 0x8f, 0x41, 0x3e, 0xb6, 0x7f, 0xb8, 0xd7, 0x66, 0xc1, 0x99, 0x0d, 0x46, 0xa4, 0x83, 0x0a, 0x52, 0xce, 0x48, 0x52, 0xdd, 0x24, 0x58, 0x83, 0x92, 0x2b, 0x71, 0xad, 0xc3, 0x5e,
+ /* (2^187)P */ 0x0f, 0x93, 0x17, 0xbd, 0x5f, 0x2a, 0x02, 0x15, 0xe3, 0x70, 0x25, 0xd8, 0x77, 0x4a, 0xf6, 0xa4, 0x12, 0x37, 0x78, 0x15, 0x69, 0x8d, 0xbc, 0x12, 0xbb, 0x0a, 0x62, 0xfc, 0xc0, 0x94, 0x81, 0x49,
+ /* (2^188)P */ 0x82, 0x6c, 0x68, 0x55, 0xd2, 0xd9, 0xa2, 0x38, 0xf0, 0x21, 0x3e, 0x19, 0xd9, 0x6b, 0x5c, 0x78, 0x84, 0x54, 0x4a, 0xb2, 0x1a, 0xc8, 0xd5, 0xe4, 0x89, 0x09, 0xe2, 0xb2, 0x60, 0x78, 0x30, 0x56,
+ /* (2^189)P */ 0xc4, 0x74, 0x4d, 0x8b, 0xf7, 0x55, 0x9d, 0x42, 0x31, 0x01, 0x35, 0x43, 0x46, 0x83, 0xf1, 0x22, 0xff, 0x1f, 0xc7, 0x98, 0x45, 0xc2, 0x60, 0x1e, 0xef, 0x83, 0x99, 0x97, 0x14, 0xf0, 0xf2, 0x59,
+ /* (2^190)P */ 0x44, 0x4a, 0x49, 0xeb, 0x56, 0x7d, 0xa4, 0x46, 0x8e, 0xa1, 0x36, 0xd6, 0x54, 0xa8, 0x22, 0x3e, 0x3b, 0x1c, 0x49, 0x74, 0x52, 0xe1, 0x46, 0xb3, 0xe7, 0xcd, 0x90, 0x53, 0x4e, 0xfd, 0xea, 0x2c,
+ /* (2^191)P */ 0x75, 0x66, 0x0d, 0xbe, 0x38, 0x85, 0x8a, 0xba, 0x23, 0x8e, 0x81, 0x50, 0xbb, 0x74, 0x90, 0x4b, 0xc3, 0x04, 0xd3, 0x85, 0x90, 0xb8, 0xda, 0xcb, 0xc4, 0x92, 0x61, 0xe5, 0xe0, 0x4f, 0xa2, 0x61,
+ /* (2^192)P */ 0xcb, 0x5b, 0x52, 0xdb, 0xe6, 0x15, 0x76, 0xcb, 0xca, 0xe4, 0x67, 0xa5, 0x35, 0x8c, 0x7d, 0xdd, 0x69, 0xdd, 0xfc, 0xca, 0x3a, 0x15, 0xb4, 0xe6, 0x66, 0x97, 0x3c, 0x7f, 0x09, 0x8e, 0x66, 0x2d,
+ /* (2^193)P */ 0xf0, 0x5e, 0xe5, 0x5c, 0x26, 0x7e, 0x7e, 0xa5, 0x67, 0xb9, 0xd4, 0x7c, 0x52, 0x4e, 0x9f, 0x5d, 0xe5, 0xd1, 0x2f, 0x49, 0x06, 0x36, 0xc8, 0xfb, 0xae, 0xf7, 0xc3, 0xb7, 0xbe, 0x52, 0x0d, 0x09,
+ /* (2^194)P */ 0x7c, 0x4d, 0x7b, 0x1e, 0x5a, 0x51, 0xb9, 0x09, 0xc0, 0x44, 0xda, 0x99, 0x25, 0x6a, 0x26, 0x1f, 0x04, 0x55, 0xc5, 0xe2, 0x48, 0x95, 0xc4, 0xa1, 0xcc, 0x15, 0x6f, 0x12, 0x87, 0x42, 0xf0, 0x7e,
+ /* (2^195)P */ 0x15, 0xef, 0x30, 0xbd, 0x9d, 0x65, 0xd1, 0xfe, 0x7b, 0x27, 0xe0, 0xc4, 0xee, 0xb9, 0x4a, 0x8b, 0x91, 0x32, 0xdf, 0xa5, 0x36, 0x62, 0x4d, 0x88, 0x88, 0xf7, 0x5c, 0xbf, 0xa6, 0x6e, 0xd9, 0x1f,
+ /* (2^196)P */ 0x9a, 0x0d, 0x19, 0x1f, 0x98, 0x61, 0xa1, 0x42, 0xc1, 0x52, 0x60, 0x7e, 0x50, 0x49, 0xd8, 0x61, 0xd5, 0x2c, 0x5a, 0x28, 0xbf, 0x13, 0xe1, 0x9f, 0xd8, 0x85, 0xad, 0xdb, 0x76, 0xd6, 0x22, 0x7c,
+ /* (2^197)P */ 0x7d, 0xd2, 0xfb, 0x2b, 0xed, 0x70, 0xe7, 0x82, 0xa5, 0xf5, 0x96, 0xe9, 0xec, 0xb2, 0x05, 0x4c, 0x50, 0x01, 0x90, 0xb0, 0xc2, 0xa9, 0x40, 0xcd, 0x64, 0xbf, 0xd9, 0x13, 0x92, 0x31, 0x95, 0x58,
+ /* (2^198)P */ 0x08, 0x2e, 0xea, 0x3f, 0x70, 0x5d, 0xcc, 0xe7, 0x8c, 0x18, 0xe2, 0x58, 0x12, 0x49, 0x0c, 0xb5, 0xf0, 0x5b, 0x20, 0x48, 0xaa, 0x0b, 0xe3, 0xcc, 0x62, 0x2d, 0xa3, 0xcf, 0x9c, 0x65, 0x7c, 0x53,
+ /* (2^199)P */ 0x88, 0xc0, 0xcf, 0x98, 0x3a, 0x62, 0xb6, 0x37, 0xa4, 0xac, 0xd6, 0xa4, 0x1f, 0xed, 0x9b, 0xfe, 0xb0, 0xd1, 0xa8, 0x56, 0x8e, 0x9b, 0xd2, 0x04, 0x75, 0x95, 0x51, 0x0b, 0xc4, 0x71, 0x5f, 0x72,
+ /* (2^200)P */ 0xe6, 0x9c, 0x33, 0xd0, 0x9c, 0xf8, 0xc7, 0x28, 0x8b, 0xc1, 0xdd, 0x69, 0x44, 0xb1, 0x67, 0x83, 0x2c, 0x65, 0xa1, 0xa6, 0x83, 0xda, 0x3a, 0x88, 0x17, 0x6c, 0x4d, 0x03, 0x74, 0x19, 0x5f, 0x58,
+ /* (2^201)P */ 0x88, 0x91, 0xb1, 0xf1, 0x66, 0xb2, 0xcf, 0x89, 0x17, 0x52, 0xc3, 0xe7, 0x63, 0x48, 0x3b, 0xe6, 0x6a, 0x52, 0xc0, 0xb4, 0xa6, 0x9d, 0x8c, 0xd8, 0x35, 0x46, 0x95, 0xf0, 0x9d, 0x5c, 0x03, 0x3e,
+ /* (2^202)P */ 0x9d, 0xde, 0x45, 0xfb, 0x12, 0x54, 0x9d, 0xdd, 0x0d, 0xf4, 0xcf, 0xe4, 0x32, 0x45, 0x68, 0xdd, 0x1c, 0x67, 0x1d, 0x15, 0x9b, 0x99, 0x5c, 0x4b, 0x90, 0xf6, 0xe7, 0x11, 0xc8, 0x2c, 0x8c, 0x2d,
+ /* (2^203)P */ 0x40, 0x5d, 0x05, 0x90, 0x1d, 0xbe, 0x54, 0x7f, 0x40, 0xaf, 0x4a, 0x46, 0xdf, 0xc5, 0x64, 0xa4, 0xbe, 0x17, 0xe9, 0xf0, 0x24, 0x96, 0x97, 0x33, 0x30, 0x6b, 0x35, 0x27, 0xc5, 0x8d, 0x01, 0x2c,
+ /* (2^204)P */ 0xd4, 0xb3, 0x30, 0xe3, 0x24, 0x50, 0x41, 0xa5, 0xd3, 0x52, 0x16, 0x69, 0x96, 0x3d, 0xff, 0x73, 0xf1, 0x59, 0x9b, 0xef, 0xc4, 0x42, 0xec, 0x94, 0x5a, 0x8e, 0xd0, 0x18, 0x16, 0x20, 0x47, 0x07,
+ /* (2^205)P */ 0x53, 0x1c, 0x41, 0xca, 0x8a, 0xa4, 0x6c, 0x4d, 0x19, 0x61, 0xa6, 0xcf, 0x2f, 0x5f, 0x41, 0x66, 0xff, 0x27, 0xe2, 0x51, 0x00, 0xd4, 0x4d, 0x9c, 0xeb, 0xf7, 0x02, 0x9a, 0xc0, 0x0b, 0x81, 0x59,
+ /* (2^206)P */ 0x1d, 0x10, 0xdc, 0xb3, 0x71, 0xb1, 0x7e, 0x2a, 0x8e, 0xf6, 0xfe, 0x9f, 0xb9, 0x5a, 0x1c, 0x44, 0xea, 0x59, 0xb3, 0x93, 0x9b, 0x5c, 0x02, 0x32, 0x2f, 0x11, 0x9d, 0x1e, 0xa7, 0xe0, 0x8c, 0x5e,
+ /* (2^207)P */ 0xfd, 0x03, 0x95, 0x42, 0x92, 0xcb, 0xcc, 0xbf, 0x55, 0x5d, 0x09, 0x2f, 0x75, 0xba, 0x71, 0xd2, 0x1e, 0x09, 0x2d, 0x97, 0x5e, 0xad, 0x5e, 0x34, 0xba, 0x03, 0x31, 0xa8, 0x11, 0xdf, 0xc8, 0x18,
+ /* (2^208)P */ 0x4c, 0x0f, 0xed, 0x9a, 0x9a, 0x94, 0xcd, 0x90, 0x7e, 0xe3, 0x60, 0x66, 0xcb, 0xf4, 0xd1, 0xc5, 0x0b, 0x2e, 0xc5, 0x56, 0x2d, 0xc5, 0xca, 0xb8, 0x0d, 0x8e, 0x80, 0xc5, 0x00, 0xe4, 0x42, 0x6e,
+ /* (2^209)P */ 0x23, 0xfd, 0xae, 0xee, 0x66, 0x69, 0xb4, 0xa3, 0xca, 0xcd, 0x9e, 0xe3, 0x0b, 0x1f, 0x4f, 0x0c, 0x1d, 0xa5, 0x83, 0xd6, 0xc9, 0xc8, 0x9d, 0x18, 0x1b, 0x35, 0x09, 0x4c, 0x05, 0x7f, 0xf2, 0x51,
+ /* (2^210)P */ 0x82, 0x06, 0x32, 0x2a, 0xcd, 0x7c, 0x48, 0x4c, 0x96, 0x1c, 0xdf, 0xb3, 0x5b, 0xa9, 0x7e, 0x58, 0xe8, 0xb8, 0x5c, 0x55, 0x9e, 0xf7, 0xcc, 0xc8, 0x3d, 0xd7, 0x06, 0xa2, 0x29, 0xc8, 0x7d, 0x54,
+ /* (2^211)P */ 0x06, 0x9b, 0xc3, 0x80, 0xcd, 0xa6, 0x22, 0xb8, 0xc6, 0xd4, 0x00, 0x20, 0x73, 0x54, 0x6d, 0xe9, 0x4d, 0x3b, 0x46, 0x91, 0x6f, 0x5b, 0x53, 0x28, 0x1d, 0x6e, 0x48, 0xe2, 0x60, 0x46, 0x8f, 0x22,
+ /* (2^212)P */ 0xbf, 0x3a, 0x8d, 0xde, 0x38, 0x95, 0x79, 0x98, 0x6e, 0xca, 0xeb, 0x45, 0x00, 0x33, 0xd8, 0x8c, 0x38, 0xe7, 0x21, 0x82, 0x00, 0x2a, 0x95, 0x79, 0xbb, 0xd2, 0x5c, 0x53, 0xa7, 0xe1, 0x22, 0x43,
+ /* (2^213)P */ 0x1c, 0x80, 0xd1, 0x19, 0x18, 0xc1, 0x14, 0xb1, 0xc7, 0x5e, 0x3f, 0x4f, 0xd8, 0xe4, 0x16, 0x20, 0x4c, 0x0f, 0x26, 0x09, 0xf4, 0x2d, 0x0e, 0xdd, 0x66, 0x72, 0x5f, 0xae, 0xc0, 0x62, 0xc3, 0x5e,
+ /* (2^214)P */ 0xee, 0xb4, 0xb2, 0xb8, 0x18, 0x2b, 0x46, 0xc0, 0xfb, 0x1a, 0x4d, 0x27, 0x50, 0xd9, 0xc8, 0x7c, 0xd2, 0x02, 0x6b, 0x43, 0x05, 0x71, 0x5f, 0xf2, 0xd3, 0xcc, 0xf9, 0xbf, 0xdc, 0xf8, 0xbb, 0x43,
+ /* (2^215)P */ 0xdf, 0xe9, 0x39, 0xa0, 0x67, 0x17, 0xad, 0xb6, 0x83, 0x35, 0x9d, 0xf6, 0xa8, 0x4d, 0x71, 0xb0, 0xf5, 0x31, 0x29, 0xb4, 0x18, 0xfa, 0x55, 0x5e, 0x61, 0x09, 0xc6, 0x33, 0x8f, 0x55, 0xd5, 0x4e,
+ /* (2^216)P */ 0xdd, 0xa5, 0x47, 0xc6, 0x01, 0x79, 0xe3, 0x1f, 0x57, 0xd3, 0x81, 0x80, 0x1f, 0xdf, 0x3d, 0x59, 0xa6, 0xd7, 0x3f, 0x81, 0xfd, 0xa4, 0x49, 0x02, 0x61, 0xaf, 0x9c, 0x4e, 0x27, 0xca, 0xac, 0x69,
+ /* (2^217)P */ 0xc9, 0x21, 0x07, 0x33, 0xea, 0xa3, 0x7b, 0x04, 0xa0, 0x1e, 0x7e, 0x0e, 0xc2, 0x3f, 0x42, 0x83, 0x60, 0x4a, 0x31, 0x01, 0xaf, 0xc0, 0xf4, 0x1d, 0x27, 0x95, 0x28, 0x89, 0xab, 0x2d, 0xa6, 0x09,
+ /* (2^218)P */ 0x00, 0xcb, 0xc6, 0x9c, 0xa4, 0x25, 0xb3, 0xa5, 0xb6, 0x6c, 0xb5, 0x54, 0xc6, 0x5d, 0x4b, 0xe9, 0xa0, 0x94, 0xc9, 0xad, 0x79, 0x87, 0xe2, 0x3b, 0xad, 0x4a, 0x3a, 0xba, 0xf8, 0xe8, 0x96, 0x42,
+ /* (2^219)P */ 0xab, 0x1e, 0x45, 0x1e, 0x76, 0x89, 0x86, 0x32, 0x4a, 0x59, 0x59, 0xff, 0x8b, 0x59, 0x4d, 0x2e, 0x4a, 0x08, 0xa7, 0xd7, 0x53, 0x68, 0xb9, 0x49, 0xa8, 0x20, 0x14, 0x60, 0x19, 0xa3, 0x80, 0x49,
+ /* (2^220)P */ 0x42, 0x2c, 0x55, 0x2f, 0xe1, 0xb9, 0x65, 0x95, 0x96, 0xfe, 0x00, 0x71, 0xdb, 0x18, 0x53, 0x8a, 0xd7, 0xd0, 0xad, 0x43, 0x4d, 0x0b, 0xc9, 0x05, 0xda, 0x4e, 0x5d, 0x6a, 0xd6, 0x4c, 0x8b, 0x53,
+ /* (2^221)P */ 0x9f, 0x03, 0x9f, 0xe8, 0xc3, 0x4f, 0xe9, 0xf4, 0x45, 0x80, 0x61, 0x6f, 0xf2, 0x9a, 0x2c, 0x59, 0x50, 0x95, 0x4b, 0xfd, 0xb5, 0x6e, 0xa3, 0x08, 0x19, 0x14, 0xed, 0xc2, 0xf6, 0xfa, 0xff, 0x25,
+ /* (2^222)P */ 0x54, 0xd3, 0x79, 0xcc, 0x59, 0x44, 0x43, 0x34, 0x6b, 0x47, 0xd5, 0xb1, 0xb4, 0xbf, 0xec, 0xee, 0x99, 0x5d, 0x61, 0x61, 0xa0, 0x34, 0xeb, 0xdd, 0x73, 0xb7, 0x64, 0xeb, 0xcc, 0xce, 0x29, 0x51,
+ /* (2^223)P */ 0x20, 0x35, 0x99, 0x94, 0x58, 0x21, 0x43, 0xee, 0x3b, 0x0b, 0x4c, 0xf1, 0x7c, 0x9c, 0x2f, 0x77, 0xd5, 0xda, 0xbe, 0x06, 0xe3, 0xfc, 0xe2, 0xd2, 0x97, 0x6a, 0xf0, 0x46, 0xb5, 0x42, 0x5f, 0x71,
+ /* (2^224)P */ 0x1a, 0x5f, 0x5b, 0xda, 0xce, 0xcd, 0x4e, 0x43, 0xa9, 0x41, 0x97, 0xa4, 0x15, 0x71, 0xa1, 0x0d, 0x2e, 0xad, 0xed, 0x73, 0x7c, 0xd7, 0x0b, 0x68, 0x41, 0x90, 0xdd, 0x4e, 0x35, 0x02, 0x7c, 0x48,
+ /* (2^225)P */ 0xc4, 0xd9, 0x0e, 0xa7, 0xf3, 0xef, 0xef, 0xb8, 0x02, 0xe3, 0x57, 0xe8, 0xa3, 0x2a, 0xa3, 0x56, 0xa0, 0xa5, 0xa2, 0x48, 0xbd, 0x68, 0x3a, 0xdf, 0x44, 0xc4, 0x76, 0x31, 0xb7, 0x50, 0xf6, 0x07,
+ /* (2^226)P */ 0xb1, 0xcc, 0xe0, 0x26, 0x16, 0x9b, 0x8b, 0xe3, 0x36, 0xfb, 0x09, 0x8b, 0xc1, 0x53, 0xe0, 0x79, 0x64, 0x49, 0xf9, 0xc9, 0x19, 0x03, 0xd9, 0x56, 0xc4, 0xf5, 0x9f, 0xac, 0xe7, 0x41, 0xa9, 0x1c,
+ /* (2^227)P */ 0xbb, 0xa0, 0x2f, 0x16, 0x29, 0xdf, 0xc4, 0x49, 0x05, 0x33, 0xb3, 0x82, 0x32, 0xcf, 0x88, 0x84, 0x7d, 0x43, 0xbb, 0xca, 0x14, 0xda, 0xdf, 0x95, 0x86, 0xad, 0xd5, 0x64, 0x82, 0xf7, 0x91, 0x33,
+ /* (2^228)P */ 0x5d, 0x09, 0xb5, 0xe2, 0x6a, 0xe0, 0x9a, 0x72, 0x46, 0xa9, 0x59, 0x32, 0xd7, 0x58, 0x8a, 0xd5, 0xed, 0x21, 0x39, 0xd1, 0x62, 0x42, 0x83, 0xe9, 0x92, 0xb5, 0x4b, 0xa5, 0xfa, 0xda, 0xfe, 0x27,
+ /* (2^229)P */ 0xbb, 0x48, 0xad, 0x29, 0xb8, 0xc5, 0x9d, 0xa9, 0x60, 0xe2, 0x9e, 0x49, 0x42, 0x57, 0x02, 0x5f, 0xfd, 0x13, 0x75, 0x5d, 0xcd, 0x8e, 0x2c, 0x80, 0x38, 0xd9, 0x6d, 0x3f, 0xef, 0xb3, 0xce, 0x78,
+ /* (2^230)P */ 0x94, 0x5d, 0x13, 0x8a, 0x4f, 0xf4, 0x42, 0xc3, 0xa3, 0xdd, 0x8c, 0x82, 0x44, 0xdb, 0x9e, 0x7b, 0xe7, 0xcf, 0x37, 0x05, 0x1a, 0xd1, 0x36, 0x94, 0xc8, 0xb4, 0x1a, 0xec, 0x64, 0xb1, 0x64, 0x50,
+ /* (2^231)P */ 0xfc, 0xb2, 0x7e, 0xd3, 0xcf, 0xec, 0x20, 0x70, 0xfc, 0x25, 0x0d, 0xd9, 0x3e, 0xea, 0x31, 0x1f, 0x34, 0xbb, 0xa1, 0xdf, 0x7b, 0x0d, 0x93, 0x1b, 0x44, 0x30, 0x11, 0x48, 0x7a, 0x46, 0x44, 0x53,
+ /* (2^232)P */ 0xfb, 0x6d, 0x5e, 0xf2, 0x70, 0x31, 0x07, 0x70, 0xc8, 0x4c, 0x11, 0x50, 0x1a, 0xdc, 0x85, 0xe3, 0x00, 0x4f, 0xfc, 0xc8, 0x8a, 0x69, 0x48, 0x23, 0xd8, 0x40, 0xdd, 0x84, 0x52, 0xa5, 0x77, 0x2a,
+ /* (2^233)P */ 0xe4, 0x6c, 0x8c, 0xc9, 0xe0, 0xaf, 0x06, 0xfe, 0xe4, 0xd6, 0xdf, 0xdd, 0x96, 0xdf, 0x35, 0xc2, 0xd3, 0x1e, 0xbf, 0x33, 0x1e, 0xd0, 0x28, 0x14, 0xaf, 0xbd, 0x00, 0x93, 0xec, 0x68, 0x57, 0x78,
+ /* (2^234)P */ 0x3b, 0xb6, 0xde, 0x91, 0x7a, 0xe5, 0x02, 0x97, 0x80, 0x8b, 0xce, 0xe5, 0xbf, 0xb8, 0xbd, 0x61, 0xac, 0x58, 0x1d, 0x3d, 0x6f, 0x42, 0x5b, 0x64, 0xbc, 0x57, 0xa5, 0x27, 0x22, 0xa8, 0x04, 0x48,
+ /* (2^235)P */ 0x01, 0x26, 0x4d, 0xb4, 0x8a, 0x04, 0x57, 0x8e, 0x35, 0x69, 0x3a, 0x4b, 0x1a, 0x50, 0xd6, 0x68, 0x93, 0xc2, 0xe1, 0xf9, 0xc3, 0x9e, 0x9c, 0xc3, 0xe2, 0x63, 0xde, 0xd4, 0x57, 0xf2, 0x72, 0x41,
+ /* (2^236)P */ 0x01, 0x64, 0x0c, 0x33, 0x50, 0xb4, 0x68, 0xd3, 0x91, 0x23, 0x8f, 0x41, 0x17, 0x30, 0x0d, 0x04, 0x0d, 0xd9, 0xb7, 0x90, 0x60, 0xbb, 0x34, 0x2c, 0x1f, 0xd5, 0xdf, 0x8f, 0x22, 0x49, 0xf6, 0x16,
+ /* (2^237)P */ 0xf5, 0x8e, 0x92, 0x2b, 0x8e, 0x81, 0xa6, 0xbe, 0x72, 0x1e, 0xc1, 0xcd, 0x91, 0xcf, 0x8c, 0xe2, 0xcd, 0x36, 0x7a, 0xe7, 0x68, 0xaa, 0x4a, 0x59, 0x0f, 0xfd, 0x7f, 0x6c, 0x80, 0x34, 0x30, 0x31,
+ /* (2^238)P */ 0x65, 0xbd, 0x49, 0x22, 0xac, 0x27, 0x9d, 0x8a, 0x12, 0x95, 0x8e, 0x01, 0x64, 0xb4, 0xa3, 0x19, 0xc7, 0x7e, 0xb3, 0x52, 0xf3, 0xcf, 0x6c, 0xc2, 0x21, 0x7b, 0x79, 0x1d, 0x34, 0x68, 0x6f, 0x05,
+ /* (2^239)P */ 0x27, 0x23, 0xfd, 0x7e, 0x75, 0xd6, 0x79, 0x5e, 0x15, 0xfe, 0x3a, 0x55, 0xb6, 0xbc, 0xbd, 0xfa, 0x60, 0x5a, 0xaf, 0x6e, 0x2c, 0x22, 0xe7, 0xd3, 0x3b, 0x74, 0xae, 0x4d, 0x6d, 0xc7, 0x46, 0x70,
+ /* (2^240)P */ 0x55, 0x4a, 0x8d, 0xb1, 0x72, 0xe8, 0x0b, 0x66, 0x96, 0x14, 0x4e, 0x57, 0x18, 0x25, 0x99, 0x19, 0xbb, 0xdc, 0x2b, 0x30, 0x3a, 0x05, 0x03, 0xc1, 0x8e, 0x8e, 0x21, 0x0b, 0x80, 0xe9, 0xd8, 0x3e,
+ /* (2^241)P */ 0x3e, 0xe0, 0x75, 0xfa, 0x39, 0x92, 0x0b, 0x7b, 0x83, 0xc0, 0x33, 0x46, 0x68, 0xfb, 0xe9, 0xef, 0x93, 0x77, 0x1a, 0x39, 0xbe, 0x5f, 0xa3, 0x98, 0x34, 0xfe, 0xd0, 0xe2, 0x0f, 0x51, 0x65, 0x60,
+ /* (2^242)P */ 0x0c, 0xad, 0xab, 0x48, 0x85, 0x66, 0xcb, 0x55, 0x27, 0xe5, 0x87, 0xda, 0x48, 0x45, 0x58, 0xb4, 0xdd, 0xc1, 0x07, 0x01, 0xea, 0xec, 0x43, 0x2c, 0x35, 0xde, 0x72, 0x93, 0x80, 0x28, 0x60, 0x52,
+ /* (2^243)P */ 0x1f, 0x3b, 0x21, 0xf9, 0x6a, 0xc5, 0x15, 0x34, 0xdb, 0x98, 0x7e, 0x01, 0x4d, 0x1a, 0xee, 0x5b, 0x9b, 0x70, 0xcf, 0xb5, 0x05, 0xb1, 0xf6, 0x13, 0xb6, 0x9a, 0xb2, 0x82, 0x34, 0x0e, 0xf2, 0x5f,
+ /* (2^244)P */ 0x90, 0x6c, 0x2e, 0xcc, 0x75, 0x9c, 0xa2, 0x0a, 0x06, 0xe2, 0x70, 0x3a, 0xca, 0x73, 0x7d, 0xfc, 0x15, 0xc5, 0xb5, 0xc4, 0x8f, 0xc3, 0x9f, 0x89, 0x07, 0xc2, 0xff, 0x24, 0xb1, 0x86, 0x03, 0x25,
+ /* (2^245)P */ 0x56, 0x2b, 0x3d, 0xae, 0xd5, 0x28, 0xea, 0x54, 0xce, 0x60, 0xde, 0xd6, 0x9d, 0x14, 0x13, 0x99, 0xc1, 0xd6, 0x06, 0x8f, 0xc5, 0x4f, 0x69, 0x16, 0xc7, 0x8f, 0x01, 0xeb, 0x75, 0x39, 0xb2, 0x46,
+ /* (2^246)P */ 0xe2, 0xb4, 0xb7, 0xb4, 0x0f, 0x6a, 0x0a, 0x47, 0xde, 0x53, 0x72, 0x8f, 0x5a, 0x47, 0x92, 0x5d, 0xdb, 0x3a, 0xbd, 0x2f, 0xb5, 0xe5, 0xee, 0xab, 0x68, 0x69, 0x80, 0xa0, 0x01, 0x08, 0xa2, 0x7f,
+ /* (2^247)P */ 0xd2, 0x14, 0x77, 0x9f, 0xf1, 0xfa, 0xf3, 0x76, 0xc3, 0x60, 0x46, 0x2f, 0xc1, 0x40, 0xe8, 0xb3, 0x4e, 0x74, 0x12, 0xf2, 0x8d, 0xcd, 0xb4, 0x0f, 0xd2, 0x2d, 0x3a, 0x1d, 0x25, 0x5a, 0x06, 0x4b,
+ /* (2^248)P */ 0x4a, 0xcd, 0x77, 0x3d, 0x38, 0xde, 0xeb, 0x5c, 0xb1, 0x9c, 0x2c, 0x88, 0xdf, 0x39, 0xdf, 0x6a, 0x59, 0xf7, 0x9a, 0xb0, 0x2e, 0x24, 0xdd, 0xa2, 0x22, 0x64, 0x5f, 0x0e, 0xe5, 0xc0, 0x47, 0x31,
+ /* (2^249)P */ 0xdb, 0x50, 0x13, 0x1d, 0x10, 0xa5, 0x4c, 0x16, 0x62, 0xc9, 0x3f, 0xc3, 0x79, 0x34, 0xd1, 0xf8, 0x08, 0xda, 0xe5, 0x13, 0x4d, 0xce, 0x40, 0xe6, 0xba, 0xf8, 0x61, 0x50, 0xc4, 0xe0, 0xde, 0x4b,
+ /* (2^250)P */ 0xc9, 0xb1, 0xed, 0xa4, 0xc1, 0x6d, 0xc4, 0xd7, 0x8a, 0xd9, 0x7f, 0x43, 0xb6, 0xd7, 0x14, 0x55, 0x0b, 0xc0, 0xa1, 0xb2, 0x6b, 0x2f, 0x94, 0x58, 0x0e, 0x71, 0x70, 0x1d, 0xab, 0xb2, 0xff, 0x2d,
+ /* (2^251)P */ 0x68, 0x6d, 0x8b, 0xc1, 0x2f, 0xcf, 0xdf, 0xcc, 0x67, 0x61, 0x80, 0xb7, 0xa8, 0xcb, 0xeb, 0xa8, 0xe3, 0x37, 0x29, 0x5e, 0xf9, 0x97, 0x06, 0x98, 0x8c, 0x6e, 0x12, 0xd0, 0x1c, 0xba, 0xfb, 0x02,
+ /* (2^252)P */ 0x65, 0x45, 0xff, 0xad, 0x60, 0xc3, 0x98, 0xcb, 0x19, 0x15, 0xdb, 0x4b, 0xd2, 0x01, 0x71, 0x44, 0xd5, 0x15, 0xfb, 0x75, 0x74, 0xc8, 0xc4, 0x98, 0x7d, 0xa2, 0x22, 0x6e, 0x6d, 0xc7, 0xf8, 0x05,
+ /* (2^253)P */ 0x94, 0xf4, 0xb9, 0xfe, 0xdf, 0xe5, 0x69, 0xab, 0x75, 0x6b, 0x40, 0x18, 0x9d, 0xc7, 0x09, 0xae, 0x1d, 0x2d, 0xa4, 0x94, 0xfb, 0x45, 0x9b, 0x19, 0x84, 0xfa, 0x2a, 0xae, 0xeb, 0x0a, 0x71, 0x79,
+ /* (2^254)P */ 0xdf, 0xd2, 0x34, 0xf3, 0xa7, 0xed, 0xad, 0xa6, 0xb4, 0x57, 0x2a, 0xaf, 0x51, 0x9c, 0xde, 0x7b, 0xa8, 0xea, 0xdc, 0x86, 0x4f, 0xc6, 0x8f, 0xa9, 0x7b, 0xd0, 0x0e, 0xc2, 0x35, 0x03, 0xbe, 0x6b,
+ /* (2^255)P */ 0x44, 0x43, 0x98, 0x53, 0xbe, 0xdc, 0x7f, 0x66, 0xa8, 0x49, 0x59, 0x00, 0x1c, 0xbc, 0x72, 0x07, 0x8e, 0xd6, 0xbe, 0x4e, 0x9f, 0xa4, 0x07, 0xba, 0xbf, 0x30, 0xdf, 0xba, 0x85, 0xb0, 0xa7, 0x1f,
+}
diff --git a/vendor/github.com/cloudflare/circl/dh/x448/curve.go b/vendor/github.com/cloudflare/circl/dh/x448/curve.go
new file mode 100644
index 0000000000000000000000000000000000000000..d59564e4b42abc1d60ad97aad3da5cc66ff2c934
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x448/curve.go
@@ -0,0 +1,104 @@
+package x448
+
+import (
+ fp "github.com/cloudflare/circl/math/fp448"
+)
+
+// ladderJoye calculates a fixed-point multiplication with the generator point.
+// The algorithm is the right-to-left Joye's ladder as described
+// in "How to precompute a ladder" in SAC'2017.
+func ladderJoye(k *Key) {
+ w := [5]fp.Elt{} // [mu,x1,z1,x2,z2] order must be preserved.
+ w[1] = fp.Elt{ // x1 = S
+ 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ }
+ fp.SetOne(&w[2]) // z1 = 1
+ w[3] = fp.Elt{ // x2 = G-S
+ 0x20, 0x27, 0x9d, 0xc9, 0x7d, 0x19, 0xb1, 0xac,
+ 0xf8, 0xba, 0x69, 0x1c, 0xff, 0x33, 0xac, 0x23,
+ 0x51, 0x1b, 0xce, 0x3a, 0x64, 0x65, 0xbd, 0xf1,
+ 0x23, 0xf8, 0xc1, 0x84, 0x9d, 0x45, 0x54, 0x29,
+ 0x67, 0xb9, 0x81, 0x1c, 0x03, 0xd1, 0xcd, 0xda,
+ 0x7b, 0xeb, 0xff, 0x1a, 0x88, 0x03, 0xcf, 0x3a,
+ 0x42, 0x44, 0x32, 0x01, 0x25, 0xb7, 0xfa, 0xf0,
+ }
+ fp.SetOne(&w[4]) // z2 = 1
+
+ const n = 448
+ const h = 2
+ swap := uint(1)
+ for s := 0; s < n-h; s++ {
+ i := (s + h) / 8
+ j := (s + h) % 8
+ bit := uint((k[i] >> uint(j)) & 1)
+ copy(w[0][:], tableGenerator[s*Size:(s+1)*Size])
+ diffAdd(&w, swap^bit)
+ swap = bit
+ }
+ for s := 0; s < h; s++ {
+ double(&w[1], &w[2])
+ }
+ toAffine((*[fp.Size]byte)(k), &w[1], &w[2])
+}
+
+// ladderMontgomery calculates a generic scalar point multiplication
+// The algorithm implemented is the left-to-right Montgomery's ladder.
+func ladderMontgomery(k, xP *Key) {
+ w := [5]fp.Elt{} // [x1, x2, z2, x3, z3] order must be preserved.
+ w[0] = *(*fp.Elt)(xP) // x1 = xP
+ fp.SetOne(&w[1]) // x2 = 1
+ w[3] = *(*fp.Elt)(xP) // x3 = xP
+ fp.SetOne(&w[4]) // z3 = 1
+
+ move := uint(0)
+ for s := 448 - 1; s >= 0; s-- {
+ i := s / 8
+ j := s % 8
+ bit := uint((k[i] >> uint(j)) & 1)
+ ladderStep(&w, move^bit)
+ move = bit
+ }
+ toAffine((*[fp.Size]byte)(k), &w[1], &w[2])
+}
+
+func toAffine(k *[fp.Size]byte, x, z *fp.Elt) {
+ fp.Inv(z, z)
+ fp.Mul(x, x, z)
+ _ = fp.ToBytes(k[:], x)
+}
+
+var lowOrderPoints = [3]fp.Elt{
+ { /* (0,_,1) point of order 2 on Curve448 */
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ { /* (1,_,1) a point of order 4 on the twist of Curve448 */
+ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ },
+ { /* (-1,_,1) point of order 4 on Curve448 */
+ 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ },
+}
diff --git a/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.go b/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.go
new file mode 100644
index 0000000000000000000000000000000000000000..a0622666136debbe7e4918c95b2513ccef874823
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.go
@@ -0,0 +1,30 @@
+//go:build amd64 && !purego
+// +build amd64,!purego
+
+package x448
+
+import (
+ fp "github.com/cloudflare/circl/math/fp448"
+ "golang.org/x/sys/cpu"
+)
+
+var hasBmi2Adx = cpu.X86.HasBMI2 && cpu.X86.HasADX
+
+var _ = hasBmi2Adx
+
+func double(x, z *fp.Elt) { doubleAmd64(x, z) }
+func diffAdd(w *[5]fp.Elt, b uint) { diffAddAmd64(w, b) }
+func ladderStep(w *[5]fp.Elt, b uint) { ladderStepAmd64(w, b) }
+func mulA24(z, x *fp.Elt) { mulA24Amd64(z, x) }
+
+//go:noescape
+func doubleAmd64(x, z *fp.Elt)
+
+//go:noescape
+func diffAddAmd64(w *[5]fp.Elt, b uint)
+
+//go:noescape
+func ladderStepAmd64(w *[5]fp.Elt, b uint)
+
+//go:noescape
+func mulA24Amd64(z, x *fp.Elt)
diff --git a/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.h b/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.h
new file mode 100644
index 0000000000000000000000000000000000000000..8c1ae4d0fbb470ed47f46db7d25d2438a32af242
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.h
@@ -0,0 +1,111 @@
+#define ladderStepLeg \
+ addSub(x2,z2) \
+ addSub(x3,z3) \
+ integerMulLeg(b0,x2,z3) \
+ integerMulLeg(b1,x3,z2) \
+ reduceFromDoubleLeg(t0,b0) \
+ reduceFromDoubleLeg(t1,b1) \
+ addSub(t0,t1) \
+ cselect(x2,x3,regMove) \
+ cselect(z2,z3,regMove) \
+ integerSqrLeg(b0,t0) \
+ integerSqrLeg(b1,t1) \
+ reduceFromDoubleLeg(x3,b0) \
+ reduceFromDoubleLeg(z3,b1) \
+ integerMulLeg(b0,x1,z3) \
+ reduceFromDoubleLeg(z3,b0) \
+ integerSqrLeg(b0,x2) \
+ integerSqrLeg(b1,z2) \
+ reduceFromDoubleLeg(x2,b0) \
+ reduceFromDoubleLeg(z2,b1) \
+ subtraction(t0,x2,z2) \
+ multiplyA24Leg(t1,t0) \
+ additionLeg(t1,t1,z2) \
+ integerMulLeg(b0,x2,z2) \
+ integerMulLeg(b1,t0,t1) \
+ reduceFromDoubleLeg(x2,b0) \
+ reduceFromDoubleLeg(z2,b1)
+
+#define ladderStepBmi2Adx \
+ addSub(x2,z2) \
+ addSub(x3,z3) \
+ integerMulAdx(b0,x2,z3) \
+ integerMulAdx(b1,x3,z2) \
+ reduceFromDoubleAdx(t0,b0) \
+ reduceFromDoubleAdx(t1,b1) \
+ addSub(t0,t1) \
+ cselect(x2,x3,regMove) \
+ cselect(z2,z3,regMove) \
+ integerSqrAdx(b0,t0) \
+ integerSqrAdx(b1,t1) \
+ reduceFromDoubleAdx(x3,b0) \
+ reduceFromDoubleAdx(z3,b1) \
+ integerMulAdx(b0,x1,z3) \
+ reduceFromDoubleAdx(z3,b0) \
+ integerSqrAdx(b0,x2) \
+ integerSqrAdx(b1,z2) \
+ reduceFromDoubleAdx(x2,b0) \
+ reduceFromDoubleAdx(z2,b1) \
+ subtraction(t0,x2,z2) \
+ multiplyA24Adx(t1,t0) \
+ additionAdx(t1,t1,z2) \
+ integerMulAdx(b0,x2,z2) \
+ integerMulAdx(b1,t0,t1) \
+ reduceFromDoubleAdx(x2,b0) \
+ reduceFromDoubleAdx(z2,b1)
+
+#define difAddLeg \
+ addSub(x1,z1) \
+ integerMulLeg(b0,z1,ui) \
+ reduceFromDoubleLeg(z1,b0) \
+ addSub(x1,z1) \
+ integerSqrLeg(b0,x1) \
+ integerSqrLeg(b1,z1) \
+ reduceFromDoubleLeg(x1,b0) \
+ reduceFromDoubleLeg(z1,b1) \
+ integerMulLeg(b0,x1,z2) \
+ integerMulLeg(b1,z1,x2) \
+ reduceFromDoubleLeg(x1,b0) \
+ reduceFromDoubleLeg(z1,b1)
+
+#define difAddBmi2Adx \
+ addSub(x1,z1) \
+ integerMulAdx(b0,z1,ui) \
+ reduceFromDoubleAdx(z1,b0) \
+ addSub(x1,z1) \
+ integerSqrAdx(b0,x1) \
+ integerSqrAdx(b1,z1) \
+ reduceFromDoubleAdx(x1,b0) \
+ reduceFromDoubleAdx(z1,b1) \
+ integerMulAdx(b0,x1,z2) \
+ integerMulAdx(b1,z1,x2) \
+ reduceFromDoubleAdx(x1,b0) \
+ reduceFromDoubleAdx(z1,b1)
+
+#define doubleLeg \
+ addSub(x1,z1) \
+ integerSqrLeg(b0,x1) \
+ integerSqrLeg(b1,z1) \
+ reduceFromDoubleLeg(x1,b0) \
+ reduceFromDoubleLeg(z1,b1) \
+ subtraction(t0,x1,z1) \
+ multiplyA24Leg(t1,t0) \
+ additionLeg(t1,t1,z1) \
+ integerMulLeg(b0,x1,z1) \
+ integerMulLeg(b1,t0,t1) \
+ reduceFromDoubleLeg(x1,b0) \
+ reduceFromDoubleLeg(z1,b1)
+
+#define doubleBmi2Adx \
+ addSub(x1,z1) \
+ integerSqrAdx(b0,x1) \
+ integerSqrAdx(b1,z1) \
+ reduceFromDoubleAdx(x1,b0) \
+ reduceFromDoubleAdx(z1,b1) \
+ subtraction(t0,x1,z1) \
+ multiplyA24Adx(t1,t0) \
+ additionAdx(t1,t1,z1) \
+ integerMulAdx(b0,x1,z1) \
+ integerMulAdx(b1,t0,t1) \
+ reduceFromDoubleAdx(x1,b0) \
+ reduceFromDoubleAdx(z1,b1)
diff --git a/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s b/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s
new file mode 100644
index 0000000000000000000000000000000000000000..810aa9e648120915aa4917fc6be802f8a6364b41
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x448/curve_amd64.s
@@ -0,0 +1,193 @@
+// +build amd64
+
+#include "textflag.h"
+
+// Depends on circl/math/fp448 package
+#include "../../math/fp448/fp_amd64.h"
+#include "curve_amd64.h"
+
+// CTE_A24 is (A+2)/4 from Curve448
+#define CTE_A24 39082
+
+#define Size 56
+
+// multiplyA24Leg multiplies x times CTE_A24 and stores in z
+// Uses: AX, DX, R8-R15, FLAGS
+// Instr: x86_64, cmov, adx
+#define multiplyA24Leg(z,x) \
+ MOVQ $CTE_A24, R15; \
+ MOVQ 0+x, AX; MULQ R15; MOVQ AX, R8; ;;;;;;;;;;;; MOVQ DX, R9; \
+ MOVQ 8+x, AX; MULQ R15; ADDQ AX, R9; ADCQ $0, DX; MOVQ DX, R10; \
+ MOVQ 16+x, AX; MULQ R15; ADDQ AX, R10; ADCQ $0, DX; MOVQ DX, R11; \
+ MOVQ 24+x, AX; MULQ R15; ADDQ AX, R11; ADCQ $0, DX; MOVQ DX, R12; \
+ MOVQ 32+x, AX; MULQ R15; ADDQ AX, R12; ADCQ $0, DX; MOVQ DX, R13; \
+ MOVQ 40+x, AX; MULQ R15; ADDQ AX, R13; ADCQ $0, DX; MOVQ DX, R14; \
+ MOVQ 48+x, AX; MULQ R15; ADDQ AX, R14; ADCQ $0, DX; \
+ MOVQ DX, AX; \
+ SHLQ $32, AX; \
+ ADDQ DX, R8; MOVQ $0, DX; \
+ ADCQ $0, R9; \
+ ADCQ $0, R10; \
+ ADCQ AX, R11; \
+ ADCQ $0, R12; \
+ ADCQ $0, R13; \
+ ADCQ $0, R14; \
+ ADCQ $0, DX; \
+ MOVQ DX, AX; \
+ SHLQ $32, AX; \
+ ADDQ DX, R8; \
+ ADCQ $0, R9; \
+ ADCQ $0, R10; \
+ ADCQ AX, R11; \
+ ADCQ $0, R12; \
+ ADCQ $0, R13; \
+ ADCQ $0, R14; \
+ MOVQ R8, 0+z; \
+ MOVQ R9, 8+z; \
+ MOVQ R10, 16+z; \
+ MOVQ R11, 24+z; \
+ MOVQ R12, 32+z; \
+ MOVQ R13, 40+z; \
+ MOVQ R14, 48+z;
+
+// multiplyA24Adx multiplies x times CTE_A24 and stores in z
+// Uses: AX, DX, R8-R14, FLAGS
+// Instr: x86_64, bmi2
+#define multiplyA24Adx(z,x) \
+ MOVQ $CTE_A24, DX; \
+ MULXQ 0+x, R8, R9; \
+ MULXQ 8+x, AX, R10; ADDQ AX, R9; \
+ MULXQ 16+x, AX, R11; ADCQ AX, R10; \
+ MULXQ 24+x, AX, R12; ADCQ AX, R11; \
+ MULXQ 32+x, AX, R13; ADCQ AX, R12; \
+ MULXQ 40+x, AX, R14; ADCQ AX, R13; \
+ MULXQ 48+x, AX, DX; ADCQ AX, R14; \
+ ;;;;;;;;;;;;;;;;;;;; ADCQ $0, DX; \
+ MOVQ DX, AX; \
+ SHLQ $32, AX; \
+ ADDQ DX, R8; MOVQ $0, DX; \
+ ADCQ $0, R9; \
+ ADCQ $0, R10; \
+ ADCQ AX, R11; \
+ ADCQ $0, R12; \
+ ADCQ $0, R13; \
+ ADCQ $0, R14; \
+ ADCQ $0, DX; \
+ MOVQ DX, AX; \
+ SHLQ $32, AX; \
+ ADDQ DX, R8; \
+ ADCQ $0, R9; \
+ ADCQ $0, R10; \
+ ADCQ AX, R11; \
+ ADCQ $0, R12; \
+ ADCQ $0, R13; \
+ ADCQ $0, R14; \
+ MOVQ R8, 0+z; \
+ MOVQ R9, 8+z; \
+ MOVQ R10, 16+z; \
+ MOVQ R11, 24+z; \
+ MOVQ R12, 32+z; \
+ MOVQ R13, 40+z; \
+ MOVQ R14, 48+z;
+
+#define mulA24Legacy \
+ multiplyA24Leg(0(DI),0(SI))
+#define mulA24Bmi2Adx \
+ multiplyA24Adx(0(DI),0(SI))
+
+// func mulA24Amd64(z, x *fp448.Elt)
+TEXT ·mulA24Amd64(SB),NOSPLIT,$0-16
+ MOVQ z+0(FP), DI
+ MOVQ x+8(FP), SI
+ CHECK_BMI2ADX(LMA24, mulA24Legacy, mulA24Bmi2Adx)
+
+// func ladderStepAmd64(w *[5]fp448.Elt, b uint)
+// ladderStepAmd64 calculates a point addition and doubling as follows:
+// (x2,z2) = 2*(x2,z2) and (x3,z3) = (x2,z2)+(x3,z3) using as a difference (x1,-).
+// w = {x1,x2,z2,x3,z4} are five fp255.Elt of 56 bytes.
+// stack = (t0,t1) are two fp.Elt of fp.Size bytes, and
+// (b0,b1) are two-double precision fp.Elt of 2*fp.Size bytes.
+TEXT ·ladderStepAmd64(SB),NOSPLIT,$336-16
+ // Parameters
+ #define regWork DI
+ #define regMove SI
+ #define x1 0*Size(regWork)
+ #define x2 1*Size(regWork)
+ #define z2 2*Size(regWork)
+ #define x3 3*Size(regWork)
+ #define z3 4*Size(regWork)
+ // Local variables
+ #define t0 0*Size(SP)
+ #define t1 1*Size(SP)
+ #define b0 2*Size(SP)
+ #define b1 4*Size(SP)
+ MOVQ w+0(FP), regWork
+ MOVQ b+8(FP), regMove
+ CHECK_BMI2ADX(LLADSTEP, ladderStepLeg, ladderStepBmi2Adx)
+ #undef regWork
+ #undef regMove
+ #undef x1
+ #undef x2
+ #undef z2
+ #undef x3
+ #undef z3
+ #undef t0
+ #undef t1
+ #undef b0
+ #undef b1
+
+// func diffAddAmd64(work *[5]fp.Elt, swap uint)
+// diffAddAmd64 calculates a differential point addition using a precomputed point.
+// (x1,z1) = (x1,z1)+(mu) using a difference point (x2,z2)
+// work = {mu,x1,z1,x2,z2} are five fp448.Elt of 56 bytes, and
+// stack = (b0,b1) are two-double precision fp.Elt of 2*fp.Size bytes.
+// This is Equation 7 at https://eprint.iacr.org/2017/264.
+TEXT ·diffAddAmd64(SB),NOSPLIT,$224-16
+ // Parameters
+ #define regWork DI
+ #define regSwap SI
+ #define ui 0*Size(regWork)
+ #define x1 1*Size(regWork)
+ #define z1 2*Size(regWork)
+ #define x2 3*Size(regWork)
+ #define z2 4*Size(regWork)
+ // Local variables
+ #define b0 0*Size(SP)
+ #define b1 2*Size(SP)
+ MOVQ w+0(FP), regWork
+ MOVQ b+8(FP), regSwap
+ cswap(x1,x2,regSwap)
+ cswap(z1,z2,regSwap)
+ CHECK_BMI2ADX(LDIFADD, difAddLeg, difAddBmi2Adx)
+ #undef regWork
+ #undef regSwap
+ #undef ui
+ #undef x1
+ #undef z1
+ #undef x2
+ #undef z2
+ #undef b0
+ #undef b1
+
+// func doubleAmd64(x, z *fp448.Elt)
+// doubleAmd64 calculates a point doubling (x1,z1) = 2*(x1,z1).
+// stack = (t0,t1) are two fp.Elt of fp.Size bytes, and
+// (b0,b1) are two-double precision fp.Elt of 2*fp.Size bytes.
+TEXT ·doubleAmd64(SB),NOSPLIT,$336-16
+ // Parameters
+ #define x1 0(DI)
+ #define z1 0(SI)
+ // Local variables
+ #define t0 0*Size(SP)
+ #define t1 1*Size(SP)
+ #define b0 2*Size(SP)
+ #define b1 4*Size(SP)
+ MOVQ x+0(FP), DI
+ MOVQ z+8(FP), SI
+ CHECK_BMI2ADX(LDOUB,doubleLeg,doubleBmi2Adx)
+ #undef x1
+ #undef z1
+ #undef t0
+ #undef t1
+ #undef b0
+ #undef b1
diff --git a/vendor/github.com/cloudflare/circl/dh/x448/curve_generic.go b/vendor/github.com/cloudflare/circl/dh/x448/curve_generic.go
new file mode 100644
index 0000000000000000000000000000000000000000..b0b65ccf7ebb316b484d96f3e217f5559983a73c
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x448/curve_generic.go
@@ -0,0 +1,100 @@
+package x448
+
+import (
+ "encoding/binary"
+ "math/bits"
+
+ "github.com/cloudflare/circl/math/fp448"
+)
+
+func doubleGeneric(x, z *fp448.Elt) {
+ t0, t1 := &fp448.Elt{}, &fp448.Elt{}
+ fp448.AddSub(x, z)
+ fp448.Sqr(x, x)
+ fp448.Sqr(z, z)
+ fp448.Sub(t0, x, z)
+ mulA24Generic(t1, t0)
+ fp448.Add(t1, t1, z)
+ fp448.Mul(x, x, z)
+ fp448.Mul(z, t0, t1)
+}
+
+func diffAddGeneric(w *[5]fp448.Elt, b uint) {
+ mu, x1, z1, x2, z2 := &w[0], &w[1], &w[2], &w[3], &w[4]
+ fp448.Cswap(x1, x2, b)
+ fp448.Cswap(z1, z2, b)
+ fp448.AddSub(x1, z1)
+ fp448.Mul(z1, z1, mu)
+ fp448.AddSub(x1, z1)
+ fp448.Sqr(x1, x1)
+ fp448.Sqr(z1, z1)
+ fp448.Mul(x1, x1, z2)
+ fp448.Mul(z1, z1, x2)
+}
+
+func ladderStepGeneric(w *[5]fp448.Elt, b uint) {
+ x1, x2, z2, x3, z3 := &w[0], &w[1], &w[2], &w[3], &w[4]
+ t0 := &fp448.Elt{}
+ t1 := &fp448.Elt{}
+ fp448.AddSub(x2, z2)
+ fp448.AddSub(x3, z3)
+ fp448.Mul(t0, x2, z3)
+ fp448.Mul(t1, x3, z2)
+ fp448.AddSub(t0, t1)
+ fp448.Cmov(x2, x3, b)
+ fp448.Cmov(z2, z3, b)
+ fp448.Sqr(x3, t0)
+ fp448.Sqr(z3, t1)
+ fp448.Mul(z3, x1, z3)
+ fp448.Sqr(x2, x2)
+ fp448.Sqr(z2, z2)
+ fp448.Sub(t0, x2, z2)
+ mulA24Generic(t1, t0)
+ fp448.Add(t1, t1, z2)
+ fp448.Mul(x2, x2, z2)
+ fp448.Mul(z2, t0, t1)
+}
+
+func mulA24Generic(z, x *fp448.Elt) {
+ const A24 = 39082
+ const n = 8
+ var xx [7]uint64
+ for i := range xx {
+ xx[i] = binary.LittleEndian.Uint64(x[i*n : (i+1)*n])
+ }
+ h0, l0 := bits.Mul64(xx[0], A24)
+ h1, l1 := bits.Mul64(xx[1], A24)
+ h2, l2 := bits.Mul64(xx[2], A24)
+ h3, l3 := bits.Mul64(xx[3], A24)
+ h4, l4 := bits.Mul64(xx[4], A24)
+ h5, l5 := bits.Mul64(xx[5], A24)
+ h6, l6 := bits.Mul64(xx[6], A24)
+
+ l1, c0 := bits.Add64(h0, l1, 0)
+ l2, c1 := bits.Add64(h1, l2, c0)
+ l3, c2 := bits.Add64(h2, l3, c1)
+ l4, c3 := bits.Add64(h3, l4, c2)
+ l5, c4 := bits.Add64(h4, l5, c3)
+ l6, c5 := bits.Add64(h5, l6, c4)
+ l7, _ := bits.Add64(h6, 0, c5)
+
+ l0, c0 = bits.Add64(l0, l7, 0)
+ l1, c1 = bits.Add64(l1, 0, c0)
+ l2, c2 = bits.Add64(l2, 0, c1)
+ l3, c3 = bits.Add64(l3, l7<<32, c2)
+ l4, c4 = bits.Add64(l4, 0, c3)
+ l5, c5 = bits.Add64(l5, 0, c4)
+ l6, l7 = bits.Add64(l6, 0, c5)
+
+ xx[0], c0 = bits.Add64(l0, l7, 0)
+ xx[1], c1 = bits.Add64(l1, 0, c0)
+ xx[2], c2 = bits.Add64(l2, 0, c1)
+ xx[3], c3 = bits.Add64(l3, l7<<32, c2)
+ xx[4], c4 = bits.Add64(l4, 0, c3)
+ xx[5], c5 = bits.Add64(l5, 0, c4)
+ xx[6], _ = bits.Add64(l6, 0, c5)
+
+ for i := range xx {
+ binary.LittleEndian.PutUint64(z[i*n:(i+1)*n], xx[i])
+ }
+}
diff --git a/vendor/github.com/cloudflare/circl/dh/x448/curve_noasm.go b/vendor/github.com/cloudflare/circl/dh/x448/curve_noasm.go
new file mode 100644
index 0000000000000000000000000000000000000000..3755b7c83b3f56799b81fef4ee9d3b51bdd7d3b7
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x448/curve_noasm.go
@@ -0,0 +1,11 @@
+//go:build !amd64 || purego
+// +build !amd64 purego
+
+package x448
+
+import fp "github.com/cloudflare/circl/math/fp448"
+
+func double(x, z *fp.Elt) { doubleGeneric(x, z) }
+func diffAdd(w *[5]fp.Elt, b uint) { diffAddGeneric(w, b) }
+func ladderStep(w *[5]fp.Elt, b uint) { ladderStepGeneric(w, b) }
+func mulA24(z, x *fp.Elt) { mulA24Generic(z, x) }
diff --git a/vendor/github.com/cloudflare/circl/dh/x448/doc.go b/vendor/github.com/cloudflare/circl/dh/x448/doc.go
new file mode 100644
index 0000000000000000000000000000000000000000..c02904fedae2d3056fb966903ae7804712733896
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x448/doc.go
@@ -0,0 +1,19 @@
+/*
+Package x448 provides Diffie-Hellman functions as specified in RFC-7748.
+
+Validation of public keys.
+
+The Diffie-Hellman function, as described in RFC-7748 [1], works for any
+public key. However, if a different protocol requires contributory
+behaviour [2,3], then the public keys must be validated against low-order
+points [3,4]. To do that, the Shared function performs this validation
+internally and returns false when the public key is invalid (i.e., it
+is a low-order point).
+
+References:
+ - [1] RFC7748 by Langley, Hamburg, Turner (https://rfc-editor.org/rfc/rfc7748.txt)
+ - [2] Curve25519 by Bernstein (https://cr.yp.to/ecdh.html)
+ - [3] Bernstein (https://cr.yp.to/ecdh.html#validate)
+ - [4] Cremers&Jackson (https://eprint.iacr.org/2019/526)
+*/
+package x448
diff --git a/vendor/github.com/cloudflare/circl/dh/x448/key.go b/vendor/github.com/cloudflare/circl/dh/x448/key.go
new file mode 100644
index 0000000000000000000000000000000000000000..2fdde51168a902ad9308072fb9113451aa0a97b0
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x448/key.go
@@ -0,0 +1,46 @@
+package x448
+
+import (
+ "crypto/subtle"
+
+ fp "github.com/cloudflare/circl/math/fp448"
+)
+
+// Size is the length in bytes of a X448 key.
+const Size = 56
+
+// Key represents a X448 key.
+type Key [Size]byte
+
+func (k *Key) clamp(in *Key) *Key {
+ *k = *in
+ k[0] &= 252
+ k[55] |= 128
+ return k
+}
+
+// isValidPubKey verifies if the public key is not a low-order point.
+func (k *Key) isValidPubKey() bool {
+ fp.Modp((*fp.Elt)(k))
+ var isLowOrder int
+ for _, P := range lowOrderPoints {
+ isLowOrder |= subtle.ConstantTimeCompare(P[:], k[:])
+ }
+ return isLowOrder == 0
+}
+
+// KeyGen obtains a public key given a secret key.
+func KeyGen(public, secret *Key) {
+ ladderJoye(public.clamp(secret))
+}
+
+// Shared calculates Alice's shared key from Alice's secret key and Bob's
+// public key returning true on success. A failure case happens when the public
+// key is a low-order point, thus the shared key is all-zeros and the function
+// returns false.
+func Shared(shared, secret, public *Key) bool {
+ validPk := *public
+ ok := validPk.isValidPubKey()
+ ladderMontgomery(shared.clamp(secret), &validPk)
+ return ok
+}
diff --git a/vendor/github.com/cloudflare/circl/dh/x448/table.go b/vendor/github.com/cloudflare/circl/dh/x448/table.go
new file mode 100644
index 0000000000000000000000000000000000000000..eef53c30f80ed201eb20184744d4fbb2a0c1c749
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/dh/x448/table.go
@@ -0,0 +1,460 @@
+package x448
+
+import fp "github.com/cloudflare/circl/math/fp448"
+
+// tableGenerator contains the set of points:
+//
+// t[i] = (xi+1)/(xi-1),
+//
+// where (xi,yi) = 2^iG and G is the generator point
+// Size = (448)*(448/8) = 25088 bytes.
+var tableGenerator = [448 * fp.Size]byte{
+ /* (2^ 0)P */ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f,
+ /* (2^ 1)P */ 0x37, 0xfa, 0xaa, 0x0d, 0x86, 0xa6, 0x24, 0xe9, 0x6c, 0x95, 0x08, 0x34, 0xba, 0x1a, 0x81, 0x3a, 0xae, 0x01, 0xa5, 0xa7, 0x05, 0x85, 0x96, 0x00, 0x06, 0x5a, 0xd7, 0xff, 0xee, 0x8e, 0x8f, 0x94, 0xd2, 0xdc, 0xd7, 0xfc, 0xe7, 0xe5, 0x99, 0x1d, 0x05, 0x46, 0x43, 0xe8, 0xbc, 0x12, 0xb7, 0xeb, 0x30, 0x5e, 0x7a, 0x85, 0x68, 0xed, 0x9d, 0x28,
+ /* (2^ 2)P */ 0xf1, 0x7d, 0x08, 0x2b, 0x32, 0x4a, 0x62, 0x80, 0x36, 0xe7, 0xa4, 0x76, 0x5a, 0x2a, 0x1e, 0xf7, 0x9e, 0x3c, 0x40, 0x46, 0x9a, 0x1b, 0x61, 0xc1, 0xbf, 0x1a, 0x1b, 0xae, 0x91, 0x80, 0xa3, 0x76, 0x6c, 0xd4, 0x8f, 0xa4, 0xee, 0x26, 0x39, 0x23, 0xa4, 0x80, 0xf4, 0x66, 0x92, 0xe4, 0xe1, 0x18, 0x76, 0xc5, 0xe2, 0x19, 0x87, 0xd5, 0xc3, 0xe8,
+ /* (2^ 3)P */ 0xfb, 0xc9, 0xf0, 0x07, 0xf2, 0x93, 0xd8, 0x50, 0x36, 0xed, 0xfb, 0xbd, 0xb2, 0xd3, 0xfc, 0xdf, 0xd5, 0x2a, 0x6e, 0x26, 0x09, 0xce, 0xd4, 0x07, 0x64, 0x9f, 0x40, 0x74, 0xad, 0x98, 0x2f, 0x1c, 0xb6, 0xdc, 0x2d, 0x42, 0xff, 0xbf, 0x97, 0xd8, 0xdb, 0xef, 0x99, 0xca, 0x73, 0x99, 0x1a, 0x04, 0x3b, 0x56, 0x2c, 0x1f, 0x87, 0x9d, 0x9f, 0x03,
+ /* (2^ 4)P */ 0x4c, 0x35, 0x97, 0xf7, 0x81, 0x2c, 0x84, 0xa6, 0xe0, 0xcb, 0xce, 0x37, 0x4c, 0x21, 0x1c, 0x67, 0xfa, 0xab, 0x18, 0x4d, 0xef, 0xd0, 0xf0, 0x44, 0xa9, 0xfb, 0xc0, 0x8e, 0xda, 0x57, 0xa1, 0xd8, 0xeb, 0x87, 0xf4, 0x17, 0xea, 0x66, 0x0f, 0x16, 0xea, 0xcd, 0x5f, 0x3e, 0x88, 0xea, 0x09, 0x68, 0x40, 0xdf, 0x43, 0xcc, 0x54, 0x61, 0x58, 0xaa,
+ /* (2^ 5)P */ 0x8d, 0xe7, 0x59, 0xd7, 0x5e, 0x63, 0x37, 0xa7, 0x3f, 0xd1, 0x49, 0x85, 0x01, 0xdd, 0x5e, 0xb3, 0xe6, 0x29, 0xcb, 0x25, 0x93, 0xdd, 0x08, 0x96, 0x83, 0x52, 0x76, 0x85, 0xf5, 0x5d, 0x02, 0xbf, 0xe9, 0x6d, 0x15, 0x27, 0xc1, 0x09, 0xd1, 0x14, 0x4d, 0x6e, 0xe8, 0xaf, 0x59, 0x58, 0x34, 0x9d, 0x2a, 0x99, 0x85, 0x26, 0xbe, 0x4b, 0x1e, 0xb9,
+ /* (2^ 6)P */ 0x8d, 0xce, 0x94, 0xe2, 0x18, 0x56, 0x0d, 0x82, 0x8e, 0xdf, 0x85, 0x01, 0x8f, 0x93, 0x3c, 0xc6, 0xbd, 0x61, 0xfb, 0xf4, 0x22, 0xc5, 0x16, 0x87, 0xd1, 0xb1, 0x9e, 0x09, 0xc5, 0x83, 0x2e, 0x4a, 0x07, 0x88, 0xee, 0xe0, 0x29, 0x8d, 0x2e, 0x1f, 0x88, 0xad, 0xfd, 0x18, 0x93, 0xb7, 0xed, 0x42, 0x86, 0x78, 0xf0, 0xb8, 0x70, 0xbe, 0x01, 0x67,
+ /* (2^ 7)P */ 0xdf, 0x62, 0x2d, 0x94, 0xc7, 0x35, 0x23, 0xda, 0x27, 0xbb, 0x2b, 0xdb, 0x30, 0x80, 0x68, 0x16, 0xa3, 0xae, 0xd7, 0xd2, 0xa7, 0x7c, 0xbf, 0x6a, 0x1d, 0x83, 0xde, 0x96, 0x0a, 0x43, 0xb6, 0x30, 0x37, 0xd6, 0xee, 0x63, 0x59, 0x9a, 0xbf, 0xa3, 0x30, 0x6c, 0xaf, 0x0c, 0xee, 0x3d, 0xcb, 0x35, 0x4b, 0x55, 0x5f, 0x84, 0x85, 0xcb, 0x4f, 0x1e,
+ /* (2^ 8)P */ 0x9d, 0x04, 0x68, 0x89, 0xa4, 0xa9, 0x0d, 0x87, 0xc1, 0x70, 0xf1, 0xeb, 0xfb, 0x47, 0x0a, 0xf0, 0xde, 0x67, 0xb7, 0x94, 0xcd, 0x36, 0x43, 0xa5, 0x49, 0x43, 0x67, 0xc3, 0xee, 0x3c, 0x6b, 0xec, 0xd0, 0x1a, 0xf4, 0xad, 0xef, 0x06, 0x4a, 0xe8, 0x46, 0x24, 0xd7, 0x93, 0xbf, 0xf0, 0xe3, 0x81, 0x61, 0xec, 0xea, 0x64, 0xfe, 0x67, 0xeb, 0xc7,
+ /* (2^ 9)P */ 0x95, 0x45, 0x79, 0xcf, 0x2c, 0xfd, 0x9b, 0xfe, 0x84, 0x46, 0x4b, 0x8f, 0xa1, 0xcf, 0xc3, 0x04, 0x94, 0x78, 0xdb, 0xc9, 0xa6, 0x01, 0x75, 0xa4, 0xb4, 0x93, 0x72, 0x43, 0xa7, 0x7d, 0xda, 0x31, 0x38, 0x54, 0xab, 0x4e, 0x3f, 0x89, 0xa6, 0xab, 0x57, 0xc0, 0x16, 0x65, 0xdb, 0x92, 0x96, 0xe4, 0xc8, 0xae, 0xe7, 0x4c, 0x7a, 0xeb, 0xbb, 0x5a,
+ /* (2^ 10)P */ 0xbe, 0xfe, 0x86, 0xc3, 0x97, 0xe0, 0x6a, 0x18, 0x20, 0x21, 0xca, 0x22, 0x55, 0xa1, 0xeb, 0xf5, 0x74, 0xe5, 0xc9, 0x59, 0xa7, 0x92, 0x65, 0x15, 0x08, 0x71, 0xd1, 0x09, 0x7e, 0x83, 0xfc, 0xbc, 0x5a, 0x93, 0x38, 0x0d, 0x43, 0x42, 0xfd, 0x76, 0x30, 0xe8, 0x63, 0x60, 0x09, 0x8d, 0x6c, 0xd3, 0xf8, 0x56, 0x3d, 0x68, 0x47, 0xab, 0xa0, 0x1d,
+ /* (2^ 11)P */ 0x38, 0x50, 0x1c, 0xb1, 0xac, 0x88, 0x8f, 0x38, 0xe3, 0x69, 0xe6, 0xfc, 0x4f, 0x8f, 0xe1, 0x9b, 0xb1, 0x1a, 0x09, 0x39, 0x19, 0xdf, 0xcd, 0x98, 0x7b, 0x64, 0x42, 0xf6, 0x11, 0xea, 0xc7, 0xe8, 0x92, 0x65, 0x00, 0x2c, 0x75, 0xb5, 0x94, 0x1e, 0x5b, 0xa6, 0x66, 0x81, 0x77, 0xf3, 0x39, 0x94, 0xac, 0xbd, 0xe4, 0x2a, 0x66, 0x84, 0x9c, 0x60,
+ /* (2^ 12)P */ 0xb5, 0xb6, 0xd9, 0x03, 0x67, 0xa4, 0xa8, 0x0a, 0x4a, 0x2b, 0x9d, 0xfa, 0x13, 0xe1, 0x99, 0x25, 0x4a, 0x5c, 0x67, 0xb9, 0xb2, 0xb7, 0xdd, 0x1e, 0xaf, 0xeb, 0x63, 0x41, 0xb6, 0xb9, 0xa0, 0x87, 0x0a, 0xe0, 0x06, 0x07, 0xaa, 0x97, 0xf8, 0xf9, 0x38, 0x4f, 0xdf, 0x0c, 0x40, 0x7c, 0xc3, 0x98, 0xa9, 0x74, 0xf1, 0x5d, 0xda, 0xd1, 0xc0, 0x0a,
+ /* (2^ 13)P */ 0xf2, 0x0a, 0xab, 0xab, 0x94, 0x50, 0xf0, 0xa3, 0x6f, 0xc6, 0x66, 0xba, 0xa6, 0xdc, 0x44, 0xdd, 0xd6, 0x08, 0xf4, 0xd3, 0xed, 0xb1, 0x40, 0x93, 0xee, 0xf6, 0xb8, 0x8e, 0xb4, 0x7c, 0xb9, 0x82, 0xc9, 0x9d, 0x45, 0x3b, 0x8e, 0x10, 0xcb, 0x70, 0x1e, 0xba, 0x3c, 0x62, 0x50, 0xda, 0xa9, 0x93, 0xb5, 0xd7, 0xd0, 0x6f, 0x29, 0x52, 0x95, 0xae,
+ /* (2^ 14)P */ 0x14, 0x68, 0x69, 0x23, 0xa8, 0x44, 0x87, 0x9e, 0x22, 0x91, 0xe8, 0x92, 0xdf, 0xf7, 0xae, 0xba, 0x1c, 0x96, 0xe1, 0xc3, 0x94, 0xed, 0x6c, 0x95, 0xae, 0x96, 0xa7, 0x15, 0x9f, 0xf1, 0x17, 0x11, 0x92, 0x42, 0xd5, 0xcd, 0x18, 0xe7, 0xa9, 0xb5, 0x2f, 0xcd, 0xde, 0x6c, 0xc9, 0x7d, 0xfc, 0x7e, 0xbd, 0x7f, 0x10, 0x3d, 0x01, 0x00, 0x8d, 0x95,
+ /* (2^ 15)P */ 0x3b, 0x76, 0x72, 0xae, 0xaf, 0x84, 0xf2, 0xf7, 0xd1, 0x6d, 0x13, 0x9c, 0x47, 0xe1, 0xb7, 0xa3, 0x19, 0x16, 0xee, 0x75, 0x45, 0xf6, 0x1a, 0x7b, 0x78, 0x49, 0x79, 0x05, 0x86, 0xf0, 0x7f, 0x9f, 0xfc, 0xc4, 0xbd, 0x86, 0xf3, 0x41, 0xa7, 0xfe, 0x01, 0xd5, 0x67, 0x16, 0x10, 0x5b, 0xa5, 0x16, 0xf3, 0x7f, 0x60, 0xce, 0xd2, 0x0c, 0x8e, 0x4b,
+ /* (2^ 16)P */ 0x4a, 0x07, 0x99, 0x4a, 0x0f, 0x74, 0x91, 0x14, 0x68, 0xb9, 0x48, 0xb7, 0x44, 0x77, 0x9b, 0x4a, 0xe0, 0x68, 0x0e, 0x43, 0x4d, 0x98, 0x98, 0xbf, 0xa8, 0x3a, 0xb7, 0x6d, 0x2a, 0x9a, 0x77, 0x5f, 0x62, 0xf5, 0x6b, 0x4a, 0xb7, 0x7d, 0xe5, 0x09, 0x6b, 0xc0, 0x8b, 0x9c, 0x88, 0x37, 0x33, 0xf2, 0x41, 0xac, 0x22, 0x1f, 0xcf, 0x3b, 0x82, 0x34,
+ /* (2^ 17)P */ 0x00, 0xc3, 0x78, 0x42, 0x32, 0x2e, 0xdc, 0xda, 0xb1, 0x96, 0x21, 0xa4, 0xe4, 0xbb, 0xe9, 0x9d, 0xbb, 0x0f, 0x93, 0xed, 0x26, 0x3d, 0xb5, 0xdb, 0x94, 0x31, 0x37, 0x07, 0xa2, 0xb2, 0xd5, 0x99, 0x0d, 0x93, 0xe1, 0xce, 0x3f, 0x0b, 0x96, 0x82, 0x47, 0xfe, 0x60, 0x6f, 0x8f, 0x61, 0x88, 0xd7, 0x05, 0x95, 0x0b, 0x46, 0x06, 0xb7, 0x32, 0x06,
+ /* (2^ 18)P */ 0x44, 0xf5, 0x34, 0xdf, 0x2f, 0x9c, 0x5d, 0x9f, 0x53, 0x5c, 0x42, 0x8f, 0xc9, 0xdc, 0xd8, 0x40, 0xa2, 0xe7, 0x6a, 0x4a, 0x05, 0xf7, 0x86, 0x77, 0x2b, 0xae, 0x37, 0xed, 0x48, 0xfb, 0xf7, 0x62, 0x7c, 0x17, 0x59, 0x92, 0x41, 0x61, 0x93, 0x38, 0x30, 0xd1, 0xef, 0x54, 0x54, 0x03, 0x17, 0x57, 0x91, 0x15, 0x11, 0x33, 0xb5, 0xfa, 0xfb, 0x17,
+ /* (2^ 19)P */ 0x29, 0xbb, 0xd4, 0xb4, 0x9c, 0xf1, 0x72, 0x94, 0xce, 0x6a, 0x29, 0xa8, 0x89, 0x18, 0x19, 0xf7, 0xb7, 0xcc, 0xee, 0x9a, 0x02, 0xe3, 0xc0, 0xb1, 0xe0, 0xee, 0x83, 0x78, 0xb4, 0x9e, 0x07, 0x87, 0xdf, 0xb0, 0x82, 0x26, 0x4e, 0xa4, 0x0c, 0x33, 0xaf, 0x40, 0x59, 0xb6, 0xdd, 0x52, 0x45, 0xf0, 0xb4, 0xf6, 0xe8, 0x4e, 0x4e, 0x79, 0x1a, 0x5d,
+ /* (2^ 20)P */ 0x27, 0x33, 0x4d, 0x4c, 0x6b, 0x4f, 0x75, 0xb1, 0xbc, 0x1f, 0xab, 0x5b, 0x2b, 0xf0, 0x1c, 0x57, 0x86, 0xdd, 0xfd, 0x60, 0xb0, 0x8c, 0xe7, 0x9a, 0xe5, 0x5c, 0xeb, 0x11, 0x3a, 0xda, 0x22, 0x25, 0x99, 0x06, 0x8d, 0xf4, 0xaf, 0x29, 0x7a, 0xc9, 0xe5, 0xd2, 0x16, 0x9e, 0xd4, 0x63, 0x1d, 0x64, 0xa6, 0x47, 0x96, 0x37, 0x6f, 0x93, 0x2c, 0xcc,
+ /* (2^ 21)P */ 0xc1, 0x94, 0x74, 0x86, 0x75, 0xf2, 0x91, 0x58, 0x23, 0x85, 0x63, 0x76, 0x54, 0xc7, 0xb4, 0x8c, 0xbc, 0x4e, 0xc4, 0xa7, 0xba, 0xa0, 0x55, 0x26, 0x71, 0xd5, 0x33, 0x72, 0xc9, 0xad, 0x1e, 0xf9, 0x5d, 0x78, 0x70, 0x93, 0x4e, 0x85, 0xfc, 0x39, 0x06, 0x73, 0x76, 0xff, 0xe8, 0x64, 0x69, 0x42, 0x45, 0xb2, 0x69, 0xb5, 0x32, 0xe7, 0x2c, 0xde,
+ /* (2^ 22)P */ 0xde, 0x16, 0xd8, 0x33, 0x49, 0x32, 0xe9, 0x0e, 0x3a, 0x60, 0xee, 0x2e, 0x24, 0x75, 0xe3, 0x9c, 0x92, 0x07, 0xdb, 0xad, 0x92, 0xf5, 0x11, 0xdf, 0xdb, 0xb0, 0x17, 0x5c, 0xd6, 0x1a, 0x70, 0x00, 0xb7, 0xe2, 0x18, 0xec, 0xdc, 0xc2, 0x02, 0x93, 0xb3, 0xc8, 0x3f, 0x4f, 0x1b, 0x96, 0xe6, 0x33, 0x8c, 0xfb, 0xcc, 0xa5, 0x4e, 0xe8, 0xe7, 0x11,
+ /* (2^ 23)P */ 0x05, 0x7a, 0x74, 0x52, 0xf8, 0xdf, 0x0d, 0x7c, 0x6a, 0x1a, 0x4e, 0x9a, 0x02, 0x1d, 0xae, 0x77, 0xf8, 0x8e, 0xf9, 0xa2, 0x38, 0x54, 0x50, 0xb2, 0x2c, 0x08, 0x9d, 0x9b, 0x9f, 0xfb, 0x2b, 0x06, 0xde, 0x9d, 0xc2, 0x03, 0x0b, 0x22, 0x2b, 0x10, 0x5b, 0x3a, 0x73, 0x29, 0x8e, 0x3e, 0x37, 0x08, 0x2c, 0x3b, 0xf8, 0x80, 0xc1, 0x66, 0x1e, 0x98,
+ /* (2^ 24)P */ 0xd8, 0xd6, 0x3e, 0xcd, 0x63, 0x8c, 0x2b, 0x41, 0x81, 0xc0, 0x0c, 0x06, 0x87, 0xd6, 0xe7, 0x92, 0xfe, 0xf1, 0x0c, 0x4a, 0x84, 0x5b, 0xaf, 0x40, 0x53, 0x6f, 0x60, 0xd6, 0x6b, 0x76, 0x4b, 0xc2, 0xad, 0xc9, 0xb6, 0xb6, 0x6a, 0xa2, 0xb3, 0xf5, 0xf5, 0xc2, 0x55, 0x83, 0xb2, 0xd3, 0xe9, 0x41, 0x6c, 0x63, 0x51, 0xb8, 0x81, 0x74, 0xc8, 0x2c,
+ /* (2^ 25)P */ 0xb2, 0xaf, 0x1c, 0xee, 0x07, 0xb0, 0x58, 0xa8, 0x2c, 0x6a, 0xc9, 0x2d, 0x62, 0x28, 0x75, 0x0c, 0x40, 0xb6, 0x11, 0x33, 0x96, 0x80, 0x28, 0x6d, 0xd5, 0x9e, 0x87, 0x90, 0x01, 0x66, 0x1d, 0x1c, 0xf8, 0xb4, 0x92, 0xac, 0x38, 0x18, 0x05, 0xc2, 0x4c, 0x4b, 0x54, 0x7d, 0x80, 0x46, 0x87, 0x2d, 0x99, 0x8e, 0x70, 0x80, 0x69, 0x71, 0x8b, 0xed,
+ /* (2^ 26)P */ 0x37, 0xa7, 0x6b, 0x71, 0x36, 0x75, 0x8e, 0xff, 0x0f, 0x42, 0xda, 0x5a, 0x46, 0xa6, 0x97, 0x79, 0x7e, 0x30, 0xb3, 0x8f, 0xc7, 0x3a, 0xa0, 0xcb, 0x1d, 0x9c, 0x78, 0x77, 0x36, 0xc2, 0xe7, 0xf4, 0x2f, 0x29, 0x07, 0xb1, 0x07, 0xfd, 0xed, 0x1b, 0x39, 0x77, 0x06, 0x38, 0x77, 0x0f, 0x50, 0x31, 0x12, 0xbf, 0x92, 0xbf, 0x72, 0x79, 0x54, 0xa9,
+ /* (2^ 27)P */ 0xbd, 0x4d, 0x46, 0x6b, 0x1a, 0x80, 0x46, 0x2d, 0xed, 0xfd, 0x64, 0x6d, 0x94, 0xbc, 0x4a, 0x6e, 0x0c, 0x12, 0xf6, 0x12, 0xab, 0x54, 0x88, 0xd3, 0x85, 0xac, 0x51, 0xae, 0x6f, 0xca, 0xc4, 0xb7, 0xec, 0x22, 0x54, 0x6d, 0x80, 0xb2, 0x1c, 0x63, 0x33, 0x76, 0x6b, 0x8e, 0x6d, 0x59, 0xcd, 0x73, 0x92, 0x5f, 0xff, 0xad, 0x10, 0x35, 0x70, 0x5f,
+ /* (2^ 28)P */ 0xb3, 0x84, 0xde, 0xc8, 0x04, 0x43, 0x63, 0xfa, 0x29, 0xd9, 0xf0, 0x69, 0x65, 0x5a, 0x0c, 0xe8, 0x2e, 0x0b, 0xfe, 0xb0, 0x7a, 0x42, 0xb3, 0xc3, 0xfc, 0xe6, 0xb8, 0x92, 0x29, 0xae, 0xed, 0xec, 0xd5, 0xe8, 0x4a, 0xa1, 0xbd, 0x3b, 0xd3, 0xc0, 0x07, 0xab, 0x65, 0x65, 0x35, 0x9a, 0xa6, 0x5e, 0x78, 0x18, 0x76, 0x1c, 0x15, 0x49, 0xe6, 0x75,
+ /* (2^ 29)P */ 0x45, 0xb3, 0x92, 0xa9, 0xc3, 0xb8, 0x11, 0x68, 0x64, 0x3a, 0x83, 0x5d, 0xa8, 0x94, 0x6a, 0x9d, 0xaa, 0x27, 0x9f, 0x98, 0x5d, 0xc0, 0x29, 0xf0, 0xc0, 0x4b, 0x14, 0x3c, 0x05, 0xe7, 0xf8, 0xbd, 0x38, 0x22, 0x96, 0x75, 0x65, 0x5e, 0x0d, 0x3f, 0xbb, 0x6f, 0xe8, 0x3f, 0x96, 0x76, 0x9f, 0xba, 0xd9, 0x44, 0x92, 0x96, 0x22, 0xe7, 0x52, 0xe7,
+ /* (2^ 30)P */ 0xf4, 0xa3, 0x95, 0x90, 0x47, 0xdf, 0x7d, 0xdc, 0xf4, 0x13, 0x87, 0x67, 0x7d, 0x4f, 0x9d, 0xa0, 0x00, 0x46, 0x72, 0x08, 0xc3, 0xa2, 0x7a, 0x3e, 0xe7, 0x6d, 0x52, 0x7c, 0x11, 0x36, 0x50, 0x83, 0x89, 0x64, 0xcb, 0x1f, 0x08, 0x83, 0x46, 0xcb, 0xac, 0xa6, 0xd8, 0x9c, 0x1b, 0xe8, 0x05, 0x47, 0xc7, 0x26, 0x06, 0x83, 0x39, 0xe9, 0xb1, 0x1c,
+ /* (2^ 31)P */ 0x11, 0xe8, 0xc8, 0x42, 0xbf, 0x30, 0x9c, 0xa3, 0xf1, 0x85, 0x96, 0x95, 0x4f, 0x4f, 0x52, 0xa2, 0xf5, 0x8b, 0x68, 0x24, 0x16, 0xac, 0x9b, 0xa9, 0x27, 0x28, 0x0e, 0x84, 0x03, 0x46, 0x22, 0x5f, 0xf7, 0x0d, 0xa6, 0x85, 0x88, 0xc1, 0x45, 0x4b, 0x85, 0x1a, 0x10, 0x7f, 0xc9, 0x94, 0x20, 0xb0, 0x04, 0x28, 0x12, 0x30, 0xb9, 0xe6, 0x40, 0x6b,
+ /* (2^ 32)P */ 0xac, 0x1b, 0x57, 0xb6, 0x42, 0xdb, 0x81, 0x8d, 0x76, 0xfd, 0x9b, 0x1c, 0x29, 0x30, 0xd5, 0x3a, 0xcc, 0x53, 0xd9, 0x26, 0x7a, 0x0f, 0x9c, 0x2e, 0x79, 0xf5, 0x62, 0xeb, 0x61, 0x9d, 0x9b, 0x80, 0x39, 0xcd, 0x60, 0x2e, 0x1f, 0x08, 0x22, 0xbc, 0x19, 0xb3, 0x2a, 0x43, 0x44, 0xf2, 0x4e, 0x66, 0xf4, 0x36, 0xa6, 0xa7, 0xbc, 0xa4, 0x15, 0x7e,
+ /* (2^ 33)P */ 0xc1, 0x90, 0x8a, 0xde, 0xff, 0x78, 0xc3, 0x73, 0x16, 0xee, 0x76, 0xa0, 0x84, 0x60, 0x8d, 0xe6, 0x82, 0x0f, 0xde, 0x4e, 0xc5, 0x99, 0x34, 0x06, 0x90, 0x44, 0x55, 0xf8, 0x91, 0xd8, 0xe1, 0xe4, 0x2c, 0x8a, 0xde, 0x94, 0x1e, 0x78, 0x25, 0x3d, 0xfd, 0xd8, 0x59, 0x7d, 0xaf, 0x6e, 0xbe, 0x96, 0xbe, 0x3c, 0x16, 0x23, 0x0f, 0x4c, 0xa4, 0x28,
+ /* (2^ 34)P */ 0xba, 0x11, 0x35, 0x57, 0x03, 0xb6, 0xf4, 0x24, 0x89, 0xb8, 0x5a, 0x0d, 0x50, 0x9c, 0xaa, 0x51, 0x7f, 0xa4, 0x0e, 0xfc, 0x71, 0xb3, 0x3b, 0xf1, 0x96, 0x50, 0x23, 0x15, 0xf5, 0xf5, 0xd4, 0x23, 0xdc, 0x8b, 0x26, 0x9e, 0xae, 0xb7, 0x50, 0xcd, 0xc4, 0x25, 0xf6, 0x75, 0x40, 0x9c, 0x37, 0x79, 0x33, 0x60, 0xd4, 0x4b, 0x13, 0x32, 0xee, 0xe2,
+ /* (2^ 35)P */ 0x43, 0xb8, 0x56, 0x59, 0xf0, 0x68, 0x23, 0xb3, 0xea, 0x70, 0x58, 0x4c, 0x1e, 0x5a, 0x16, 0x54, 0x03, 0xb2, 0xf4, 0x73, 0xb6, 0xd9, 0x5c, 0x9c, 0x6f, 0xcf, 0x82, 0x2e, 0x54, 0x15, 0x46, 0x2c, 0xa3, 0xda, 0x4e, 0x87, 0xf5, 0x2b, 0xba, 0x91, 0xa3, 0xa0, 0x89, 0xba, 0x48, 0x2b, 0xfa, 0x64, 0x02, 0x7f, 0x78, 0x03, 0xd1, 0xe8, 0x3b, 0xe9,
+ /* (2^ 36)P */ 0x15, 0xa4, 0x71, 0xd4, 0x0c, 0x24, 0xe9, 0x07, 0xa1, 0x43, 0xf4, 0x7f, 0xbb, 0xa2, 0xa6, 0x6b, 0xfa, 0xb7, 0xea, 0x58, 0xd1, 0x96, 0xb0, 0x24, 0x5c, 0xc7, 0x37, 0x4e, 0x60, 0x0f, 0x40, 0xf2, 0x2f, 0x44, 0x70, 0xea, 0x80, 0x63, 0xfe, 0xfc, 0x46, 0x59, 0x12, 0x27, 0xb5, 0x27, 0xfd, 0xb7, 0x73, 0x0b, 0xca, 0x8b, 0xc2, 0xd3, 0x71, 0x08,
+ /* (2^ 37)P */ 0x26, 0x0e, 0xd7, 0x52, 0x6f, 0xf1, 0xf2, 0x9d, 0xb8, 0x3d, 0xbd, 0xd4, 0x75, 0x97, 0xd8, 0xbf, 0xa8, 0x86, 0x96, 0xa5, 0x80, 0xa0, 0x45, 0x75, 0xf6, 0x77, 0x71, 0xdb, 0x77, 0x96, 0x55, 0x99, 0x31, 0xd0, 0x4f, 0x34, 0xf4, 0x35, 0x39, 0x41, 0xd3, 0x7d, 0xf7, 0xe2, 0x74, 0xde, 0xbe, 0x5b, 0x1f, 0x39, 0x10, 0x21, 0xa3, 0x4d, 0x3b, 0xc8,
+ /* (2^ 38)P */ 0x04, 0x00, 0x2a, 0x45, 0xb2, 0xaf, 0x9b, 0x18, 0x6a, 0xeb, 0x96, 0x28, 0xa4, 0x77, 0xd0, 0x13, 0xcf, 0x17, 0x65, 0xe8, 0xc5, 0x81, 0x28, 0xad, 0x39, 0x7a, 0x0b, 0xaa, 0x55, 0x2b, 0xf3, 0xfc, 0x86, 0x40, 0xad, 0x0d, 0x1e, 0x28, 0xa2, 0x2d, 0xc5, 0xd6, 0x04, 0x15, 0xa2, 0x30, 0x3d, 0x12, 0x8e, 0xd6, 0xb5, 0xf7, 0x69, 0xbb, 0x84, 0x20,
+ /* (2^ 39)P */ 0xd7, 0x7a, 0x77, 0x2c, 0xfb, 0x81, 0x80, 0xe9, 0x1e, 0xc6, 0x36, 0x31, 0x79, 0xc3, 0x7c, 0xa9, 0x57, 0x6b, 0xb5, 0x70, 0xfb, 0xe4, 0xa1, 0xff, 0xfd, 0x21, 0xa5, 0x7c, 0xfa, 0x44, 0xba, 0x0d, 0x96, 0x3d, 0xc4, 0x5c, 0x39, 0x52, 0x87, 0xd7, 0x22, 0x0f, 0x52, 0x88, 0x91, 0x87, 0x96, 0xac, 0xfa, 0x3b, 0xdf, 0xdc, 0x83, 0x8c, 0x99, 0x29,
+ /* (2^ 40)P */ 0x98, 0x6b, 0x3a, 0x8d, 0x83, 0x17, 0xe1, 0x62, 0xd8, 0x80, 0x4c, 0x97, 0xce, 0x6b, 0xaa, 0x10, 0xa7, 0xc4, 0xe9, 0xeb, 0xa5, 0xfb, 0xc9, 0xdd, 0x2d, 0xeb, 0xfc, 0x9a, 0x71, 0xcd, 0x68, 0x6e, 0xc0, 0x35, 0x64, 0x62, 0x1b, 0x95, 0x12, 0xe8, 0x53, 0xec, 0xf0, 0xf4, 0x86, 0x86, 0x78, 0x18, 0xc4, 0xc6, 0xbc, 0x5a, 0x59, 0x8f, 0x7c, 0x7e,
+ /* (2^ 41)P */ 0x7f, 0xd7, 0x1e, 0xc5, 0x83, 0xdc, 0x1f, 0xbe, 0x0b, 0xcf, 0x2e, 0x01, 0x01, 0xed, 0xac, 0x17, 0x3b, 0xed, 0xa4, 0x30, 0x96, 0x0e, 0x14, 0x7e, 0x19, 0x2b, 0xa5, 0x67, 0x1e, 0xb3, 0x34, 0x03, 0xa8, 0xbb, 0x0a, 0x7d, 0x08, 0x2d, 0xd5, 0x53, 0x19, 0x6f, 0x13, 0xd5, 0xc0, 0x90, 0x8a, 0xcc, 0xc9, 0x5c, 0xab, 0x24, 0xd7, 0x03, 0xf6, 0x57,
+ /* (2^ 42)P */ 0x49, 0xcb, 0xb4, 0x96, 0x5f, 0xa6, 0xf8, 0x71, 0x6f, 0x59, 0xad, 0x05, 0x24, 0x2d, 0xaf, 0x67, 0xa8, 0xbe, 0x95, 0xdf, 0x0d, 0x28, 0x5a, 0x7f, 0x6e, 0x87, 0x8c, 0x6e, 0x67, 0x0c, 0xf4, 0xe0, 0x1c, 0x30, 0xc2, 0x66, 0xae, 0x20, 0xa1, 0x34, 0xec, 0x9c, 0xbc, 0xae, 0x3d, 0xa1, 0x28, 0x28, 0x95, 0x1d, 0xc9, 0x3a, 0xa8, 0xfd, 0xfc, 0xa1,
+ /* (2^ 43)P */ 0xe2, 0x2b, 0x9d, 0xed, 0x02, 0x99, 0x67, 0xbb, 0x2e, 0x16, 0x62, 0x05, 0x70, 0xc7, 0x27, 0xb9, 0x1c, 0x3f, 0xf2, 0x11, 0x01, 0xd8, 0x51, 0xa4, 0x18, 0x92, 0xa9, 0x5d, 0xfb, 0xa9, 0xe4, 0x42, 0xba, 0x38, 0x34, 0x1a, 0x4a, 0xc5, 0x6a, 0x37, 0xde, 0xa7, 0x0c, 0xb4, 0x7e, 0x7f, 0xde, 0xa6, 0xee, 0xcd, 0x55, 0x57, 0x05, 0x06, 0xfd, 0x5d,
+ /* (2^ 44)P */ 0x2f, 0x32, 0xcf, 0x2e, 0x2c, 0x7b, 0xbe, 0x9a, 0x0c, 0x57, 0x35, 0xf8, 0x87, 0xda, 0x9c, 0xec, 0x48, 0xf2, 0xbb, 0xe2, 0xda, 0x10, 0x58, 0x20, 0xc6, 0xd3, 0x87, 0xe9, 0xc7, 0x26, 0xd1, 0x9a, 0x46, 0x87, 0x90, 0xda, 0xdc, 0xde, 0xc3, 0xb3, 0xf2, 0xe8, 0x6f, 0x4a, 0xe6, 0xe8, 0x9d, 0x98, 0x36, 0x20, 0x03, 0x47, 0x15, 0x3f, 0x64, 0x59,
+ /* (2^ 45)P */ 0xd4, 0x71, 0x49, 0x0a, 0x67, 0x97, 0xaa, 0x3f, 0xf4, 0x1b, 0x3a, 0x6e, 0x5e, 0x17, 0xcc, 0x0a, 0x8f, 0x81, 0x6a, 0x41, 0x38, 0x77, 0x40, 0x8a, 0x11, 0x42, 0x62, 0xd2, 0x50, 0x32, 0x79, 0x78, 0x28, 0xc2, 0x2e, 0x10, 0x01, 0x94, 0x30, 0x4f, 0x7f, 0x18, 0x17, 0x56, 0x85, 0x4e, 0xad, 0xf7, 0xcb, 0x87, 0x3c, 0x3f, 0x50, 0x2c, 0xc0, 0xba,
+ /* (2^ 46)P */ 0xbc, 0x30, 0x8e, 0x65, 0x8e, 0x57, 0x5b, 0x38, 0x7a, 0xd4, 0x95, 0x52, 0x7a, 0x32, 0x59, 0x69, 0xcd, 0x9d, 0x47, 0x34, 0x5b, 0x55, 0xa5, 0x24, 0x60, 0xdd, 0xc0, 0xc1, 0x62, 0x73, 0x44, 0xae, 0x4c, 0x9c, 0x65, 0x55, 0x1b, 0x9d, 0x8a, 0x29, 0xb0, 0x1a, 0x52, 0xa8, 0xf1, 0xe6, 0x9a, 0xb3, 0xf6, 0xa3, 0xc9, 0x0a, 0x70, 0x7d, 0x0f, 0xee,
+ /* (2^ 47)P */ 0x77, 0xd3, 0xe5, 0x8e, 0xfa, 0x00, 0xeb, 0x1b, 0x7f, 0xdc, 0x68, 0x3f, 0x92, 0xbd, 0xb7, 0x0b, 0xb7, 0xb5, 0x24, 0xdf, 0xc5, 0x67, 0x53, 0xd4, 0x36, 0x79, 0xc4, 0x7b, 0x57, 0xbc, 0x99, 0x97, 0x60, 0xef, 0xe4, 0x01, 0xa1, 0xa7, 0xaa, 0x12, 0x36, 0x29, 0xb1, 0x03, 0xc2, 0x83, 0x1c, 0x2b, 0x83, 0xef, 0x2e, 0x2c, 0x23, 0x92, 0xfd, 0xd1,
+ /* (2^ 48)P */ 0x94, 0xef, 0x03, 0x59, 0xfa, 0x8a, 0x18, 0x76, 0xee, 0x58, 0x08, 0x4d, 0x44, 0xce, 0xf1, 0x52, 0x33, 0x49, 0xf6, 0x69, 0x71, 0xe3, 0xa9, 0xbc, 0x86, 0xe3, 0x43, 0xde, 0x33, 0x7b, 0x90, 0x8b, 0x3e, 0x7d, 0xd5, 0x4a, 0xf0, 0x23, 0x99, 0xa6, 0xea, 0x5f, 0x08, 0xe5, 0xb9, 0x49, 0x8b, 0x0d, 0x6a, 0x21, 0xab, 0x07, 0x62, 0xcd, 0xc4, 0xbe,
+ /* (2^ 49)P */ 0x61, 0xbf, 0x70, 0x14, 0xfa, 0x4e, 0x9e, 0x7c, 0x0c, 0xf8, 0xb2, 0x48, 0x71, 0x62, 0x83, 0xd6, 0xd1, 0xdc, 0x9c, 0x29, 0x66, 0xb1, 0x34, 0x9c, 0x8d, 0xe6, 0x88, 0xaf, 0xbe, 0xdc, 0x4d, 0xeb, 0xb0, 0xe7, 0x28, 0xae, 0xb2, 0x05, 0x56, 0xc6, 0x0e, 0x10, 0x26, 0xab, 0x2c, 0x59, 0x72, 0x03, 0x66, 0xfe, 0x8f, 0x2c, 0x51, 0x2d, 0xdc, 0xae,
+ /* (2^ 50)P */ 0xdc, 0x63, 0xf1, 0x8b, 0x5c, 0x65, 0x0b, 0xf1, 0xa6, 0x22, 0xe2, 0xd9, 0xdb, 0x49, 0xb1, 0x3c, 0x47, 0xc2, 0xfe, 0xac, 0x86, 0x07, 0x52, 0xec, 0xb0, 0x08, 0x69, 0xfb, 0xd1, 0x06, 0xdc, 0x48, 0x5c, 0x3d, 0xb2, 0x4d, 0xb8, 0x1a, 0x4e, 0xda, 0xb9, 0xc1, 0x2b, 0xab, 0x4b, 0x62, 0x81, 0x21, 0x9a, 0xfc, 0x3d, 0x39, 0x83, 0x11, 0x36, 0xeb,
+ /* (2^ 51)P */ 0x94, 0xf3, 0x17, 0xef, 0xf9, 0x60, 0x54, 0xc3, 0xd7, 0x27, 0x35, 0xc5, 0x98, 0x5e, 0xf6, 0x63, 0x6c, 0xa0, 0x4a, 0xd3, 0xa3, 0x98, 0xd9, 0x42, 0xe3, 0xf1, 0xf8, 0x81, 0x96, 0xa9, 0xea, 0x6d, 0x4b, 0x8e, 0x33, 0xca, 0x94, 0x0d, 0xa0, 0xf7, 0xbb, 0x64, 0xa3, 0x36, 0x6f, 0xdc, 0x5a, 0x94, 0x42, 0xca, 0x06, 0xb2, 0x2b, 0x9a, 0x9f, 0x71,
+ /* (2^ 52)P */ 0xec, 0xdb, 0xa6, 0x1f, 0xdf, 0x15, 0x36, 0xa3, 0xda, 0x8a, 0x7a, 0xb6, 0xa7, 0xe3, 0xaf, 0x52, 0xe0, 0x8d, 0xe8, 0xf2, 0x44, 0x20, 0xeb, 0xa1, 0x20, 0xc4, 0x65, 0x3c, 0x7c, 0x6c, 0x49, 0xed, 0x2f, 0x66, 0x23, 0x68, 0x61, 0x91, 0x40, 0x9f, 0x50, 0x19, 0xd1, 0x84, 0xa7, 0xe2, 0xed, 0x34, 0x37, 0xe3, 0xe4, 0x11, 0x7f, 0x87, 0x55, 0x0f,
+ /* (2^ 53)P */ 0xb3, 0xa1, 0x0f, 0xb0, 0x48, 0xc0, 0x4d, 0x96, 0xa7, 0xcf, 0x5a, 0x81, 0xb8, 0x4a, 0x46, 0xef, 0x0a, 0xd3, 0x40, 0x7e, 0x02, 0xe3, 0x63, 0xaa, 0x50, 0xd1, 0x2a, 0x37, 0x22, 0x4a, 0x7f, 0x4f, 0xb6, 0xf9, 0x01, 0x82, 0x78, 0x3d, 0x93, 0x14, 0x11, 0x8a, 0x90, 0x60, 0xcd, 0x45, 0x4e, 0x7b, 0x42, 0xb9, 0x3e, 0x6e, 0x68, 0x1f, 0x36, 0x41,
+ /* (2^ 54)P */ 0x13, 0x73, 0x0e, 0x4f, 0x79, 0x93, 0x9e, 0x29, 0x70, 0x7b, 0x4a, 0x59, 0x1a, 0x9a, 0xf4, 0x55, 0x08, 0xf0, 0xdb, 0x17, 0x58, 0xec, 0x64, 0xad, 0x7f, 0x29, 0xeb, 0x3f, 0x85, 0x4e, 0x60, 0x28, 0x98, 0x1f, 0x73, 0x4e, 0xe6, 0xa8, 0xab, 0xd5, 0xd6, 0xfc, 0xa1, 0x36, 0x6d, 0x15, 0xc6, 0x13, 0x83, 0xa0, 0xc2, 0x6e, 0xd9, 0xdb, 0xc9, 0xcc,
+ /* (2^ 55)P */ 0xff, 0xd8, 0x52, 0xa3, 0xdc, 0x99, 0xcf, 0x3e, 0x19, 0xb3, 0x68, 0xd0, 0xb5, 0x0d, 0xb8, 0xee, 0x3f, 0xef, 0x6e, 0xc0, 0x38, 0x28, 0x44, 0x92, 0x78, 0x91, 0x1a, 0x08, 0x78, 0x6c, 0x65, 0x24, 0xf3, 0xa2, 0x3d, 0xf2, 0xe5, 0x79, 0x62, 0x69, 0x29, 0xf4, 0x22, 0xc5, 0xdb, 0x6a, 0xae, 0xf4, 0x44, 0xa3, 0x6f, 0xc7, 0x86, 0xab, 0xef, 0xef,
+ /* (2^ 56)P */ 0xbf, 0x54, 0x9a, 0x09, 0x5d, 0x17, 0xd0, 0xde, 0xfb, 0xf5, 0xca, 0xff, 0x13, 0x20, 0x88, 0x82, 0x3a, 0xe2, 0xd0, 0x3b, 0xfb, 0x05, 0x76, 0xd1, 0xc0, 0x02, 0x71, 0x3b, 0x94, 0xe8, 0xc9, 0x84, 0xcf, 0xa4, 0xe9, 0x28, 0x7b, 0xf5, 0x09, 0xc3, 0x2b, 0x22, 0x40, 0xf1, 0x68, 0x24, 0x24, 0x7d, 0x9f, 0x6e, 0xcd, 0xfe, 0xb0, 0x19, 0x61, 0xf5,
+ /* (2^ 57)P */ 0xe8, 0x63, 0x51, 0xb3, 0x95, 0x6b, 0x7b, 0x74, 0x92, 0x52, 0x45, 0xa4, 0xed, 0xea, 0x0e, 0x0d, 0x2b, 0x01, 0x1e, 0x2c, 0xbc, 0x91, 0x06, 0x69, 0xdb, 0x1f, 0xb5, 0x77, 0x1d, 0x56, 0xf5, 0xb4, 0x02, 0x80, 0x49, 0x56, 0x12, 0xce, 0x86, 0x05, 0xc9, 0xd9, 0xae, 0xf3, 0x6d, 0xe6, 0x3f, 0x40, 0x52, 0xe9, 0x49, 0x2b, 0x31, 0x06, 0x86, 0x14,
+ /* (2^ 58)P */ 0xf5, 0x09, 0x3b, 0xd2, 0xff, 0xdf, 0x11, 0xa5, 0x1c, 0x99, 0xe8, 0x1b, 0xa4, 0x2c, 0x7d, 0x8e, 0xc8, 0xf7, 0x03, 0x46, 0xfa, 0xb6, 0xde, 0x73, 0x91, 0x7e, 0x5a, 0x7a, 0xd7, 0x9a, 0x5b, 0x80, 0x24, 0x62, 0x5e, 0x92, 0xf1, 0xa3, 0x45, 0xa3, 0x43, 0x92, 0x8a, 0x2a, 0x5b, 0x0c, 0xb4, 0xc8, 0xad, 0x1c, 0xb6, 0x6c, 0x5e, 0x81, 0x18, 0x91,
+ /* (2^ 59)P */ 0x96, 0xb3, 0xca, 0x2b, 0xe3, 0x7a, 0x59, 0x72, 0x17, 0x74, 0x29, 0x21, 0xe7, 0x78, 0x07, 0xad, 0xda, 0xb6, 0xcd, 0xf9, 0x27, 0x4d, 0xc8, 0xf2, 0x98, 0x22, 0xca, 0xf2, 0x33, 0x74, 0x7a, 0xdd, 0x1e, 0x71, 0xec, 0xe3, 0x3f, 0xe2, 0xa2, 0xd2, 0x38, 0x75, 0xb0, 0xd0, 0x0a, 0xcf, 0x7d, 0x36, 0xdc, 0x49, 0x38, 0x25, 0x34, 0x4f, 0x20, 0x9a,
+ /* (2^ 60)P */ 0x2b, 0x6e, 0x04, 0x0d, 0x4f, 0x3d, 0x3b, 0x24, 0xf6, 0x4e, 0x5e, 0x0a, 0xbd, 0x48, 0x96, 0xba, 0x81, 0x8f, 0x39, 0x82, 0x13, 0xe6, 0x72, 0xf3, 0x0f, 0xb6, 0x94, 0xf4, 0xc5, 0x90, 0x74, 0x91, 0xa8, 0xf2, 0xc9, 0xca, 0x9a, 0x4d, 0x98, 0xf2, 0xdf, 0x52, 0x4e, 0x97, 0x2f, 0xeb, 0x84, 0xd3, 0xaf, 0xc2, 0xcc, 0xfb, 0x4c, 0x26, 0x4b, 0xe4,
+ /* (2^ 61)P */ 0x12, 0x9e, 0xfb, 0x9d, 0x78, 0x79, 0x99, 0xdd, 0xb3, 0x0b, 0x2e, 0x56, 0x41, 0x8e, 0x3f, 0x39, 0xb8, 0x97, 0x89, 0x53, 0x9b, 0x8a, 0x3c, 0x40, 0x9d, 0xa4, 0x6c, 0x2e, 0x31, 0x71, 0xc6, 0x0a, 0x41, 0xd4, 0x95, 0x06, 0x5e, 0xc1, 0xab, 0xc2, 0x14, 0xc4, 0xc7, 0x15, 0x08, 0x3a, 0xad, 0x7a, 0xb4, 0x62, 0xa3, 0x0c, 0x90, 0xf4, 0x47, 0x08,
+ /* (2^ 62)P */ 0x7f, 0xec, 0x09, 0x82, 0xf5, 0x94, 0x09, 0x93, 0x32, 0xd3, 0xdc, 0x56, 0x80, 0x7b, 0x5b, 0x22, 0x80, 0x6a, 0x96, 0x72, 0xb1, 0xc2, 0xd9, 0xa1, 0x8b, 0x66, 0x42, 0x16, 0xe2, 0x07, 0xb3, 0x2d, 0xf1, 0x75, 0x35, 0x72, 0xc7, 0x98, 0xbe, 0x63, 0x3b, 0x20, 0x75, 0x05, 0xc1, 0x3e, 0x31, 0x5a, 0xf7, 0xaa, 0xae, 0x4b, 0xdb, 0x1d, 0xd0, 0x74,
+ /* (2^ 63)P */ 0x36, 0x5c, 0x74, 0xe6, 0x5d, 0x59, 0x3f, 0x15, 0x4b, 0x4d, 0x4e, 0x67, 0x41, 0xfe, 0x98, 0x1f, 0x49, 0x76, 0x91, 0x0f, 0x9b, 0xf4, 0xaf, 0x86, 0xaf, 0x66, 0x19, 0xed, 0x46, 0xf1, 0x05, 0x9a, 0xcc, 0xd1, 0x14, 0x1f, 0x82, 0x12, 0x8e, 0xe6, 0xf4, 0xc3, 0x42, 0x5c, 0x4e, 0x33, 0x93, 0xbe, 0x30, 0xe7, 0x64, 0xa9, 0x35, 0x00, 0x4d, 0xf9,
+ /* (2^ 64)P */ 0x1f, 0xc1, 0x1e, 0xb7, 0xe3, 0x7c, 0xfa, 0xa3, 0x6b, 0x76, 0xaf, 0x9c, 0x05, 0x85, 0x4a, 0xa9, 0xfb, 0xe3, 0x7e, 0xf2, 0x49, 0x56, 0xdc, 0x2f, 0x57, 0x10, 0xba, 0x37, 0xb2, 0x62, 0xf5, 0x6b, 0xe5, 0x8f, 0x0a, 0x87, 0xd1, 0x6a, 0xcb, 0x9d, 0x07, 0xd0, 0xf6, 0x38, 0x99, 0x2c, 0x61, 0x4a, 0x4e, 0xd8, 0xd2, 0x88, 0x29, 0x99, 0x11, 0x95,
+ /* (2^ 65)P */ 0x6f, 0xdc, 0xd5, 0xd6, 0xd6, 0xa7, 0x4c, 0x46, 0x93, 0x65, 0x62, 0x23, 0x95, 0x32, 0x9c, 0xde, 0x40, 0x41, 0x68, 0x2c, 0x18, 0x4e, 0x5a, 0x8c, 0xc0, 0xc5, 0xc5, 0xea, 0x5c, 0x45, 0x0f, 0x60, 0x78, 0x39, 0xb6, 0x36, 0x23, 0x12, 0xbc, 0x21, 0x9a, 0xf8, 0x91, 0xac, 0xc4, 0x70, 0xdf, 0x85, 0x8e, 0x3c, 0xec, 0x22, 0x04, 0x98, 0xa8, 0xaa,
+ /* (2^ 66)P */ 0xcc, 0x52, 0x10, 0x5b, 0x4b, 0x6c, 0xc5, 0xfa, 0x3e, 0xd4, 0xf8, 0x1c, 0x04, 0x14, 0x48, 0x33, 0xd9, 0xfc, 0x5f, 0xb0, 0xa5, 0x48, 0x8c, 0x45, 0x8a, 0xee, 0x3e, 0xa7, 0xc1, 0x2e, 0x34, 0xca, 0xf6, 0xc9, 0xeb, 0x10, 0xbb, 0xe1, 0x59, 0x84, 0x25, 0xe8, 0x81, 0x70, 0xc0, 0x09, 0x42, 0xa7, 0x3b, 0x0d, 0x33, 0x00, 0xb5, 0x77, 0xbe, 0x25,
+ /* (2^ 67)P */ 0xcd, 0x1f, 0xbc, 0x7d, 0xef, 0xe5, 0xca, 0x91, 0xaf, 0xa9, 0x59, 0x6a, 0x09, 0xca, 0xd6, 0x1b, 0x3d, 0x55, 0xde, 0xa2, 0x6a, 0x80, 0xd6, 0x95, 0x47, 0xe4, 0x5f, 0x68, 0x54, 0x08, 0xdf, 0x29, 0xba, 0x2a, 0x02, 0x84, 0xe8, 0xe9, 0x00, 0x77, 0x99, 0x36, 0x03, 0xf6, 0x4a, 0x3e, 0x21, 0x81, 0x7d, 0xb8, 0xa4, 0x8a, 0xa2, 0x05, 0xef, 0xbc,
+ /* (2^ 68)P */ 0x7c, 0x59, 0x5f, 0x66, 0xd9, 0xb7, 0x83, 0x43, 0x8a, 0xa1, 0x8d, 0x51, 0x70, 0xba, 0xf2, 0x9b, 0x95, 0xc0, 0x4b, 0x4c, 0xa0, 0x14, 0xd3, 0xa4, 0x5d, 0x4a, 0x37, 0x36, 0x97, 0x31, 0x1e, 0x12, 0xe7, 0xbb, 0x08, 0x67, 0xa5, 0x23, 0xd7, 0xfb, 0x97, 0xd8, 0x6a, 0x03, 0xb1, 0xf8, 0x7f, 0xda, 0x58, 0xd9, 0x3f, 0x73, 0x4a, 0x53, 0xe1, 0x7b,
+ /* (2^ 69)P */ 0x55, 0x83, 0x98, 0x78, 0x6c, 0x56, 0x5e, 0xed, 0xf7, 0x23, 0x3e, 0x4c, 0x7d, 0x09, 0x2d, 0x09, 0x9c, 0x58, 0x8b, 0x32, 0xca, 0xfe, 0xbf, 0x47, 0x03, 0xeb, 0x4d, 0xe7, 0xeb, 0x9c, 0x83, 0x05, 0x68, 0xaa, 0x80, 0x89, 0x44, 0xf9, 0xd4, 0xdc, 0xdb, 0xb1, 0xdb, 0x77, 0xac, 0xf9, 0x2a, 0xae, 0x35, 0xac, 0x74, 0xb5, 0x95, 0x62, 0x18, 0x85,
+ /* (2^ 70)P */ 0xab, 0x82, 0x7e, 0x10, 0xd7, 0xe6, 0x57, 0xd1, 0x66, 0x12, 0x31, 0x9c, 0x9c, 0xa6, 0x27, 0x59, 0x71, 0x2e, 0xeb, 0xa0, 0x68, 0xc5, 0x87, 0x51, 0xf4, 0xca, 0x3f, 0x98, 0x56, 0xb0, 0x89, 0xb1, 0xc7, 0x7b, 0x46, 0xb3, 0xae, 0x36, 0xf2, 0xee, 0x15, 0x1a, 0x60, 0xf4, 0x50, 0x76, 0x4f, 0xc4, 0x53, 0x0d, 0x36, 0x4d, 0x31, 0xb1, 0x20, 0x51,
+ /* (2^ 71)P */ 0xf7, 0x1d, 0x8c, 0x1b, 0x5e, 0xe5, 0x02, 0x6f, 0xc5, 0xa5, 0xe0, 0x5f, 0xc6, 0xb6, 0x63, 0x43, 0xaf, 0x3c, 0x19, 0x6c, 0xf4, 0xaf, 0xa4, 0x33, 0xb1, 0x0a, 0x37, 0x3d, 0xd9, 0x4d, 0xe2, 0x29, 0x24, 0x26, 0x94, 0x7c, 0x02, 0xe4, 0xe2, 0xf2, 0xbe, 0xbd, 0xac, 0x1b, 0x48, 0xb8, 0xdd, 0xe9, 0x0d, 0x9a, 0x50, 0x1a, 0x98, 0x71, 0x6e, 0xdc,
+ /* (2^ 72)P */ 0x9f, 0x40, 0xb1, 0xb3, 0x66, 0x28, 0x6c, 0xfe, 0xa6, 0x7d, 0xf8, 0x3e, 0xb8, 0xf3, 0xde, 0x52, 0x76, 0x52, 0xa3, 0x92, 0x98, 0x23, 0xab, 0x4f, 0x88, 0x97, 0xfc, 0x22, 0xe1, 0x6b, 0x67, 0xcd, 0x13, 0x95, 0xda, 0x65, 0xdd, 0x3b, 0x67, 0x3f, 0x5f, 0x4c, 0xf2, 0x8a, 0xad, 0x98, 0xa7, 0x94, 0x24, 0x45, 0x87, 0x11, 0x7c, 0x75, 0x79, 0x85,
+ /* (2^ 73)P */ 0x70, 0xbf, 0xf9, 0x3b, 0xa9, 0x44, 0x57, 0x72, 0x96, 0xc9, 0xa4, 0x98, 0x65, 0xbf, 0x87, 0xb3, 0x3a, 0x39, 0x12, 0xde, 0xe5, 0x39, 0x01, 0x4f, 0xf7, 0xc0, 0x71, 0x52, 0x36, 0x85, 0xb3, 0x18, 0xf8, 0x14, 0xc0, 0x6d, 0xae, 0x9e, 0x4f, 0xb0, 0x72, 0x87, 0xac, 0x5c, 0xd1, 0x6c, 0x41, 0x6c, 0x90, 0x9d, 0x22, 0x81, 0xe4, 0x2b, 0xea, 0xe5,
+ /* (2^ 74)P */ 0xfc, 0xea, 0x1a, 0x65, 0xd9, 0x49, 0x6a, 0x39, 0xb5, 0x96, 0x72, 0x7b, 0x32, 0xf1, 0xd0, 0xe9, 0x45, 0xd9, 0x31, 0x55, 0xc7, 0x34, 0xe9, 0x5a, 0xec, 0x73, 0x0b, 0x03, 0xc4, 0xb3, 0xe6, 0xc9, 0x5e, 0x0a, 0x17, 0xfe, 0x53, 0x66, 0x7f, 0x21, 0x18, 0x74, 0x54, 0x1b, 0xc9, 0x49, 0x16, 0xd2, 0x48, 0xaf, 0x5b, 0x47, 0x7b, 0xeb, 0xaa, 0xc9,
+ /* (2^ 75)P */ 0x47, 0x04, 0xf5, 0x5a, 0x87, 0x77, 0x9e, 0x21, 0x34, 0x4e, 0x83, 0x88, 0xaf, 0x02, 0x1d, 0xb0, 0x5a, 0x1d, 0x1d, 0x7d, 0x8d, 0x2c, 0xd3, 0x8d, 0x63, 0xa9, 0x45, 0xfb, 0x15, 0x6d, 0x86, 0x45, 0xcd, 0x38, 0x0e, 0xf7, 0x37, 0x79, 0xed, 0x6d, 0x5a, 0xbc, 0x32, 0xcc, 0x66, 0xf1, 0x3a, 0xb2, 0x87, 0x6f, 0x70, 0x71, 0xd9, 0xf2, 0xfa, 0x7b,
+ /* (2^ 76)P */ 0x68, 0x07, 0xdc, 0x61, 0x40, 0xe4, 0xec, 0x32, 0xc8, 0xbe, 0x66, 0x30, 0x54, 0x80, 0xfd, 0x13, 0x7a, 0xef, 0xae, 0xed, 0x2e, 0x00, 0x6d, 0x3f, 0xbd, 0xfc, 0x91, 0x24, 0x53, 0x7f, 0x63, 0x9d, 0x2e, 0xe3, 0x76, 0xe0, 0xf3, 0xe1, 0x8f, 0x7a, 0xc4, 0x77, 0x0c, 0x91, 0xc0, 0xc2, 0x18, 0x6b, 0x04, 0xad, 0xb6, 0x70, 0x9a, 0x64, 0xc5, 0x82,
+ /* (2^ 77)P */ 0x7f, 0xea, 0x13, 0xd8, 0x9e, 0xfc, 0x5b, 0x06, 0xb5, 0x4f, 0xda, 0x38, 0xe0, 0x9c, 0xd2, 0x3a, 0xc1, 0x1c, 0x62, 0x70, 0x7f, 0xc6, 0x24, 0x0a, 0x47, 0x04, 0x01, 0xc4, 0x55, 0x09, 0xd1, 0x7a, 0x07, 0xba, 0xa3, 0x80, 0x4f, 0xc1, 0x65, 0x36, 0x6d, 0xc0, 0x10, 0xcf, 0x94, 0xa9, 0xa2, 0x01, 0x44, 0xd1, 0xf9, 0x1c, 0x4c, 0xfb, 0xf8, 0x99,
+ /* (2^ 78)P */ 0x6c, 0xb9, 0x6b, 0xee, 0x43, 0x5b, 0xb9, 0xbb, 0xee, 0x2e, 0x52, 0xc1, 0xc6, 0xb9, 0x61, 0xd2, 0x93, 0xa5, 0xaf, 0x52, 0xf4, 0xa4, 0x1a, 0x51, 0x61, 0xa7, 0xcb, 0x9e, 0xbb, 0x56, 0x65, 0xe2, 0xbf, 0x75, 0xb9, 0x9c, 0x50, 0x96, 0x60, 0x81, 0x74, 0x47, 0xc0, 0x04, 0x88, 0x71, 0x76, 0x39, 0x9a, 0xa7, 0xb1, 0x4e, 0x43, 0x15, 0xe0, 0xbb,
+ /* (2^ 79)P */ 0xbb, 0xce, 0xe2, 0xbb, 0xf9, 0x17, 0x0f, 0x82, 0x40, 0xad, 0x73, 0xe3, 0xeb, 0x3b, 0x06, 0x1a, 0xcf, 0x8e, 0x6e, 0x28, 0xb8, 0x26, 0xd9, 0x5b, 0xb7, 0xb3, 0xcf, 0xb4, 0x6a, 0x1c, 0xbf, 0x7f, 0xb8, 0xb5, 0x79, 0xcf, 0x45, 0x68, 0x7d, 0xc5, 0xeb, 0xf3, 0xbe, 0x39, 0x40, 0xfc, 0x07, 0x90, 0x7a, 0x62, 0xad, 0x86, 0x08, 0x71, 0x25, 0xe1,
+ /* (2^ 80)P */ 0x9b, 0x46, 0xac, 0xef, 0xc1, 0x4e, 0xa1, 0x97, 0x95, 0x76, 0xf9, 0x1b, 0xc2, 0xb2, 0x6a, 0x41, 0xea, 0x80, 0x3d, 0xe9, 0x08, 0x52, 0x5a, 0xe3, 0xf2, 0x08, 0xc5, 0xea, 0x39, 0x3f, 0x44, 0x71, 0x4d, 0xea, 0x0d, 0x05, 0x23, 0xe4, 0x2e, 0x3c, 0x89, 0xfe, 0x12, 0x8a, 0x95, 0x42, 0x0a, 0x68, 0xea, 0x5a, 0x28, 0x06, 0x9e, 0xe3, 0x5f, 0xe0,
+ /* (2^ 81)P */ 0x00, 0x61, 0x6c, 0x98, 0x9b, 0xe7, 0xb9, 0x06, 0x1c, 0xc5, 0x1b, 0xed, 0xbe, 0xc8, 0xb3, 0xea, 0x87, 0xf0, 0xc4, 0x24, 0x7d, 0xbb, 0x5d, 0xa4, 0x1d, 0x7a, 0x16, 0x00, 0x55, 0x94, 0x67, 0x78, 0xbd, 0x58, 0x02, 0x82, 0x90, 0x53, 0x76, 0xd4, 0x72, 0x99, 0x51, 0x6f, 0x7b, 0xcf, 0x80, 0x30, 0x31, 0x3b, 0x01, 0xc7, 0xc1, 0xef, 0xe6, 0x42,
+ /* (2^ 82)P */ 0xe2, 0x35, 0xaf, 0x4b, 0x79, 0xc6, 0x12, 0x24, 0x99, 0xc0, 0x68, 0xb0, 0x43, 0x3e, 0xe5, 0xef, 0xe2, 0x29, 0xea, 0xb8, 0xb3, 0xbc, 0x6a, 0x53, 0x2c, 0x69, 0x18, 0x5a, 0xf9, 0x15, 0xae, 0x66, 0x58, 0x18, 0xd3, 0x2d, 0x4b, 0x00, 0xfd, 0x84, 0xab, 0x4f, 0xae, 0x70, 0x6b, 0x9e, 0x9a, 0xdf, 0x83, 0xfd, 0x2e, 0x3c, 0xcf, 0xf8, 0x88, 0x5b,
+ /* (2^ 83)P */ 0xa4, 0x90, 0x31, 0x85, 0x13, 0xcd, 0xdf, 0x64, 0xc9, 0xa1, 0x0b, 0xe7, 0xb6, 0x73, 0x8a, 0x1b, 0x22, 0x78, 0x4c, 0xd4, 0xae, 0x48, 0x18, 0x00, 0x00, 0xa8, 0x9f, 0x06, 0xf9, 0xfb, 0x2d, 0xc3, 0xb1, 0x2a, 0xbc, 0x13, 0x99, 0x57, 0xaf, 0xf0, 0x8d, 0x61, 0x54, 0x29, 0xd5, 0xf2, 0x72, 0x00, 0x96, 0xd1, 0x85, 0x12, 0x8a, 0xf0, 0x23, 0xfb,
+ /* (2^ 84)P */ 0x69, 0xc7, 0xdb, 0xd9, 0x92, 0x75, 0x08, 0x9b, 0xeb, 0xa5, 0x93, 0xd1, 0x1a, 0xf4, 0xf5, 0xaf, 0xe6, 0xc4, 0x4a, 0x0d, 0x35, 0x26, 0x39, 0x9d, 0xd3, 0x17, 0x3e, 0xae, 0x2d, 0xbf, 0x73, 0x9f, 0xb7, 0x74, 0x91, 0xd1, 0xd8, 0x5c, 0x14, 0xf9, 0x75, 0xdf, 0xeb, 0xc2, 0x22, 0xd8, 0x14, 0x8d, 0x86, 0x23, 0x4d, 0xd1, 0x2d, 0xdb, 0x6b, 0x42,
+ /* (2^ 85)P */ 0x8c, 0xda, 0xc6, 0xf8, 0x71, 0xba, 0x2b, 0x06, 0x78, 0xae, 0xcc, 0x3a, 0xe3, 0xe3, 0xa1, 0x8b, 0xe2, 0x34, 0x6d, 0x28, 0x9e, 0x46, 0x13, 0x4d, 0x9e, 0xa6, 0x73, 0x49, 0x65, 0x79, 0x88, 0xb9, 0x3a, 0xd1, 0x6d, 0x2f, 0x48, 0x2b, 0x0a, 0x7f, 0x58, 0x20, 0x37, 0xf4, 0x0e, 0xbb, 0x4a, 0x95, 0x58, 0x0c, 0x88, 0x30, 0xc4, 0x74, 0xdd, 0xfd,
+ /* (2^ 86)P */ 0x6d, 0x13, 0x4e, 0x89, 0x2d, 0xa9, 0xa3, 0xed, 0x09, 0xe3, 0x0e, 0x71, 0x3e, 0x4a, 0xab, 0x90, 0xde, 0x03, 0xeb, 0x56, 0x46, 0x60, 0x06, 0xf5, 0x71, 0xe5, 0xee, 0x9b, 0xef, 0xff, 0xc4, 0x2c, 0x9f, 0x37, 0x48, 0x45, 0x94, 0x12, 0x41, 0x81, 0x15, 0x70, 0x91, 0x99, 0x5e, 0x56, 0x6b, 0xf4, 0xa6, 0xc9, 0xf5, 0x69, 0x9d, 0x78, 0x37, 0x57,
+ /* (2^ 87)P */ 0xf3, 0x51, 0x57, 0x7e, 0x43, 0x6f, 0xc6, 0x67, 0x59, 0x0c, 0xcf, 0x94, 0xe6, 0x3d, 0xb5, 0x07, 0xc9, 0x77, 0x48, 0xc9, 0x68, 0x0d, 0x98, 0x36, 0x62, 0x35, 0x38, 0x1c, 0xf5, 0xc5, 0xec, 0x66, 0x78, 0xfe, 0x47, 0xab, 0x26, 0xd6, 0x44, 0xb6, 0x06, 0x0f, 0x89, 0xe3, 0x19, 0x40, 0x1a, 0xe7, 0xd8, 0x65, 0x55, 0xf7, 0x1a, 0xfc, 0xa3, 0x0e,
+ /* (2^ 88)P */ 0x0e, 0x30, 0xa6, 0xb7, 0x58, 0x60, 0x62, 0x2a, 0x6c, 0x13, 0xa8, 0x14, 0x9b, 0xb8, 0xf2, 0x70, 0xd8, 0xb1, 0x71, 0x88, 0x8c, 0x18, 0x31, 0x25, 0x93, 0x90, 0xb4, 0xc7, 0x49, 0xd8, 0xd4, 0xdb, 0x1e, 0x1e, 0x7f, 0xaa, 0xba, 0xc9, 0xf2, 0x5d, 0xa9, 0x3a, 0x43, 0xb4, 0x5c, 0xee, 0x7b, 0xc7, 0x97, 0xb7, 0x66, 0xd7, 0x23, 0xd9, 0x22, 0x59,
+ /* (2^ 89)P */ 0x28, 0x19, 0xa6, 0xf9, 0x89, 0x20, 0x78, 0xd4, 0x6d, 0xcb, 0x79, 0x8f, 0x61, 0x6f, 0xb2, 0x5c, 0x4f, 0xa6, 0x54, 0x84, 0x95, 0x24, 0x36, 0x64, 0xcb, 0x39, 0xe7, 0x8f, 0x97, 0x9c, 0x5c, 0x3c, 0xfb, 0x51, 0x11, 0x01, 0x17, 0xdb, 0xc9, 0x9b, 0x51, 0x03, 0x9a, 0xe9, 0xe5, 0x24, 0x1e, 0xf5, 0xda, 0xe0, 0x48, 0x02, 0x23, 0xd0, 0x2c, 0x81,
+ /* (2^ 90)P */ 0x42, 0x1b, 0xe4, 0x91, 0x85, 0x2a, 0x0c, 0xd2, 0x28, 0x66, 0x57, 0x9e, 0x33, 0x8d, 0x25, 0x71, 0x10, 0x65, 0x76, 0xa2, 0x8c, 0x21, 0x86, 0x81, 0x15, 0xc2, 0x27, 0xeb, 0x54, 0x2d, 0x4f, 0x6c, 0xe6, 0xd6, 0x24, 0x9c, 0x1a, 0x12, 0xb8, 0x81, 0xe2, 0x0a, 0xf3, 0xd3, 0xf0, 0xd3, 0xe1, 0x74, 0x1f, 0x9b, 0x11, 0x47, 0xd0, 0xcf, 0xb6, 0x54,
+ /* (2^ 91)P */ 0x26, 0x45, 0xa2, 0x10, 0xd4, 0x2d, 0xae, 0xc0, 0xb0, 0xe8, 0x86, 0xb3, 0xc7, 0xea, 0x70, 0x87, 0x61, 0xb5, 0xa5, 0x55, 0xbe, 0x88, 0x1d, 0x7a, 0xd9, 0x6f, 0xeb, 0x83, 0xe2, 0x44, 0x7f, 0x98, 0x04, 0xd6, 0x50, 0x9d, 0xa7, 0x86, 0x66, 0x09, 0x63, 0xe1, 0xed, 0x72, 0xb1, 0xe4, 0x1d, 0x3a, 0xfd, 0x47, 0xce, 0x1c, 0xaa, 0x3b, 0x8f, 0x1b,
+ /* (2^ 92)P */ 0xf4, 0x3c, 0x4a, 0xb6, 0xc2, 0x9c, 0xe0, 0x2e, 0xb7, 0x38, 0xea, 0x61, 0x35, 0x97, 0x10, 0x90, 0xae, 0x22, 0x48, 0xb3, 0xa9, 0xc6, 0x7a, 0xbb, 0x23, 0xf2, 0xf8, 0x1b, 0xa7, 0xa1, 0x79, 0xcc, 0xc4, 0xf8, 0x08, 0x76, 0x8a, 0x5a, 0x1c, 0x1b, 0xc5, 0x33, 0x91, 0xa9, 0xb8, 0xb9, 0xd3, 0xf8, 0x49, 0xcd, 0xe5, 0x82, 0x43, 0xf7, 0xca, 0x68,
+ /* (2^ 93)P */ 0x38, 0xba, 0xae, 0x44, 0xfe, 0x57, 0x64, 0x56, 0x7c, 0x0e, 0x9c, 0xca, 0xff, 0xa9, 0x82, 0xbb, 0x38, 0x4a, 0xa7, 0xf7, 0x47, 0xab, 0xbe, 0x6d, 0x23, 0x0b, 0x8a, 0xed, 0xc2, 0xb9, 0x8f, 0xf1, 0xec, 0x91, 0x44, 0x73, 0x64, 0xba, 0xd5, 0x8f, 0x37, 0x38, 0x0d, 0xd5, 0xf8, 0x73, 0x57, 0xb6, 0xc2, 0x45, 0xdc, 0x25, 0xb2, 0xb6, 0xea, 0xd9,
+ /* (2^ 94)P */ 0xbf, 0xe9, 0x1a, 0x40, 0x4d, 0xcc, 0xe6, 0x1d, 0x70, 0x1a, 0x65, 0xcc, 0x34, 0x2c, 0x37, 0x2c, 0x2d, 0x6b, 0x6d, 0xe5, 0x2f, 0x19, 0x9e, 0xe4, 0xe1, 0xaa, 0xd4, 0xab, 0x54, 0xf4, 0xa8, 0xe4, 0x69, 0x2d, 0x8e, 0x4d, 0xd7, 0xac, 0xb0, 0x5b, 0xfe, 0xe3, 0x26, 0x07, 0xc3, 0xf8, 0x1b, 0x43, 0xa8, 0x1d, 0x64, 0xa5, 0x25, 0x88, 0xbb, 0x77,
+ /* (2^ 95)P */ 0x92, 0xcd, 0x6e, 0xa0, 0x79, 0x04, 0x18, 0xf4, 0x11, 0x58, 0x48, 0xb5, 0x3c, 0x7b, 0xd1, 0xcc, 0xd3, 0x14, 0x2c, 0xa0, 0xdd, 0x04, 0x44, 0x11, 0xb3, 0x6d, 0x2f, 0x0d, 0xf5, 0x2a, 0x75, 0x5d, 0x1d, 0xda, 0x86, 0x8d, 0x7d, 0x6b, 0x32, 0x68, 0xb6, 0x6c, 0x64, 0x9e, 0xde, 0x80, 0x88, 0xce, 0x08, 0xbf, 0x0b, 0xe5, 0x8e, 0x4f, 0x1d, 0xfb,
+ /* (2^ 96)P */ 0xaf, 0xe8, 0x85, 0xbf, 0x7f, 0x37, 0x8d, 0x66, 0x7c, 0xd5, 0xd3, 0x96, 0xa5, 0x81, 0x67, 0x95, 0xff, 0x48, 0xde, 0xde, 0xd7, 0x7a, 0x46, 0x34, 0xb1, 0x13, 0x70, 0x29, 0xed, 0x87, 0x90, 0xb0, 0x40, 0x2c, 0xa6, 0x43, 0x6e, 0xb6, 0xbc, 0x48, 0x8a, 0xc1, 0xae, 0xb8, 0xd4, 0xe2, 0xc0, 0x32, 0xb2, 0xa6, 0x2a, 0x8f, 0xb5, 0x16, 0x9e, 0xc3,
+ /* (2^ 97)P */ 0xff, 0x4d, 0xd2, 0xd6, 0x74, 0xef, 0x2c, 0x96, 0xc1, 0x11, 0xa8, 0xb8, 0xfe, 0x94, 0x87, 0x3e, 0xa0, 0xfb, 0x57, 0xa3, 0xfc, 0x7a, 0x7e, 0x6a, 0x59, 0x6c, 0x54, 0xbb, 0xbb, 0xa2, 0x25, 0x38, 0x1b, 0xdf, 0x5d, 0x7b, 0x94, 0x14, 0xde, 0x07, 0x6e, 0xd3, 0xab, 0x02, 0x26, 0x74, 0x16, 0x12, 0xdf, 0x2e, 0x2a, 0xa7, 0xb0, 0xe8, 0x29, 0xc0,
+ /* (2^ 98)P */ 0x6a, 0x38, 0x0b, 0xd3, 0xba, 0x45, 0x23, 0xe0, 0x04, 0x3b, 0x83, 0x39, 0xc5, 0x11, 0xe6, 0xcf, 0x39, 0x0a, 0xb3, 0xb0, 0x3b, 0x27, 0x29, 0x63, 0x1c, 0xf3, 0x00, 0xe6, 0xd2, 0x55, 0x21, 0x1f, 0x84, 0x97, 0x9f, 0x01, 0x49, 0x43, 0x30, 0x5f, 0xe0, 0x1d, 0x24, 0xc4, 0x4e, 0xa0, 0x2b, 0x0b, 0x12, 0x55, 0xc3, 0x27, 0xae, 0x08, 0x83, 0x7c,
+ /* (2^ 99)P */ 0x5d, 0x1a, 0xb7, 0xa9, 0xf5, 0xfd, 0xec, 0xad, 0xb7, 0x87, 0x02, 0x5f, 0x0d, 0x30, 0x4d, 0xe2, 0x65, 0x87, 0xa4, 0x41, 0x45, 0x1d, 0x67, 0xe0, 0x30, 0x5c, 0x13, 0x87, 0xf6, 0x2e, 0x08, 0xc1, 0xc7, 0x12, 0x45, 0xc8, 0x9b, 0xad, 0xb8, 0xd5, 0x57, 0xbb, 0x5c, 0x48, 0x3a, 0xe1, 0x91, 0x5e, 0xf6, 0x4d, 0x8a, 0x63, 0x75, 0x69, 0x0c, 0x01,
+ /* (2^100)P */ 0x8f, 0x53, 0x2d, 0xa0, 0x71, 0x3d, 0xfc, 0x45, 0x10, 0x96, 0xcf, 0x56, 0xf9, 0xbb, 0x40, 0x3c, 0x86, 0x52, 0x76, 0xbe, 0x84, 0xf9, 0xa6, 0x9d, 0x3d, 0x27, 0xbe, 0xb4, 0x00, 0x49, 0x94, 0xf5, 0x5d, 0xe1, 0x62, 0x85, 0x66, 0xe5, 0xb8, 0x20, 0x2c, 0x09, 0x7d, 0x9d, 0x3d, 0x6e, 0x74, 0x39, 0xab, 0xad, 0xa0, 0x90, 0x97, 0x5f, 0xbb, 0xa7,
+ /* (2^101)P */ 0xdb, 0x2d, 0x99, 0x08, 0x16, 0x46, 0x83, 0x7a, 0xa8, 0xea, 0x3d, 0x28, 0x5b, 0x49, 0xfc, 0xb9, 0x6d, 0x00, 0x9e, 0x54, 0x4f, 0x47, 0x64, 0x9b, 0x58, 0x4d, 0x07, 0x0c, 0x6f, 0x29, 0x56, 0x0b, 0x00, 0x14, 0x85, 0x96, 0x41, 0x04, 0xb9, 0x5c, 0xa4, 0xf6, 0x16, 0x73, 0x6a, 0xc7, 0x62, 0x0c, 0x65, 0x2f, 0x93, 0xbf, 0xf7, 0xb9, 0xb7, 0xf1,
+ /* (2^102)P */ 0xeb, 0x6d, 0xb3, 0x46, 0x32, 0xd2, 0xcb, 0x08, 0x94, 0x14, 0xbf, 0x3f, 0xc5, 0xcb, 0x5f, 0x9f, 0x8a, 0x89, 0x0c, 0x1b, 0x45, 0xad, 0x4c, 0x50, 0xb4, 0xe1, 0xa0, 0x6b, 0x11, 0x92, 0xaf, 0x1f, 0x00, 0xcc, 0xe5, 0x13, 0x7e, 0xe4, 0x2e, 0xa0, 0x57, 0xf3, 0xa7, 0x84, 0x79, 0x7a, 0xc2, 0xb7, 0xb7, 0xfc, 0x5d, 0xa5, 0xa9, 0x64, 0xcc, 0xd8,
+ /* (2^103)P */ 0xa9, 0xc4, 0x12, 0x8b, 0x34, 0x78, 0x3e, 0x38, 0xfd, 0x3f, 0x87, 0xfa, 0x88, 0x94, 0xd5, 0xd9, 0x7f, 0xeb, 0x58, 0xff, 0xb9, 0x45, 0xdb, 0xa1, 0xed, 0x22, 0x28, 0x1d, 0x00, 0x6d, 0x79, 0x85, 0x7a, 0x75, 0x5d, 0xf0, 0xb1, 0x9e, 0x47, 0x28, 0x8c, 0x62, 0xdf, 0xfb, 0x4c, 0x7b, 0xc5, 0x1a, 0x42, 0x95, 0xef, 0x9a, 0xb7, 0x27, 0x7e, 0xda,
+ /* (2^104)P */ 0xca, 0xd5, 0xc0, 0x17, 0xa1, 0x66, 0x79, 0x9c, 0x2a, 0xb7, 0x0a, 0xfe, 0x62, 0xe4, 0x26, 0x78, 0x90, 0xa7, 0xcb, 0xb0, 0x4f, 0x6d, 0xf9, 0x8f, 0xf7, 0x7d, 0xac, 0xb8, 0x78, 0x1f, 0x41, 0xea, 0x97, 0x1e, 0x62, 0x97, 0x43, 0x80, 0x58, 0x80, 0xb6, 0x69, 0x7d, 0xee, 0x16, 0xd2, 0xa1, 0x81, 0xd7, 0xb1, 0x27, 0x03, 0x48, 0xda, 0xab, 0xec,
+ /* (2^105)P */ 0x5b, 0xed, 0x40, 0x8e, 0x8c, 0xc1, 0x66, 0x90, 0x7f, 0x0c, 0xb2, 0xfc, 0xbd, 0x16, 0xac, 0x7d, 0x4c, 0x6a, 0xf9, 0xae, 0xe7, 0x4e, 0x11, 0x12, 0xe9, 0xbe, 0x17, 0x09, 0xc6, 0xc1, 0x5e, 0xb5, 0x7b, 0x50, 0x5c, 0x27, 0xfb, 0x80, 0xab, 0x01, 0xfa, 0x5b, 0x9b, 0x75, 0x16, 0x6e, 0xb2, 0x5c, 0x8c, 0x2f, 0xa5, 0x6a, 0x1a, 0x68, 0xa6, 0x90,
+ /* (2^106)P */ 0x75, 0xfe, 0xb6, 0x96, 0x96, 0x87, 0x4c, 0x12, 0xa9, 0xd1, 0xd8, 0x03, 0xa3, 0xc1, 0x15, 0x96, 0xe8, 0xa0, 0x75, 0x82, 0xa0, 0x6d, 0xea, 0x54, 0xdc, 0x5f, 0x0d, 0x7e, 0xf6, 0x70, 0xb5, 0xdc, 0x7a, 0xf6, 0xc4, 0xd4, 0x21, 0x49, 0xf5, 0xd4, 0x14, 0x6d, 0x48, 0x1d, 0x7c, 0x99, 0x42, 0xdf, 0x78, 0x6b, 0x9d, 0xb9, 0x30, 0x3c, 0xd0, 0x29,
+ /* (2^107)P */ 0x85, 0xd6, 0xd8, 0xf3, 0x91, 0x74, 0xdd, 0xbd, 0x72, 0x96, 0x10, 0xe4, 0x76, 0x02, 0x5a, 0x72, 0x67, 0xd3, 0x17, 0x72, 0x14, 0x9a, 0x20, 0x5b, 0x0f, 0x8d, 0xed, 0x6d, 0x4e, 0xe3, 0xd9, 0x82, 0xc2, 0x99, 0xee, 0x39, 0x61, 0x69, 0x8a, 0x24, 0x01, 0x92, 0x15, 0xe7, 0xfc, 0xf9, 0x4d, 0xac, 0xf1, 0x30, 0x49, 0x01, 0x0b, 0x6e, 0x0f, 0x20,
+ /* (2^108)P */ 0xd8, 0x25, 0x94, 0x5e, 0x43, 0x29, 0xf5, 0xcc, 0xe8, 0xe3, 0x55, 0x41, 0x3c, 0x9f, 0x58, 0x5b, 0x00, 0xeb, 0xc5, 0xdf, 0xcf, 0xfb, 0xfd, 0x6e, 0x92, 0xec, 0x99, 0x30, 0xd6, 0x05, 0xdd, 0x80, 0x7a, 0x5d, 0x6d, 0x16, 0x85, 0xd8, 0x9d, 0x43, 0x65, 0xd8, 0x2c, 0x33, 0x2f, 0x5c, 0x41, 0xea, 0xb7, 0x95, 0x77, 0xf2, 0x9e, 0x59, 0x09, 0xe8,
+ /* (2^109)P */ 0x00, 0xa0, 0x03, 0x80, 0xcd, 0x60, 0xe5, 0x17, 0xd4, 0x15, 0x99, 0xdd, 0x4f, 0xbf, 0x66, 0xb8, 0xc0, 0xf5, 0xf9, 0xfc, 0x6d, 0x42, 0x18, 0x34, 0x1c, 0x7d, 0x5b, 0xb5, 0x09, 0xd0, 0x99, 0x57, 0x81, 0x0b, 0x62, 0xb3, 0xa2, 0xf9, 0x0b, 0xae, 0x95, 0xb8, 0xc2, 0x3b, 0x0d, 0x5b, 0x00, 0xf1, 0xed, 0xbc, 0x05, 0x9d, 0x61, 0xbc, 0x73, 0x9d,
+ /* (2^110)P */ 0xd4, 0xdb, 0x29, 0xe5, 0x85, 0xe9, 0xc6, 0x89, 0x2a, 0xa8, 0x54, 0xab, 0xb3, 0x7f, 0x88, 0xc0, 0x4d, 0xe0, 0xd1, 0x74, 0x6e, 0xa3, 0xa7, 0x39, 0xd5, 0xcc, 0xa1, 0x8a, 0xcb, 0x5b, 0x34, 0xad, 0x92, 0xb4, 0xd8, 0xd5, 0x17, 0xf6, 0x77, 0x18, 0x9e, 0xaf, 0x45, 0x3b, 0x03, 0xe2, 0xf8, 0x52, 0x60, 0xdc, 0x15, 0x20, 0x9e, 0xdf, 0xd8, 0x5d,
+ /* (2^111)P */ 0x02, 0xc1, 0xac, 0x1a, 0x15, 0x8e, 0x6c, 0xf5, 0x1e, 0x1e, 0xba, 0x7e, 0xc2, 0xda, 0x7d, 0x02, 0xda, 0x43, 0xae, 0x04, 0x70, 0x28, 0x54, 0x78, 0x94, 0xf5, 0x4f, 0x07, 0x84, 0x8f, 0xed, 0xaa, 0xc0, 0xb8, 0xcd, 0x7f, 0x7e, 0x33, 0xa3, 0xbe, 0x21, 0x29, 0xc8, 0x56, 0x34, 0xc0, 0x76, 0x87, 0x8f, 0xc7, 0x73, 0x58, 0x90, 0x16, 0xfc, 0xd6,
+ /* (2^112)P */ 0xb8, 0x3f, 0xe1, 0xdf, 0x3a, 0x91, 0x25, 0x0c, 0xf6, 0x47, 0xa8, 0x89, 0xc4, 0xc6, 0x61, 0xec, 0x86, 0x2c, 0xfd, 0xbe, 0xa4, 0x6f, 0xc2, 0xd4, 0x46, 0x19, 0x70, 0x5d, 0x09, 0x02, 0x86, 0xd3, 0x4b, 0xe9, 0x16, 0x7b, 0xf0, 0x0d, 0x6c, 0xff, 0x91, 0x05, 0xbf, 0x55, 0xb4, 0x00, 0x8d, 0xe5, 0x6d, 0x68, 0x20, 0x90, 0x12, 0xb5, 0x5c, 0x32,
+ /* (2^113)P */ 0x80, 0x45, 0xc8, 0x51, 0x87, 0xba, 0x1c, 0x5c, 0xcf, 0x5f, 0x4b, 0x3c, 0x9e, 0x3b, 0x36, 0xd2, 0x26, 0xa2, 0x7f, 0xab, 0xb7, 0xbf, 0xda, 0x68, 0x23, 0x8f, 0xc3, 0xa0, 0xfd, 0xad, 0xf1, 0x56, 0x3b, 0xd0, 0x75, 0x2b, 0x44, 0x61, 0xd8, 0xf4, 0xf1, 0x05, 0x49, 0x53, 0x07, 0xee, 0x47, 0xef, 0xc0, 0x7c, 0x9d, 0xe4, 0x15, 0x88, 0xc5, 0x47,
+ /* (2^114)P */ 0x2d, 0xb5, 0x09, 0x80, 0xb9, 0xd3, 0xd8, 0xfe, 0x4c, 0xd2, 0xa6, 0x6e, 0xd3, 0x75, 0xcf, 0xb0, 0x99, 0xcb, 0x50, 0x8d, 0xe9, 0x67, 0x9b, 0x20, 0xe8, 0x57, 0xd8, 0x14, 0x85, 0x73, 0x6a, 0x74, 0xe0, 0x99, 0xf0, 0x6b, 0x6e, 0x59, 0x30, 0x31, 0x33, 0x96, 0x5f, 0xa1, 0x0c, 0x1b, 0xf4, 0xca, 0x09, 0xe1, 0x9b, 0xb5, 0xcf, 0x6d, 0x0b, 0xeb,
+ /* (2^115)P */ 0x1a, 0xde, 0x50, 0xa9, 0xac, 0x3e, 0x10, 0x43, 0x4f, 0x82, 0x4f, 0xc0, 0xfe, 0x3f, 0x33, 0xd2, 0x64, 0x86, 0x50, 0xa9, 0x51, 0x76, 0x5e, 0x50, 0x97, 0x6c, 0x73, 0x8d, 0x77, 0xa3, 0x75, 0x03, 0xbc, 0xc9, 0xfb, 0x50, 0xd9, 0x6d, 0x16, 0xad, 0x5d, 0x32, 0x3d, 0xac, 0x44, 0xdf, 0x51, 0xf7, 0x19, 0xd4, 0x0b, 0x57, 0x78, 0x0b, 0x81, 0x4e,
+ /* (2^116)P */ 0x32, 0x24, 0xf1, 0x6c, 0x55, 0x62, 0x1d, 0xb3, 0x1f, 0xda, 0xfa, 0x6a, 0x8f, 0x98, 0x01, 0x16, 0xde, 0x44, 0x50, 0x0d, 0x2e, 0x6c, 0x0b, 0xa2, 0xd3, 0x74, 0x0e, 0xa9, 0xbf, 0x8d, 0xa9, 0xc8, 0xc8, 0x2f, 0x62, 0xc1, 0x35, 0x5e, 0xfd, 0x3a, 0xb3, 0x83, 0x2d, 0xee, 0x4e, 0xfd, 0x5c, 0x5e, 0xad, 0x85, 0xa5, 0x10, 0xb5, 0x4f, 0x34, 0xa7,
+ /* (2^117)P */ 0xd1, 0x58, 0x6f, 0xe6, 0x54, 0x2c, 0xc2, 0xcd, 0xcf, 0x83, 0xdc, 0x88, 0x0c, 0xb9, 0xb4, 0x62, 0x18, 0x89, 0x65, 0x28, 0xe9, 0x72, 0x4b, 0x65, 0xcf, 0xd6, 0x90, 0x88, 0xd7, 0x76, 0x17, 0x4f, 0x74, 0x64, 0x1e, 0xcb, 0xd3, 0xf5, 0x4b, 0xaa, 0x2e, 0x4d, 0x2d, 0x7c, 0x13, 0x1f, 0xfd, 0xd9, 0x60, 0x83, 0x7e, 0xda, 0x64, 0x1c, 0xdc, 0x9f,
+ /* (2^118)P */ 0xad, 0xef, 0xac, 0x1b, 0xc1, 0x30, 0x5a, 0x15, 0xc9, 0x1f, 0xac, 0xf1, 0xca, 0x44, 0x95, 0x95, 0xea, 0xf2, 0x22, 0xe7, 0x8d, 0x25, 0xf0, 0xff, 0xd8, 0x71, 0xf7, 0xf8, 0x8f, 0x8f, 0xcd, 0xf4, 0x1e, 0xfe, 0x6c, 0x68, 0x04, 0xb8, 0x78, 0xa1, 0x5f, 0xa6, 0x5d, 0x5e, 0xf9, 0x8d, 0xea, 0x80, 0xcb, 0xf3, 0x17, 0xa6, 0x03, 0xc9, 0x38, 0xd5,
+ /* (2^119)P */ 0x79, 0x14, 0x31, 0xc3, 0x38, 0xe5, 0xaa, 0xbf, 0x17, 0xa3, 0x04, 0x4e, 0x80, 0x59, 0x9c, 0x9f, 0x19, 0x39, 0xe4, 0x2d, 0x23, 0x54, 0x4a, 0x7f, 0x3e, 0xf3, 0xd9, 0xc7, 0xba, 0x6c, 0x8f, 0x6b, 0xfa, 0x34, 0xb5, 0x23, 0x17, 0x1d, 0xff, 0x1d, 0xea, 0x1f, 0xd7, 0xba, 0x61, 0xb2, 0xe0, 0x38, 0x6a, 0xe9, 0xcf, 0x48, 0x5d, 0x6a, 0x10, 0x9c,
+ /* (2^120)P */ 0xc8, 0xbb, 0x13, 0x1c, 0x3f, 0x3c, 0x34, 0xfd, 0xac, 0x37, 0x52, 0x44, 0x25, 0xa8, 0xde, 0x1d, 0x63, 0xf4, 0x81, 0x9a, 0xbe, 0x0b, 0x74, 0x2e, 0xc8, 0x51, 0x16, 0xd3, 0xac, 0x4a, 0xaf, 0xe2, 0x5f, 0x3a, 0x89, 0x32, 0xd1, 0x9b, 0x7c, 0x90, 0x0d, 0xac, 0xdc, 0x8b, 0x73, 0x45, 0x45, 0x97, 0xb1, 0x90, 0x2c, 0x1b, 0x31, 0xca, 0xb1, 0x94,
+ /* (2^121)P */ 0x07, 0x28, 0xdd, 0x10, 0x14, 0xa5, 0x95, 0x7e, 0xf3, 0xe4, 0xd4, 0x14, 0xb4, 0x7e, 0x76, 0xdb, 0x42, 0xd6, 0x94, 0x3e, 0xeb, 0x44, 0x64, 0x88, 0x0d, 0xec, 0xc1, 0x21, 0xf0, 0x79, 0xe0, 0x83, 0x67, 0x55, 0x53, 0xc2, 0xf6, 0xc5, 0xc5, 0x89, 0x39, 0xe8, 0x42, 0xd0, 0x17, 0xbd, 0xff, 0x35, 0x59, 0x0e, 0xc3, 0x06, 0x86, 0xd4, 0x64, 0xcf,
+ /* (2^122)P */ 0x91, 0xa8, 0xdb, 0x57, 0x9b, 0xe2, 0x96, 0x31, 0x10, 0x6e, 0xd7, 0x9a, 0x97, 0xb3, 0xab, 0xb5, 0x15, 0x66, 0xbe, 0xcc, 0x6d, 0x9a, 0xac, 0x06, 0xb3, 0x0d, 0xaa, 0x4b, 0x9c, 0x96, 0x79, 0x6c, 0x34, 0xee, 0x9e, 0x53, 0x4d, 0x6e, 0xbd, 0x88, 0x02, 0xbf, 0x50, 0x54, 0x12, 0x5d, 0x01, 0x02, 0x46, 0xc6, 0x74, 0x02, 0x8c, 0x24, 0xae, 0xb1,
+ /* (2^123)P */ 0xf5, 0x22, 0xea, 0xac, 0x7d, 0x9c, 0x33, 0x8a, 0xa5, 0x36, 0x79, 0x6a, 0x4f, 0xa4, 0xdc, 0xa5, 0x73, 0x64, 0xc4, 0x6f, 0x43, 0x02, 0x3b, 0x94, 0x66, 0xd2, 0x4b, 0x4f, 0xf6, 0x45, 0x33, 0x5d, 0x10, 0x33, 0x18, 0x1e, 0xa3, 0xfc, 0xf7, 0xd2, 0xb8, 0xc8, 0xa7, 0xe0, 0x76, 0x8a, 0xcd, 0xff, 0x4f, 0x99, 0x34, 0x47, 0x84, 0x91, 0x96, 0x9f,
+ /* (2^124)P */ 0x8a, 0x48, 0x3b, 0x48, 0x4a, 0xbc, 0xac, 0xe2, 0x80, 0xd6, 0xd2, 0x35, 0xde, 0xd0, 0x56, 0x42, 0x33, 0xb3, 0x56, 0x5a, 0xcd, 0xb8, 0x3d, 0xb5, 0x25, 0xc1, 0xed, 0xff, 0x87, 0x0b, 0x79, 0xff, 0xf2, 0x62, 0xe1, 0x76, 0xc6, 0xa2, 0x0f, 0xa8, 0x9b, 0x0d, 0xcc, 0x3f, 0x3d, 0x35, 0x27, 0x8d, 0x0b, 0x74, 0xb0, 0xc3, 0x78, 0x8c, 0xcc, 0xc8,
+ /* (2^125)P */ 0xfc, 0x9a, 0x0c, 0xa8, 0x49, 0x42, 0xb8, 0xdf, 0xcf, 0xb3, 0x19, 0xa6, 0x64, 0x57, 0xfe, 0xe8, 0xf8, 0xa6, 0x4b, 0x86, 0xa1, 0xd5, 0x83, 0x7f, 0x14, 0x99, 0x18, 0x0c, 0x7d, 0x5b, 0xf7, 0x3d, 0xf9, 0x4b, 0x79, 0xb1, 0x86, 0x30, 0xb4, 0x5e, 0x6a, 0xe8, 0x9d, 0xfa, 0x8a, 0x41, 0xc4, 0x30, 0xfc, 0x56, 0x74, 0x14, 0x42, 0xc8, 0x96, 0x0e,
+ /* (2^126)P */ 0xdf, 0x66, 0xec, 0xbc, 0x44, 0xdb, 0x19, 0xce, 0xd4, 0xb5, 0x49, 0x40, 0x07, 0x49, 0xe0, 0x3a, 0x61, 0x10, 0xfb, 0x7d, 0xba, 0xb1, 0xe0, 0x28, 0x5b, 0x99, 0x59, 0x96, 0xa2, 0xee, 0xe0, 0x23, 0x37, 0x39, 0x1f, 0xe6, 0x57, 0x9f, 0xf8, 0xf8, 0xdc, 0x74, 0xf6, 0x8f, 0x4f, 0x5e, 0x51, 0xa4, 0x12, 0xac, 0xbe, 0xe4, 0xf3, 0xd1, 0xf0, 0x24,
+ /* (2^127)P */ 0x1e, 0x3e, 0x9a, 0x5f, 0xdf, 0x9f, 0xd6, 0x4e, 0x8a, 0x28, 0xc3, 0xcd, 0x96, 0x9d, 0x57, 0xc7, 0x61, 0x81, 0x90, 0xff, 0xae, 0xb1, 0x4f, 0xc2, 0x96, 0x8b, 0x1a, 0x18, 0xf4, 0x50, 0xcb, 0x31, 0xe1, 0x57, 0xf4, 0x90, 0xa8, 0xea, 0xac, 0xe7, 0x61, 0x98, 0xb6, 0x15, 0xc1, 0x7b, 0x29, 0xa4, 0xc3, 0x18, 0xef, 0xb9, 0xd8, 0xdf, 0xf6, 0xac,
+ /* (2^128)P */ 0xca, 0xa8, 0x6c, 0xf1, 0xb4, 0xca, 0xfe, 0x31, 0xee, 0x48, 0x38, 0x8b, 0x0e, 0xbb, 0x7a, 0x30, 0xaa, 0xf9, 0xee, 0x27, 0x53, 0x24, 0xdc, 0x2e, 0x15, 0xa6, 0x48, 0x8f, 0xa0, 0x7e, 0xf1, 0xdc, 0x93, 0x87, 0x39, 0xeb, 0x7f, 0x38, 0x92, 0x92, 0x4c, 0x29, 0xe9, 0x57, 0xd8, 0x59, 0xfc, 0xe9, 0x9c, 0x44, 0xc0, 0x65, 0xcf, 0xac, 0x4b, 0xdc,
+ /* (2^129)P */ 0xa3, 0xd0, 0x37, 0x8f, 0x86, 0x2f, 0xc6, 0x47, 0x55, 0x46, 0x65, 0x26, 0x4b, 0x91, 0xe2, 0x18, 0x5c, 0x4f, 0x23, 0xc1, 0x37, 0x29, 0xb9, 0xc1, 0x27, 0xc5, 0x3c, 0xbf, 0x7e, 0x23, 0xdb, 0x73, 0x99, 0xbd, 0x1b, 0xb2, 0x31, 0x68, 0x3a, 0xad, 0xb7, 0xb0, 0x10, 0xc5, 0xe5, 0x11, 0x51, 0xba, 0xa7, 0x60, 0x66, 0x54, 0xf0, 0x08, 0xd7, 0x69,
+ /* (2^130)P */ 0x89, 0x41, 0x79, 0xcc, 0xeb, 0x0a, 0xf5, 0x4b, 0xa3, 0x4c, 0xce, 0x52, 0xb0, 0xa7, 0xe4, 0x41, 0x75, 0x7d, 0x04, 0xbb, 0x09, 0x4c, 0x50, 0x9f, 0xdf, 0xea, 0x74, 0x61, 0x02, 0xad, 0xb4, 0x9d, 0xb7, 0x05, 0xb9, 0xea, 0xeb, 0x91, 0x35, 0xe7, 0x49, 0xea, 0xd3, 0x4f, 0x3c, 0x60, 0x21, 0x7a, 0xde, 0xc7, 0xe2, 0x5a, 0xee, 0x8e, 0x93, 0xc7,
+ /* (2^131)P */ 0x00, 0xe8, 0xed, 0xd0, 0xb3, 0x0d, 0xaf, 0xb2, 0xde, 0x2c, 0xf6, 0x00, 0xe2, 0xea, 0x6d, 0xf8, 0x0e, 0xd9, 0x67, 0x59, 0xa9, 0x50, 0xbb, 0x17, 0x8f, 0xff, 0xb1, 0x9f, 0x17, 0xb6, 0xf2, 0xb5, 0xba, 0x80, 0xf7, 0x0f, 0xba, 0xd5, 0x09, 0x43, 0xaa, 0x4e, 0x3a, 0x67, 0x6a, 0x89, 0x9b, 0x18, 0x65, 0x35, 0xf8, 0x3a, 0x49, 0x91, 0x30, 0x51,
+ /* (2^132)P */ 0x8d, 0x25, 0xe9, 0x0e, 0x7d, 0x50, 0x76, 0xe4, 0x58, 0x7e, 0xb9, 0x33, 0xe6, 0x65, 0x90, 0xc2, 0x50, 0x9d, 0x50, 0x2e, 0x11, 0xad, 0xd5, 0x43, 0x52, 0x32, 0x41, 0x4f, 0x7b, 0xb6, 0xa0, 0xec, 0x81, 0x75, 0x36, 0x7c, 0x77, 0x85, 0x59, 0x70, 0xe4, 0xf9, 0xef, 0x66, 0x8d, 0x35, 0xc8, 0x2a, 0x6e, 0x5b, 0xc6, 0x0d, 0x0b, 0x29, 0x60, 0x68,
+ /* (2^133)P */ 0xf8, 0xce, 0xb0, 0x3a, 0x56, 0x7d, 0x51, 0x9a, 0x25, 0x73, 0xea, 0xdd, 0xe4, 0xe0, 0x0e, 0xf0, 0x07, 0xc0, 0x31, 0x00, 0x73, 0x35, 0xd0, 0x39, 0xc4, 0x9b, 0xb7, 0x95, 0xe0, 0x62, 0x70, 0x36, 0x0b, 0xcb, 0xa0, 0x42, 0xde, 0x51, 0xcf, 0x41, 0xe0, 0xb8, 0xb4, 0xc0, 0xe5, 0x46, 0x99, 0x9f, 0x02, 0x7f, 0x14, 0x8c, 0xc1, 0x4e, 0xef, 0xe8,
+ /* (2^134)P */ 0x10, 0x01, 0x57, 0x0a, 0xbe, 0x8b, 0x18, 0xc8, 0xca, 0x00, 0x28, 0x77, 0x4a, 0x9a, 0xc7, 0x55, 0x2a, 0xcc, 0x0c, 0x7b, 0xb9, 0xe9, 0xc8, 0x97, 0x7c, 0x02, 0xe3, 0x09, 0x2f, 0x62, 0x30, 0xb8, 0x40, 0x09, 0x65, 0xe9, 0x55, 0x63, 0xb5, 0x07, 0xca, 0x9f, 0x00, 0xdf, 0x9d, 0x5c, 0xc7, 0xee, 0x57, 0xa5, 0x90, 0x15, 0x1e, 0x22, 0xa0, 0x12,
+ /* (2^135)P */ 0x71, 0x2d, 0xc9, 0xef, 0x27, 0xb9, 0xd8, 0x12, 0x43, 0x6b, 0xa8, 0xce, 0x3b, 0x6d, 0x6e, 0x91, 0x43, 0x23, 0xbc, 0x32, 0xb3, 0xbf, 0xe1, 0xc7, 0x39, 0xcf, 0x7c, 0x42, 0x4c, 0xb1, 0x30, 0xe2, 0xdd, 0x69, 0x06, 0xe5, 0xea, 0xf0, 0x2a, 0x16, 0x50, 0x71, 0xca, 0x92, 0xdf, 0xc1, 0xcc, 0xec, 0xe6, 0x54, 0x07, 0xf3, 0x18, 0x8d, 0xd8, 0x29,
+ /* (2^136)P */ 0x98, 0x51, 0x48, 0x8f, 0xfa, 0x2e, 0x5e, 0x67, 0xb0, 0xc6, 0x17, 0x12, 0xb6, 0x7d, 0xc9, 0xad, 0x81, 0x11, 0xad, 0x0c, 0x1c, 0x2d, 0x45, 0xdf, 0xac, 0x66, 0xbd, 0x08, 0x6f, 0x7c, 0xc7, 0x06, 0x6e, 0x19, 0x08, 0x39, 0x64, 0xd7, 0xe4, 0xd1, 0x11, 0x5f, 0x1c, 0xf4, 0x67, 0xc3, 0x88, 0x6a, 0xe6, 0x07, 0xa3, 0x83, 0xd7, 0xfd, 0x2a, 0xf9,
+ /* (2^137)P */ 0x87, 0xed, 0xeb, 0xd9, 0xdf, 0xff, 0x43, 0x8b, 0xaa, 0x20, 0x58, 0xb0, 0xb4, 0x6b, 0x14, 0xb8, 0x02, 0xc5, 0x40, 0x20, 0x22, 0xbb, 0xf7, 0xb4, 0xf3, 0x05, 0x1e, 0x4d, 0x94, 0xff, 0xe3, 0xc5, 0x22, 0x82, 0xfe, 0xaf, 0x90, 0x42, 0x98, 0x6b, 0x76, 0x8b, 0x3e, 0x89, 0x3f, 0x42, 0x2a, 0xa7, 0x26, 0x00, 0xda, 0x5c, 0xa2, 0x2b, 0xec, 0xdd,
+ /* (2^138)P */ 0x5c, 0x21, 0x16, 0x0d, 0x46, 0xb8, 0xd0, 0xa7, 0x88, 0xe7, 0x25, 0xcb, 0x3e, 0x50, 0x73, 0x61, 0xe7, 0xaf, 0x5a, 0x3f, 0x47, 0x8b, 0x3d, 0x97, 0x79, 0x2c, 0xe6, 0x6d, 0x95, 0x74, 0x65, 0x70, 0x36, 0xfd, 0xd1, 0x9e, 0x13, 0x18, 0x63, 0xb1, 0x2d, 0x0b, 0xb5, 0x36, 0x3e, 0xe7, 0x35, 0x42, 0x3b, 0xe6, 0x1f, 0x4d, 0x9d, 0x59, 0xa2, 0x43,
+ /* (2^139)P */ 0x8c, 0x0c, 0x7c, 0x24, 0x9e, 0xe0, 0xf8, 0x05, 0x1c, 0x9e, 0x1f, 0x31, 0xc0, 0x70, 0xb3, 0xfb, 0x4e, 0xf8, 0x0a, 0x57, 0xb7, 0x49, 0xb5, 0x73, 0xa1, 0x5f, 0x9b, 0x6a, 0x07, 0x6c, 0x87, 0x71, 0x87, 0xd4, 0xbe, 0x98, 0x1e, 0x98, 0xee, 0x52, 0xc1, 0x7b, 0x95, 0x0f, 0x28, 0x32, 0x36, 0x28, 0xd0, 0x3a, 0x0f, 0x7d, 0x2a, 0xa9, 0x62, 0xb9,
+ /* (2^140)P */ 0x97, 0xe6, 0x18, 0x77, 0xf9, 0x34, 0xac, 0xbc, 0xe0, 0x62, 0x9f, 0x42, 0xde, 0xbd, 0x2f, 0xf7, 0x1f, 0xb7, 0x14, 0x52, 0x8a, 0x79, 0xb2, 0x3f, 0xd2, 0x95, 0x71, 0x01, 0xe8, 0xaf, 0x8c, 0xa4, 0xa4, 0xa7, 0x27, 0xf3, 0x5c, 0xdf, 0x3e, 0x57, 0x7a, 0xf1, 0x76, 0x49, 0xe6, 0x42, 0x3f, 0x8f, 0x1e, 0x63, 0x4a, 0x65, 0xb5, 0x41, 0xf5, 0x02,
+ /* (2^141)P */ 0x72, 0x85, 0xc5, 0x0b, 0xe1, 0x47, 0x64, 0x02, 0xc5, 0x4d, 0x81, 0x69, 0xb2, 0xcf, 0x0f, 0x6c, 0xd4, 0x6d, 0xd0, 0xc7, 0xb4, 0x1c, 0xd0, 0x32, 0x59, 0x89, 0xe2, 0xe0, 0x96, 0x8b, 0x12, 0x98, 0xbf, 0x63, 0x7a, 0x4c, 0x76, 0x7e, 0x58, 0x17, 0x8f, 0x5b, 0x0a, 0x59, 0x65, 0x75, 0xbc, 0x61, 0x1f, 0xbe, 0xc5, 0x6e, 0x0a, 0x57, 0x52, 0x70,
+ /* (2^142)P */ 0x92, 0x1c, 0x77, 0xbb, 0x62, 0x02, 0x6c, 0x25, 0x9c, 0x66, 0x07, 0x83, 0xab, 0xcc, 0x80, 0x5d, 0xd2, 0x76, 0x0c, 0xa4, 0xc5, 0xb4, 0x8a, 0x68, 0x23, 0x31, 0x32, 0x29, 0x8a, 0x47, 0x92, 0x12, 0x80, 0xb3, 0xfa, 0x18, 0xe4, 0x8d, 0xc0, 0x4d, 0xfe, 0x97, 0x5f, 0x72, 0x41, 0xb5, 0x5c, 0x7a, 0xbd, 0xf0, 0xcf, 0x5e, 0x97, 0xaa, 0x64, 0x32,
+ /* (2^143)P */ 0x35, 0x3f, 0x75, 0xc1, 0x7a, 0x75, 0x7e, 0xa9, 0xc6, 0x0b, 0x4e, 0x32, 0x62, 0xec, 0xe3, 0x5c, 0xfb, 0x01, 0x43, 0xb6, 0xd4, 0x5b, 0x75, 0xd2, 0xee, 0x7f, 0x5d, 0x23, 0x2b, 0xb3, 0x54, 0x34, 0x4c, 0xd3, 0xb4, 0x32, 0x84, 0x81, 0xb5, 0x09, 0x76, 0x19, 0xda, 0x58, 0xda, 0x7c, 0xdb, 0x2e, 0xdd, 0x4c, 0x8e, 0xdd, 0x5d, 0x89, 0x10, 0x10,
+ /* (2^144)P */ 0x57, 0x25, 0x6a, 0x08, 0x37, 0x92, 0xa8, 0xdf, 0x24, 0xef, 0x8f, 0x33, 0x34, 0x52, 0xa4, 0x4c, 0xf0, 0x77, 0x9f, 0x69, 0x77, 0xd5, 0x8f, 0xd2, 0x9a, 0xb3, 0xb6, 0x1d, 0x2d, 0xa6, 0xf7, 0x1f, 0xda, 0xd7, 0xcb, 0x75, 0x11, 0xc3, 0x6b, 0xc0, 0x38, 0xb1, 0xd5, 0x2d, 0x96, 0x84, 0x16, 0xfa, 0x26, 0xb9, 0xcc, 0x3f, 0x16, 0x47, 0x23, 0x74,
+ /* (2^145)P */ 0x9b, 0x61, 0x2a, 0x1c, 0xdd, 0x39, 0xa5, 0xfa, 0x1c, 0x7d, 0x63, 0x50, 0xca, 0xe6, 0x9d, 0xfa, 0xb7, 0xc4, 0x4c, 0x6a, 0x97, 0x5f, 0x36, 0x4e, 0x47, 0xdd, 0x17, 0xf7, 0xf9, 0x19, 0xce, 0x75, 0x17, 0xad, 0xce, 0x2a, 0xf3, 0xfe, 0x27, 0x8f, 0x3e, 0x48, 0xc0, 0x60, 0x87, 0x24, 0x19, 0xae, 0x59, 0xe4, 0x5a, 0x00, 0x2a, 0xba, 0xa2, 0x1f,
+ /* (2^146)P */ 0x26, 0x88, 0x42, 0x60, 0x9f, 0x6e, 0x2c, 0x7c, 0x39, 0x0f, 0x47, 0x6a, 0x0e, 0x02, 0xbb, 0x4b, 0x34, 0x29, 0x55, 0x18, 0x36, 0xcf, 0x3b, 0x47, 0xf1, 0x2e, 0xfc, 0x6e, 0x94, 0xff, 0xe8, 0x6b, 0x06, 0xd2, 0xba, 0x77, 0x5e, 0x60, 0xd7, 0x19, 0xef, 0x02, 0x9d, 0x3a, 0xc2, 0xb7, 0xa9, 0xd8, 0x57, 0xee, 0x7e, 0x2b, 0xf2, 0x6d, 0x28, 0xda,
+ /* (2^147)P */ 0xdf, 0xd9, 0x92, 0x11, 0x98, 0x23, 0xe2, 0x45, 0x2f, 0x74, 0x70, 0xee, 0x0e, 0x55, 0x65, 0x79, 0x86, 0x38, 0x17, 0x92, 0x85, 0x87, 0x99, 0x50, 0xd9, 0x7c, 0xdb, 0xa1, 0x10, 0xec, 0x30, 0xb7, 0x40, 0xa3, 0x23, 0x9b, 0x0e, 0x27, 0x49, 0x29, 0x03, 0x94, 0xff, 0x53, 0xdc, 0xd7, 0xed, 0x49, 0xa9, 0x5a, 0x3b, 0xee, 0xd7, 0xc7, 0x65, 0xaf,
+ /* (2^148)P */ 0xa0, 0xbd, 0xbe, 0x03, 0xee, 0x0c, 0xbe, 0x32, 0x00, 0x7b, 0x52, 0xcb, 0x92, 0x29, 0xbf, 0xa0, 0xc6, 0xd9, 0xd2, 0xd6, 0x15, 0xe8, 0x3a, 0x75, 0x61, 0x65, 0x56, 0xae, 0xad, 0x3c, 0x2a, 0x64, 0x14, 0x3f, 0x8e, 0xc1, 0x2d, 0x0c, 0x8d, 0x20, 0xdb, 0x58, 0x4b, 0xe5, 0x40, 0x15, 0x4b, 0xdc, 0xa8, 0xbd, 0xef, 0x08, 0xa7, 0xd1, 0xf4, 0xb0,
+ /* (2^149)P */ 0xa9, 0x0f, 0x05, 0x94, 0x66, 0xac, 0x1f, 0x65, 0x3f, 0xe1, 0xb8, 0xe1, 0x34, 0x5e, 0x1d, 0x8f, 0xe3, 0x93, 0x03, 0x15, 0xff, 0xb6, 0x65, 0xb6, 0x6e, 0xc0, 0x2f, 0xd4, 0x2e, 0xb9, 0x2c, 0x13, 0x3c, 0x99, 0x1c, 0xb5, 0x87, 0xba, 0x79, 0xcb, 0xf0, 0x18, 0x06, 0x86, 0x04, 0x14, 0x25, 0x09, 0xcd, 0x1c, 0x14, 0xda, 0x35, 0xd0, 0x38, 0x3b,
+ /* (2^150)P */ 0x1b, 0x04, 0xa3, 0x27, 0xb4, 0xd3, 0x37, 0x48, 0x1e, 0x8f, 0x69, 0xd3, 0x5a, 0x2f, 0x20, 0x02, 0x36, 0xbe, 0x06, 0x7b, 0x6b, 0x6c, 0x12, 0x5b, 0x80, 0x74, 0x44, 0xe6, 0xf8, 0xf5, 0x95, 0x59, 0x29, 0xab, 0x51, 0x47, 0x83, 0x28, 0xe0, 0xad, 0xde, 0xaa, 0xd3, 0xb1, 0x1a, 0xcb, 0xa3, 0xcd, 0x8b, 0x6a, 0xb1, 0xa7, 0x0a, 0xd1, 0xf9, 0xbe,
+ /* (2^151)P */ 0xce, 0x2f, 0x85, 0xca, 0x74, 0x6d, 0x49, 0xb8, 0xce, 0x80, 0x44, 0xe0, 0xda, 0x5b, 0xcf, 0x2f, 0x79, 0x74, 0xfe, 0xb4, 0x2c, 0x99, 0x20, 0x6e, 0x09, 0x04, 0xfb, 0x6d, 0x57, 0x5b, 0x95, 0x0c, 0x45, 0xda, 0x4f, 0x7f, 0x63, 0xcc, 0x85, 0x5a, 0x67, 0x50, 0x68, 0x71, 0xb4, 0x67, 0xb1, 0x2e, 0xc1, 0x1c, 0xdc, 0xff, 0x2a, 0x7c, 0x10, 0x5e,
+ /* (2^152)P */ 0xa6, 0xde, 0xf3, 0xd4, 0x22, 0x30, 0x24, 0x9e, 0x0b, 0x30, 0x54, 0x59, 0x7e, 0xa2, 0xeb, 0x89, 0x54, 0x65, 0x3e, 0x40, 0xd1, 0xde, 0xe6, 0xee, 0x4d, 0xbf, 0x5e, 0x40, 0x1d, 0xee, 0x4f, 0x68, 0xd9, 0xa7, 0x2f, 0xb3, 0x64, 0xb3, 0xf5, 0xc8, 0xd3, 0xaa, 0x70, 0x70, 0x3d, 0xef, 0xd3, 0x95, 0x54, 0xdb, 0x3e, 0x94, 0x95, 0x92, 0x1f, 0x45,
+ /* (2^153)P */ 0x22, 0x80, 0x1d, 0x9d, 0x96, 0xa5, 0x78, 0x6f, 0xe0, 0x1e, 0x1b, 0x66, 0x42, 0xc8, 0xae, 0x9e, 0x46, 0x45, 0x08, 0x41, 0xdf, 0x80, 0xae, 0x6f, 0xdb, 0x15, 0x5a, 0x21, 0x31, 0x7a, 0xd0, 0xf2, 0x54, 0x15, 0x88, 0xd3, 0x0f, 0x7f, 0x14, 0x5a, 0x14, 0x97, 0xab, 0xf4, 0x58, 0x6a, 0x9f, 0xea, 0x74, 0xe5, 0x6b, 0x90, 0x59, 0x2b, 0x48, 0xd9,
+ /* (2^154)P */ 0x12, 0x24, 0x04, 0xf5, 0x50, 0xc2, 0x8c, 0xb0, 0x7c, 0x46, 0x98, 0xd5, 0x24, 0xad, 0xf6, 0x72, 0xdc, 0x82, 0x1a, 0x60, 0xc1, 0xeb, 0x48, 0xef, 0x7f, 0x6e, 0xe6, 0xcc, 0xdb, 0x7b, 0xae, 0xbe, 0x5e, 0x1e, 0x5c, 0xe6, 0x0a, 0x70, 0xdf, 0xa4, 0xa3, 0x85, 0x1b, 0x1b, 0x7f, 0x72, 0xb9, 0x96, 0x6f, 0xdc, 0x03, 0x76, 0x66, 0xfb, 0xa0, 0x33,
+ /* (2^155)P */ 0x37, 0x40, 0xbb, 0xbc, 0x68, 0x58, 0x86, 0xca, 0xbb, 0xa5, 0x24, 0x76, 0x3d, 0x48, 0xd1, 0xad, 0xb4, 0xa8, 0xcf, 0xc3, 0xb6, 0xa8, 0xba, 0x1a, 0x3a, 0xbe, 0x33, 0x75, 0x04, 0x5c, 0x13, 0x8c, 0x0d, 0x70, 0x8d, 0xa6, 0x4e, 0x2a, 0xeb, 0x17, 0x3c, 0x22, 0xdd, 0x3e, 0x96, 0x40, 0x11, 0x9e, 0x4e, 0xae, 0x3d, 0xf8, 0x91, 0xd7, 0x50, 0xc8,
+ /* (2^156)P */ 0xd8, 0xca, 0xde, 0x19, 0xcf, 0x00, 0xe4, 0x73, 0x18, 0x7f, 0x9b, 0x9f, 0xf4, 0x5b, 0x49, 0x49, 0x99, 0xdc, 0xa4, 0x46, 0x21, 0xb5, 0xd7, 0x3e, 0xb7, 0x47, 0x1b, 0xa9, 0x9f, 0x4c, 0x69, 0x7d, 0xec, 0x33, 0xd6, 0x1c, 0x51, 0x7f, 0x47, 0x74, 0x7a, 0x6c, 0xf3, 0xd2, 0x2e, 0xbf, 0xdf, 0x6c, 0x9e, 0x77, 0x3b, 0x34, 0xf6, 0x73, 0x80, 0xed,
+ /* (2^157)P */ 0x16, 0xfb, 0x16, 0xc3, 0xc2, 0x83, 0xe4, 0xf4, 0x03, 0x7f, 0x52, 0xb0, 0x67, 0x51, 0x7b, 0x24, 0x5a, 0x51, 0xd3, 0xb6, 0x4e, 0x59, 0x76, 0xcd, 0x08, 0x7b, 0x1d, 0x7a, 0x9c, 0x65, 0xae, 0xce, 0xaa, 0xd2, 0x1c, 0x85, 0x66, 0x68, 0x06, 0x15, 0xa8, 0x06, 0xe6, 0x16, 0x37, 0xf4, 0x49, 0x9e, 0x0f, 0x50, 0x37, 0xb1, 0xb2, 0x93, 0x70, 0x43,
+ /* (2^158)P */ 0x18, 0x3a, 0x16, 0xe5, 0x8d, 0xc8, 0x35, 0xd6, 0x7b, 0x09, 0xec, 0x61, 0x5f, 0x5c, 0x2a, 0x19, 0x96, 0x2e, 0xc3, 0xfd, 0xab, 0xe6, 0x23, 0xae, 0xab, 0xc5, 0xcb, 0xb9, 0x7b, 0x2d, 0x34, 0x51, 0xb9, 0x41, 0x9e, 0x7d, 0xca, 0xda, 0x25, 0x45, 0x14, 0xb0, 0xc7, 0x4d, 0x26, 0x2b, 0xfe, 0x43, 0xb0, 0x21, 0x5e, 0xfa, 0xdc, 0x7c, 0xf9, 0x5a,
+ /* (2^159)P */ 0x94, 0xad, 0x42, 0x17, 0xf5, 0xcd, 0x1c, 0x0d, 0xf6, 0x41, 0xd2, 0x55, 0xbb, 0x50, 0xf1, 0xc6, 0xbc, 0xa6, 0xc5, 0x3a, 0xfd, 0x9b, 0x75, 0x3e, 0xf6, 0x1a, 0xa7, 0xb2, 0x6e, 0x64, 0x12, 0xdc, 0x3c, 0xe5, 0xf6, 0xfc, 0x3b, 0xfa, 0x43, 0x81, 0xd4, 0xa5, 0xee, 0xf5, 0x9c, 0x47, 0x2f, 0xd0, 0x9c, 0xde, 0xa1, 0x48, 0x91, 0x9a, 0x34, 0xc1,
+ /* (2^160)P */ 0x37, 0x1b, 0xb3, 0x88, 0xc9, 0x98, 0x4e, 0xfb, 0x84, 0x4f, 0x2b, 0x0a, 0xb6, 0x8f, 0x35, 0x15, 0xcd, 0x61, 0x7a, 0x5f, 0x5c, 0xa0, 0xca, 0x23, 0xa0, 0x93, 0x1f, 0xcc, 0x3c, 0x39, 0x3a, 0x24, 0xa7, 0x49, 0xad, 0x8d, 0x59, 0xcc, 0x94, 0x5a, 0x16, 0xf5, 0x70, 0xe8, 0x52, 0x1e, 0xee, 0x20, 0x30, 0x17, 0x7e, 0xf0, 0x4c, 0x93, 0x06, 0x5a,
+ /* (2^161)P */ 0x81, 0xba, 0x3b, 0xd7, 0x3e, 0xb4, 0x32, 0x3a, 0x22, 0x39, 0x2a, 0xfc, 0x19, 0xd9, 0xd2, 0xf6, 0xc5, 0x79, 0x6c, 0x0e, 0xde, 0xda, 0x01, 0xff, 0x52, 0xfb, 0xb6, 0x95, 0x4e, 0x7a, 0x10, 0xb8, 0x06, 0x86, 0x3c, 0xcd, 0x56, 0xd6, 0x15, 0xbf, 0x6e, 0x3e, 0x4f, 0x35, 0x5e, 0xca, 0xbc, 0xa5, 0x95, 0xa2, 0xdf, 0x2d, 0x1d, 0xaf, 0x59, 0xf9,
+ /* (2^162)P */ 0x69, 0xe5, 0xe2, 0xfa, 0xc9, 0x7f, 0xdd, 0x09, 0xf5, 0x6b, 0x4e, 0x2e, 0xbe, 0xb4, 0xbf, 0x3e, 0xb2, 0xf2, 0x81, 0x30, 0xe1, 0x07, 0xa8, 0x0d, 0x2b, 0xd2, 0x5a, 0x55, 0xbe, 0x4b, 0x86, 0x5d, 0xb0, 0x5e, 0x7c, 0x8f, 0xc1, 0x3c, 0x81, 0x4c, 0xf7, 0x6d, 0x7d, 0xe6, 0x4f, 0x8a, 0x85, 0xc2, 0x2f, 0x28, 0xef, 0x8c, 0x69, 0xc2, 0xc2, 0x1a,
+ /* (2^163)P */ 0xd9, 0xe4, 0x0e, 0x1e, 0xc2, 0xf7, 0x2f, 0x9f, 0xa1, 0x40, 0xfe, 0x46, 0x16, 0xaf, 0x2e, 0xd1, 0xec, 0x15, 0x9b, 0x61, 0x92, 0xce, 0xfc, 0x10, 0x43, 0x1d, 0x00, 0xf6, 0xbe, 0x20, 0x80, 0x80, 0x6f, 0x3c, 0x16, 0x94, 0x59, 0xba, 0x03, 0x53, 0x6e, 0xb6, 0xdd, 0x25, 0x7b, 0x86, 0xbf, 0x96, 0xf4, 0x2f, 0xa1, 0x96, 0x8d, 0xf9, 0xb3, 0x29,
+ /* (2^164)P */ 0x3b, 0x04, 0x60, 0x6e, 0xce, 0xab, 0xd2, 0x63, 0x18, 0x53, 0x88, 0x16, 0x4a, 0x6a, 0xab, 0x72, 0x03, 0x68, 0xa5, 0xd4, 0x0d, 0xb2, 0x82, 0x81, 0x1f, 0x2b, 0x5c, 0x75, 0xe8, 0xd2, 0x1d, 0x7f, 0xe7, 0x1b, 0x35, 0x02, 0xde, 0xec, 0xbd, 0xcb, 0xc7, 0x01, 0xd3, 0x95, 0x61, 0xfe, 0xb2, 0x7a, 0x66, 0x09, 0x4c, 0x6d, 0xfd, 0x39, 0xf7, 0x52,
+ /* (2^165)P */ 0x42, 0xc1, 0x5f, 0xf8, 0x35, 0x52, 0xc1, 0xfe, 0xc5, 0x11, 0x80, 0x1c, 0x11, 0x46, 0x31, 0x11, 0xbe, 0xd0, 0xc4, 0xb6, 0x07, 0x13, 0x38, 0xa0, 0x8d, 0x65, 0xf0, 0x56, 0x9e, 0x16, 0xbf, 0x9d, 0xcd, 0x51, 0x34, 0xf9, 0x08, 0x48, 0x7b, 0x76, 0x0c, 0x7b, 0x30, 0x07, 0xa8, 0x76, 0xaf, 0xa3, 0x29, 0x38, 0xb0, 0x58, 0xde, 0x72, 0x4b, 0x45,
+ /* (2^166)P */ 0xd4, 0x16, 0xa7, 0xc0, 0xb4, 0x9f, 0xdf, 0x1a, 0x37, 0xc8, 0x35, 0xed, 0xc5, 0x85, 0x74, 0x64, 0x09, 0x22, 0xef, 0xe9, 0x0c, 0xaf, 0x12, 0x4c, 0x9e, 0xf8, 0x47, 0x56, 0xe0, 0x7f, 0x4e, 0x24, 0x6b, 0x0c, 0xe7, 0xad, 0xc6, 0x47, 0x1d, 0xa4, 0x0d, 0x86, 0x89, 0x65, 0xe8, 0x5f, 0x71, 0xc7, 0xe9, 0xcd, 0xec, 0x6c, 0x62, 0xc7, 0xe3, 0xb3,
+ /* (2^167)P */ 0xb5, 0xea, 0x86, 0xe3, 0x15, 0x18, 0x3f, 0x6d, 0x7b, 0x05, 0x95, 0x15, 0x53, 0x26, 0x1c, 0xeb, 0xbe, 0x7e, 0x16, 0x42, 0x4b, 0xa2, 0x3d, 0xdd, 0x0e, 0xff, 0xba, 0x67, 0xb5, 0xae, 0x7a, 0x17, 0xde, 0x23, 0xad, 0x14, 0xcc, 0xd7, 0xaf, 0x57, 0x01, 0xe0, 0xdd, 0x48, 0xdd, 0xd7, 0xe3, 0xdf, 0xe9, 0x2d, 0xda, 0x67, 0xa4, 0x9f, 0x29, 0x04,
+ /* (2^168)P */ 0x16, 0x53, 0xe6, 0x9c, 0x4e, 0xe5, 0x1e, 0x70, 0x81, 0x25, 0x02, 0x9b, 0x47, 0x6d, 0xd2, 0x08, 0x73, 0xbe, 0x0a, 0xf1, 0x7b, 0xeb, 0x24, 0xeb, 0x38, 0x23, 0x5c, 0xb6, 0x3e, 0xce, 0x1e, 0xe3, 0xbc, 0x82, 0x35, 0x1f, 0xaf, 0x3a, 0x3a, 0xe5, 0x4e, 0xc1, 0xca, 0xbf, 0x47, 0xb4, 0xbb, 0xbc, 0x5f, 0xea, 0xc6, 0xca, 0xf3, 0xa0, 0xa2, 0x73,
+ /* (2^169)P */ 0xef, 0xa4, 0x7a, 0x4e, 0xe4, 0xc7, 0xb6, 0x43, 0x2e, 0xa5, 0xe4, 0xa5, 0xba, 0x1e, 0xa5, 0xfe, 0x9e, 0xce, 0xa9, 0x80, 0x04, 0xcb, 0x4f, 0xd8, 0x74, 0x05, 0x48, 0xfa, 0x99, 0x11, 0x5d, 0x97, 0x3b, 0x07, 0x0d, 0xdd, 0xe6, 0xb1, 0x74, 0x87, 0x1a, 0xd3, 0x26, 0xb7, 0x8f, 0xe1, 0x63, 0x3d, 0xec, 0x53, 0x93, 0xb0, 0x81, 0x78, 0x34, 0xa4,
+ /* (2^170)P */ 0xe1, 0xe7, 0xd4, 0x58, 0x9d, 0x0e, 0x8b, 0x65, 0x66, 0x37, 0x16, 0x48, 0x6f, 0xaa, 0x42, 0x37, 0x77, 0xad, 0xb1, 0x56, 0x48, 0xdf, 0x65, 0x36, 0x30, 0xb8, 0x00, 0x12, 0xd8, 0x32, 0x28, 0x7f, 0xc1, 0x71, 0xeb, 0x93, 0x0f, 0x48, 0x04, 0xe1, 0x5a, 0x6a, 0x96, 0xc1, 0xca, 0x89, 0x6d, 0x1b, 0x82, 0x4c, 0x18, 0x6d, 0x55, 0x4b, 0xea, 0xfd,
+ /* (2^171)P */ 0x62, 0x1a, 0x53, 0xb4, 0xb1, 0xbe, 0x6f, 0x15, 0x18, 0x88, 0xd4, 0x66, 0x61, 0xc7, 0x12, 0x69, 0x02, 0xbd, 0x03, 0x23, 0x2b, 0xef, 0xf9, 0x54, 0xa4, 0x85, 0xa8, 0xe3, 0xb7, 0xbd, 0xa9, 0xa3, 0xf3, 0x2a, 0xdd, 0xf1, 0xd4, 0x03, 0x0f, 0xa9, 0xa1, 0xd8, 0xa3, 0xcd, 0xb2, 0x71, 0x90, 0x4b, 0x35, 0x62, 0xf2, 0x2f, 0xce, 0x67, 0x1f, 0xaa,
+ /* (2^172)P */ 0x9e, 0x1e, 0xcd, 0x43, 0x7e, 0x87, 0x37, 0x94, 0x3a, 0x97, 0x4c, 0x7e, 0xee, 0xc9, 0x37, 0x85, 0xf1, 0xd9, 0x4f, 0xbf, 0xf9, 0x6f, 0x39, 0x9a, 0x39, 0x87, 0x2e, 0x25, 0x84, 0x42, 0xc3, 0x80, 0xcb, 0x07, 0x22, 0xae, 0x30, 0xd5, 0x50, 0xa1, 0x23, 0xcc, 0x31, 0x81, 0x9d, 0xf1, 0x30, 0xd9, 0x2b, 0x73, 0x41, 0x16, 0x50, 0xab, 0x2d, 0xa2,
+ /* (2^173)P */ 0xa4, 0x69, 0x4f, 0xa1, 0x4e, 0xb9, 0xbf, 0x14, 0xe8, 0x2b, 0x04, 0x93, 0xb7, 0x6e, 0x9f, 0x7d, 0x73, 0x0a, 0xc5, 0x14, 0xb8, 0xde, 0x8c, 0xc1, 0xfe, 0xc0, 0xa7, 0xa4, 0xcc, 0x42, 0x42, 0x81, 0x15, 0x65, 0x8a, 0x80, 0xb9, 0xde, 0x1f, 0x60, 0x33, 0x0e, 0xcb, 0xfc, 0xe0, 0xdb, 0x83, 0xa1, 0xe5, 0xd0, 0x16, 0x86, 0x2c, 0xe2, 0x87, 0xed,
+ /* (2^174)P */ 0x7a, 0xc0, 0xeb, 0x6b, 0xf6, 0x0d, 0x4c, 0x6d, 0x1e, 0xdb, 0xab, 0xe7, 0x19, 0x45, 0xc6, 0xe3, 0xb2, 0x06, 0xbb, 0xbc, 0x70, 0x99, 0x83, 0x33, 0xeb, 0x28, 0xc8, 0x77, 0xf6, 0x4d, 0x01, 0xb7, 0x59, 0xa0, 0xd2, 0xb3, 0x2a, 0x72, 0x30, 0xe7, 0x11, 0x39, 0xb6, 0x41, 0x29, 0x65, 0x5a, 0x14, 0xb9, 0x86, 0x08, 0xe0, 0x7d, 0x32, 0x8c, 0xf0,
+ /* (2^175)P */ 0x5c, 0x11, 0x30, 0x9e, 0x05, 0x27, 0xf5, 0x45, 0x0f, 0xb3, 0xc9, 0x75, 0xc3, 0xd7, 0xe1, 0x82, 0x3b, 0x8e, 0x87, 0x23, 0x00, 0x15, 0x19, 0x07, 0xd9, 0x21, 0x53, 0xc7, 0xf1, 0xa3, 0xbf, 0x70, 0x64, 0x15, 0x18, 0xca, 0x23, 0x9e, 0xd3, 0x08, 0xc3, 0x2a, 0x8b, 0xe5, 0x83, 0x04, 0x89, 0x14, 0xfd, 0x28, 0x25, 0x1c, 0xe3, 0x26, 0xa7, 0x22,
+ /* (2^176)P */ 0xdc, 0xd4, 0x75, 0x60, 0x99, 0x94, 0xea, 0x09, 0x8e, 0x8a, 0x3c, 0x1b, 0xf9, 0xbd, 0x33, 0x0d, 0x51, 0x3d, 0x12, 0x6f, 0x4e, 0x72, 0xe0, 0x17, 0x20, 0xe9, 0x75, 0xe6, 0x3a, 0xb2, 0x13, 0x83, 0x4e, 0x7a, 0x08, 0x9e, 0xd1, 0x04, 0x5f, 0x6b, 0x42, 0x0b, 0x76, 0x2a, 0x2d, 0x77, 0x53, 0x6c, 0x65, 0x6d, 0x8e, 0x25, 0x3c, 0xb6, 0x8b, 0x69,
+ /* (2^177)P */ 0xb9, 0x49, 0x28, 0xd0, 0xdc, 0x6c, 0x8f, 0x4c, 0xc9, 0x14, 0x8a, 0x38, 0xa3, 0xcb, 0xc4, 0x9d, 0x53, 0xcf, 0xe9, 0xe3, 0xcf, 0xe0, 0xb1, 0xf2, 0x1b, 0x4c, 0x7f, 0x83, 0x2a, 0x7a, 0xe9, 0x8b, 0x3b, 0x86, 0x61, 0x30, 0xe9, 0x99, 0xbd, 0xba, 0x19, 0x6e, 0x65, 0x2a, 0x12, 0x3e, 0x9c, 0xa8, 0xaf, 0xc3, 0xcf, 0xf8, 0x1f, 0x77, 0x86, 0xea,
+ /* (2^178)P */ 0x30, 0xde, 0xe7, 0xff, 0x54, 0xf7, 0xa2, 0x59, 0xf6, 0x0b, 0xfb, 0x7a, 0xf2, 0x39, 0xf0, 0xdb, 0x39, 0xbc, 0xf0, 0xfa, 0x60, 0xeb, 0x6b, 0x4f, 0x47, 0x17, 0xc8, 0x00, 0x65, 0x6d, 0x25, 0x1c, 0xd0, 0x48, 0x56, 0x53, 0x45, 0x11, 0x30, 0x02, 0x49, 0x20, 0x27, 0xac, 0xf2, 0x4c, 0xac, 0x64, 0x3d, 0x52, 0xb8, 0x89, 0xe0, 0x93, 0x16, 0x0f,
+ /* (2^179)P */ 0x84, 0x09, 0xba, 0x40, 0xb2, 0x2f, 0xa3, 0xa8, 0xc2, 0xba, 0x46, 0x33, 0x05, 0x9d, 0x62, 0xad, 0xa1, 0x3c, 0x33, 0xef, 0x0d, 0xeb, 0xf0, 0x77, 0x11, 0x5a, 0xb0, 0x21, 0x9c, 0xdf, 0x55, 0x24, 0x25, 0x35, 0x51, 0x61, 0x92, 0xf0, 0xb1, 0xce, 0xf5, 0xd4, 0x7b, 0x6c, 0x21, 0x9d, 0x56, 0x52, 0xf8, 0xa1, 0x4c, 0xe9, 0x27, 0x55, 0xac, 0x91,
+ /* (2^180)P */ 0x03, 0x3e, 0x30, 0xd2, 0x0a, 0xfa, 0x7d, 0x82, 0x3d, 0x1f, 0x8b, 0xcb, 0xb6, 0x04, 0x5c, 0xcc, 0x8b, 0xda, 0xe2, 0x68, 0x74, 0x08, 0x8c, 0x44, 0x83, 0x57, 0x6d, 0x6f, 0x80, 0xb0, 0x7e, 0xa9, 0x82, 0x91, 0x7b, 0x4c, 0x37, 0x97, 0xd1, 0x63, 0xd1, 0xbd, 0x45, 0xe6, 0x8a, 0x86, 0xd6, 0x89, 0x54, 0xfd, 0xd2, 0xb1, 0xd7, 0x54, 0xad, 0xaf,
+ /* (2^181)P */ 0x8b, 0x33, 0x62, 0x49, 0x9f, 0x63, 0xf9, 0x87, 0x42, 0x58, 0xbf, 0xb3, 0xe6, 0x68, 0x02, 0x60, 0x5c, 0x76, 0x62, 0xf7, 0x61, 0xd7, 0x36, 0x31, 0xf7, 0x9c, 0xb5, 0xe5, 0x13, 0x6c, 0xea, 0x78, 0xae, 0xcf, 0xde, 0xbf, 0xb6, 0xeb, 0x4f, 0xc8, 0x2a, 0xb4, 0x9a, 0x9f, 0xf3, 0xd1, 0x6a, 0xec, 0x0c, 0xbd, 0x85, 0x98, 0x40, 0x06, 0x1c, 0x2a,
+ /* (2^182)P */ 0x74, 0x3b, 0xe7, 0x81, 0xd5, 0xae, 0x54, 0x56, 0x03, 0xe8, 0x97, 0x16, 0x76, 0xcf, 0x24, 0x96, 0x96, 0x5b, 0xcc, 0x09, 0xab, 0x23, 0x6f, 0x54, 0xae, 0x8f, 0xe4, 0x12, 0xcb, 0xfd, 0xbc, 0xac, 0x93, 0x45, 0x3d, 0x68, 0x08, 0x22, 0x59, 0xc6, 0xf0, 0x47, 0x19, 0x8c, 0x79, 0x93, 0x1e, 0x0e, 0x30, 0xb0, 0x94, 0xfb, 0x17, 0x1d, 0x5a, 0x12,
+ /* (2^183)P */ 0x85, 0xff, 0x40, 0x18, 0x85, 0xff, 0x44, 0x37, 0x69, 0x23, 0x4d, 0x34, 0xe1, 0xeb, 0xa3, 0x1b, 0x55, 0x40, 0xc1, 0x64, 0xf4, 0xd4, 0x13, 0x0a, 0x9f, 0xb9, 0x19, 0xfc, 0x88, 0x7d, 0xc0, 0x72, 0xcf, 0x69, 0x2f, 0xd2, 0x0c, 0x82, 0x0f, 0xda, 0x08, 0xba, 0x0f, 0xaa, 0x3b, 0xe9, 0xe5, 0x83, 0x7a, 0x06, 0xe8, 0x1b, 0x38, 0x43, 0xc3, 0x54,
+ /* (2^184)P */ 0x14, 0xaa, 0xb3, 0x6e, 0xe6, 0x28, 0xee, 0xc5, 0x22, 0x6c, 0x7c, 0xf9, 0xa8, 0x71, 0xcc, 0xfe, 0x68, 0x7e, 0xd3, 0xb8, 0x37, 0x96, 0xca, 0x0b, 0xd9, 0xb6, 0x06, 0xa9, 0xf6, 0x71, 0xe8, 0x31, 0xf7, 0xd8, 0xf1, 0x5d, 0xab, 0xb9, 0xf0, 0x5c, 0x98, 0xcf, 0x22, 0xa2, 0x2a, 0xf6, 0xd0, 0x59, 0xf0, 0x9d, 0xd9, 0x6a, 0x4f, 0x59, 0x57, 0xad,
+ /* (2^185)P */ 0xd7, 0x2b, 0x3d, 0x38, 0x4c, 0x2e, 0x23, 0x4d, 0x49, 0xa2, 0x62, 0x62, 0xf9, 0x0f, 0xde, 0x08, 0xf3, 0x86, 0x71, 0xb6, 0xc7, 0xf9, 0x85, 0x9c, 0x33, 0xa1, 0xcf, 0x16, 0xaa, 0x60, 0xb9, 0xb7, 0xea, 0xed, 0x01, 0x1c, 0x59, 0xdb, 0x3f, 0x3f, 0x97, 0x2e, 0xf0, 0x09, 0x9f, 0x10, 0x85, 0x5f, 0x53, 0x39, 0xf3, 0x13, 0x40, 0x56, 0x95, 0xf9,
+ /* (2^186)P */ 0xb4, 0xe3, 0xda, 0xc6, 0x1f, 0x78, 0x8e, 0xac, 0xd4, 0x20, 0x1d, 0xa0, 0xbf, 0x4c, 0x09, 0x16, 0xa7, 0x30, 0xb5, 0x8d, 0x9e, 0xa1, 0x5f, 0x6d, 0x52, 0xf4, 0x71, 0xb6, 0x32, 0x2d, 0x21, 0x51, 0xc6, 0xfc, 0x2f, 0x08, 0xf4, 0x13, 0x6c, 0x55, 0xba, 0x72, 0x81, 0x24, 0x49, 0x0e, 0x4f, 0x06, 0x36, 0x39, 0x6a, 0xc5, 0x81, 0xfc, 0xeb, 0xb2,
+ /* (2^187)P */ 0x7d, 0x8d, 0xc8, 0x6c, 0xea, 0xb4, 0xb9, 0xe8, 0x40, 0xc9, 0x69, 0xc9, 0x30, 0x05, 0xfd, 0x34, 0x46, 0xfd, 0x94, 0x05, 0x16, 0xf5, 0x4b, 0x13, 0x3d, 0x24, 0x1a, 0xd6, 0x64, 0x2b, 0x9c, 0xe2, 0xa5, 0xd9, 0x98, 0xe0, 0xe8, 0xf4, 0xbc, 0x2c, 0xbd, 0xa2, 0x56, 0xe3, 0x9e, 0x14, 0xdb, 0xbf, 0x05, 0xbf, 0x9a, 0x13, 0x5d, 0xf7, 0x91, 0xa3,
+ /* (2^188)P */ 0x8b, 0xcb, 0x27, 0xf3, 0x15, 0x26, 0x05, 0x40, 0x0f, 0xa6, 0x15, 0x13, 0x71, 0x95, 0xa2, 0xc6, 0x38, 0x04, 0x67, 0xf8, 0x9a, 0x83, 0x06, 0xaa, 0x25, 0x36, 0x72, 0x01, 0x6f, 0x74, 0x5f, 0xe5, 0x6e, 0x44, 0x99, 0xce, 0x13, 0xbc, 0x82, 0xc2, 0x0d, 0xa4, 0x98, 0x50, 0x38, 0xf3, 0xa2, 0xc5, 0xe5, 0x24, 0x1f, 0x6f, 0x56, 0x3e, 0x07, 0xb2,
+ /* (2^189)P */ 0xbd, 0x0f, 0x32, 0x60, 0x07, 0xb1, 0xd7, 0x0b, 0x11, 0x07, 0x57, 0x02, 0x89, 0xe8, 0x8b, 0xe8, 0x5a, 0x1f, 0xee, 0x54, 0x6b, 0xff, 0xb3, 0x04, 0x07, 0x57, 0x13, 0x0b, 0x94, 0xa8, 0x4d, 0x81, 0xe2, 0x17, 0x16, 0x45, 0xd4, 0x4b, 0xf7, 0x7e, 0x64, 0x66, 0x20, 0xe8, 0x0b, 0x26, 0xfd, 0xa9, 0x8a, 0x47, 0x52, 0x89, 0x14, 0xd0, 0xd1, 0xa1,
+ /* (2^190)P */ 0xdc, 0x03, 0xe6, 0x20, 0x44, 0x47, 0x8f, 0x04, 0x16, 0x24, 0x22, 0xc1, 0x55, 0x5c, 0xbe, 0x43, 0xc3, 0x92, 0xc5, 0x54, 0x3d, 0x5d, 0xd1, 0x05, 0x9c, 0xc6, 0x7c, 0xbf, 0x23, 0x84, 0x1a, 0xba, 0x4f, 0x1f, 0xfc, 0xa1, 0xae, 0x1a, 0x64, 0x02, 0x51, 0xf1, 0xcb, 0x7a, 0x20, 0xce, 0xb2, 0x34, 0x3c, 0xca, 0xe0, 0xe4, 0xba, 0x22, 0xd4, 0x7b,
+ /* (2^191)P */ 0xca, 0xfd, 0xca, 0xd7, 0xde, 0x61, 0xae, 0xf0, 0x79, 0x0c, 0x20, 0xab, 0xbc, 0x6f, 0x4d, 0x61, 0xf0, 0xc7, 0x9c, 0x8d, 0x4b, 0x52, 0xf3, 0xb9, 0x48, 0x63, 0x0b, 0xb6, 0xd2, 0x25, 0x9a, 0x96, 0x72, 0xc1, 0x6b, 0x0c, 0xb5, 0xfb, 0x71, 0xaa, 0xad, 0x47, 0x5b, 0xe7, 0xc0, 0x0a, 0x55, 0xb2, 0xd4, 0x16, 0x2f, 0xb1, 0x01, 0xfd, 0xce, 0x27,
+ /* (2^192)P */ 0x64, 0x11, 0x4b, 0xab, 0x57, 0x09, 0xc6, 0x49, 0x4a, 0x37, 0xc3, 0x36, 0xc4, 0x7b, 0x81, 0x1f, 0x42, 0xed, 0xbb, 0xe0, 0xa0, 0x8d, 0x51, 0xe6, 0xca, 0x8b, 0xb9, 0xcd, 0x99, 0x2d, 0x91, 0x53, 0xa9, 0x47, 0xcb, 0x32, 0xc7, 0xa4, 0x92, 0xec, 0x46, 0x74, 0x44, 0x6d, 0x71, 0x9f, 0x6d, 0x0c, 0x69, 0xa4, 0xf8, 0xbe, 0x9f, 0x7f, 0xa0, 0xd7,
+ /* (2^193)P */ 0x5f, 0x33, 0xb6, 0x91, 0xc8, 0xa5, 0x3f, 0x5d, 0x7f, 0x38, 0x6e, 0x74, 0x20, 0x4a, 0xd6, 0x2b, 0x98, 0x2a, 0x41, 0x4b, 0x83, 0x64, 0x0b, 0x92, 0x7a, 0x06, 0x1e, 0xc6, 0x2c, 0xf6, 0xe4, 0x91, 0xe5, 0xb1, 0x2e, 0x6e, 0x4e, 0xa8, 0xc8, 0x14, 0x32, 0x57, 0x44, 0x1c, 0xe4, 0xb9, 0x7f, 0x54, 0x51, 0x08, 0x81, 0xaa, 0x4e, 0xce, 0xa1, 0x5d,
+ /* (2^194)P */ 0x5c, 0xd5, 0x9b, 0x5e, 0x7c, 0xb5, 0xb1, 0x52, 0x73, 0x00, 0x41, 0x56, 0x79, 0x08, 0x7e, 0x07, 0x28, 0x06, 0xa6, 0xfb, 0x7f, 0x69, 0xbd, 0x7a, 0x3c, 0xae, 0x9f, 0x39, 0xbb, 0x54, 0xa2, 0x79, 0xb9, 0x0e, 0x7f, 0xbb, 0xe0, 0xe6, 0xb7, 0x27, 0x64, 0x38, 0x45, 0xdb, 0x84, 0xe4, 0x61, 0x72, 0x3f, 0xe2, 0x24, 0xfe, 0x7a, 0x31, 0x9a, 0xc9,
+ /* (2^195)P */ 0xa1, 0xd2, 0xa4, 0xee, 0x24, 0x96, 0xe5, 0x5b, 0x79, 0x78, 0x3c, 0x7b, 0x82, 0x3b, 0x8b, 0x58, 0x0b, 0xa3, 0x63, 0x2d, 0xbc, 0x75, 0x46, 0xe8, 0x83, 0x1a, 0xc0, 0x2a, 0x92, 0x61, 0xa8, 0x75, 0x37, 0x3c, 0xbf, 0x0f, 0xef, 0x8f, 0x6c, 0x97, 0x75, 0x10, 0x05, 0x7a, 0xde, 0x23, 0xe8, 0x2a, 0x35, 0xeb, 0x41, 0x64, 0x7d, 0xcf, 0xe0, 0x52,
+ /* (2^196)P */ 0x4a, 0xd0, 0x49, 0x93, 0xae, 0xf3, 0x24, 0x8c, 0xe1, 0x09, 0x98, 0x45, 0xd8, 0xb9, 0xfe, 0x8e, 0x8c, 0xa8, 0x2c, 0xc9, 0x9f, 0xce, 0x01, 0xdc, 0x38, 0x11, 0xab, 0x85, 0xb9, 0xe8, 0x00, 0x51, 0xfd, 0x82, 0xe1, 0x9b, 0x4e, 0xfc, 0xb5, 0x2a, 0x0f, 0x8b, 0xda, 0x4e, 0x02, 0xca, 0xcc, 0xe3, 0x91, 0xc4, 0xe0, 0xcf, 0x7b, 0xd6, 0xe6, 0x6a,
+ /* (2^197)P */ 0xfe, 0x11, 0xd7, 0xaa, 0xe3, 0x0c, 0x52, 0x2e, 0x04, 0xe0, 0xe0, 0x61, 0xc8, 0x05, 0xd7, 0x31, 0x4c, 0xc3, 0x9b, 0x2d, 0xce, 0x59, 0xbe, 0x12, 0xb7, 0x30, 0x21, 0xfc, 0x81, 0xb8, 0x5e, 0x57, 0x73, 0xd0, 0xad, 0x8e, 0x9e, 0xe4, 0xeb, 0xcd, 0xcf, 0xd2, 0x0f, 0x01, 0x35, 0x16, 0xed, 0x7a, 0x43, 0x8e, 0x42, 0xdc, 0xea, 0x4c, 0xa8, 0x7c,
+ /* (2^198)P */ 0x37, 0x26, 0xcc, 0x76, 0x0b, 0xe5, 0x76, 0xdd, 0x3e, 0x19, 0x3c, 0xc4, 0x6c, 0x7f, 0xd0, 0x03, 0xc1, 0xb8, 0x59, 0x82, 0xca, 0x36, 0xc1, 0xe4, 0xc8, 0xb2, 0x83, 0x69, 0x9c, 0xc5, 0x9d, 0x12, 0x82, 0x1c, 0xea, 0xb2, 0x84, 0x9f, 0xf3, 0x52, 0x6b, 0xbb, 0xd8, 0x81, 0x56, 0x83, 0x04, 0x66, 0x05, 0x22, 0x49, 0x37, 0x93, 0xb1, 0xfd, 0xd5,
+ /* (2^199)P */ 0xaf, 0x96, 0xbf, 0x03, 0xbe, 0xe6, 0x5d, 0x78, 0x19, 0xba, 0x37, 0x46, 0x0a, 0x2b, 0x52, 0x7c, 0xd8, 0x51, 0x9e, 0x3d, 0x29, 0x42, 0xdb, 0x0e, 0x31, 0x20, 0x94, 0xf8, 0x43, 0x9a, 0x2d, 0x22, 0xd3, 0xe3, 0xa1, 0x79, 0x68, 0xfb, 0x2d, 0x7e, 0xd6, 0x79, 0xda, 0x0b, 0xc6, 0x5b, 0x76, 0x68, 0xf0, 0xfe, 0x72, 0x59, 0xbb, 0xa1, 0x9c, 0x74,
+ /* (2^200)P */ 0x0a, 0xd9, 0xec, 0xc5, 0xbd, 0xf0, 0xda, 0xcf, 0x82, 0xab, 0x46, 0xc5, 0x32, 0x13, 0xdc, 0x5b, 0xac, 0xc3, 0x53, 0x9a, 0x7f, 0xef, 0xa5, 0x40, 0x5a, 0x1f, 0xc1, 0x12, 0x91, 0x54, 0x83, 0x6a, 0xb0, 0x9a, 0x85, 0x4d, 0xbf, 0x36, 0x8e, 0xd3, 0xa2, 0x2b, 0xe5, 0xd6, 0xc6, 0xe1, 0x58, 0x5b, 0x82, 0x9b, 0xc8, 0xf2, 0x03, 0xba, 0xf5, 0x92,
+ /* (2^201)P */ 0xfb, 0x21, 0x7e, 0xde, 0xe7, 0xb4, 0xc0, 0x56, 0x86, 0x3a, 0x5b, 0x78, 0xf8, 0xf0, 0xf4, 0xe7, 0x5c, 0x00, 0xd2, 0xd7, 0xd6, 0xf8, 0x75, 0x5e, 0x0f, 0x3e, 0xd1, 0x4b, 0x77, 0xd8, 0xad, 0xb0, 0xc9, 0x8b, 0x59, 0x7d, 0x30, 0x76, 0x64, 0x7a, 0x76, 0xd9, 0x51, 0x69, 0xfc, 0xbd, 0x8e, 0xb5, 0x55, 0xe0, 0xd2, 0x07, 0x15, 0xa9, 0xf7, 0xa4,
+ /* (2^202)P */ 0xaa, 0x2d, 0x2f, 0x2b, 0x3c, 0x15, 0xdd, 0xcd, 0xe9, 0x28, 0x82, 0x4f, 0xa2, 0xaa, 0x31, 0x48, 0xcc, 0xfa, 0x07, 0x73, 0x8a, 0x34, 0x74, 0x0d, 0xab, 0x1a, 0xca, 0xd2, 0xbf, 0x3a, 0xdb, 0x1a, 0x5f, 0x50, 0x62, 0xf4, 0x6b, 0x83, 0x38, 0x43, 0x96, 0xee, 0x6b, 0x39, 0x1e, 0xf0, 0x17, 0x80, 0x1e, 0x9b, 0xed, 0x2b, 0x2f, 0xcc, 0x65, 0xf7,
+ /* (2^203)P */ 0x03, 0xb3, 0x23, 0x9c, 0x0d, 0xd1, 0xeb, 0x7e, 0x34, 0x17, 0x8a, 0x4c, 0xde, 0x54, 0x39, 0xc4, 0x11, 0x82, 0xd3, 0xa4, 0x00, 0x32, 0x95, 0x9c, 0xa6, 0x64, 0x76, 0x6e, 0xd6, 0x53, 0x27, 0xb4, 0x6a, 0x14, 0x8c, 0x54, 0xf6, 0x58, 0x9e, 0x22, 0x4a, 0x55, 0x18, 0x77, 0xd0, 0x08, 0x6b, 0x19, 0x8a, 0xb5, 0xe7, 0x19, 0xb8, 0x60, 0x92, 0xb1,
+ /* (2^204)P */ 0x66, 0xec, 0xf3, 0x12, 0xde, 0x67, 0x7f, 0xd4, 0x5b, 0xf6, 0x70, 0x64, 0x0a, 0xb5, 0xc2, 0xf9, 0xb3, 0x64, 0xab, 0x56, 0x46, 0xc7, 0x93, 0xc2, 0x8b, 0x2d, 0xd0, 0xd6, 0x39, 0x3b, 0x1f, 0xcd, 0xb3, 0xac, 0xcc, 0x2c, 0x27, 0x6a, 0xbc, 0xb3, 0x4b, 0xa8, 0x3c, 0x69, 0x20, 0xe2, 0x18, 0x35, 0x17, 0xe1, 0x8a, 0xd3, 0x11, 0x74, 0xaa, 0x4d,
+ /* (2^205)P */ 0x96, 0xc4, 0x16, 0x7e, 0xfd, 0xf5, 0xd0, 0x7d, 0x1f, 0x32, 0x1b, 0xdb, 0xa6, 0xfd, 0x51, 0x75, 0x4d, 0xd7, 0x00, 0xe5, 0x7f, 0x58, 0x5b, 0xeb, 0x4b, 0x6a, 0x78, 0xfe, 0xe5, 0xd6, 0x8f, 0x99, 0x17, 0xca, 0x96, 0x45, 0xf7, 0x52, 0xdf, 0x84, 0x06, 0x77, 0xb9, 0x05, 0x63, 0x5d, 0xe9, 0x91, 0xb1, 0x4b, 0x82, 0x5a, 0xdb, 0xd7, 0xca, 0x69,
+ /* (2^206)P */ 0x02, 0xd3, 0x38, 0x38, 0x87, 0xea, 0xbd, 0x9f, 0x11, 0xca, 0xf3, 0x21, 0xf1, 0x9b, 0x35, 0x97, 0x98, 0xff, 0x8e, 0x6d, 0x3d, 0xd6, 0xb2, 0xfa, 0x68, 0xcb, 0x7e, 0x62, 0x85, 0xbb, 0xc7, 0x5d, 0xee, 0x32, 0x30, 0x2e, 0x71, 0x96, 0x63, 0x43, 0x98, 0xc4, 0xa7, 0xde, 0x60, 0xb2, 0xd9, 0x43, 0x4a, 0xfa, 0x97, 0x2d, 0x5f, 0x21, 0xd4, 0xfe,
+ /* (2^207)P */ 0x3b, 0x20, 0x29, 0x07, 0x07, 0xb5, 0x78, 0xc3, 0xc7, 0xab, 0x56, 0xba, 0x40, 0xde, 0x1d, 0xcf, 0xc3, 0x00, 0x56, 0x21, 0x0c, 0xc8, 0x42, 0xd9, 0x0e, 0xcd, 0x02, 0x7c, 0x07, 0xb9, 0x11, 0xd7, 0x96, 0xaf, 0xff, 0xad, 0xc5, 0xba, 0x30, 0x6d, 0x82, 0x3a, 0xbf, 0xef, 0x7b, 0xf7, 0x0a, 0x74, 0xbd, 0x31, 0x0c, 0xe4, 0xec, 0x1a, 0xe5, 0xc5,
+ /* (2^208)P */ 0xcc, 0xf2, 0x28, 0x16, 0x12, 0xbf, 0xef, 0x85, 0xbc, 0xf7, 0xcb, 0x9f, 0xdb, 0xa8, 0xb2, 0x49, 0x53, 0x48, 0xa8, 0x24, 0xa8, 0x68, 0x8d, 0xbb, 0x21, 0x0a, 0x5a, 0xbd, 0xb2, 0x91, 0x61, 0x47, 0xc4, 0x43, 0x08, 0xa6, 0x19, 0xef, 0x8e, 0x88, 0x39, 0xc6, 0x33, 0x30, 0xf3, 0x0e, 0xc5, 0x92, 0x66, 0xd6, 0xfe, 0xc5, 0x12, 0xd9, 0x4c, 0x2d,
+ /* (2^209)P */ 0x30, 0x34, 0x07, 0xbf, 0x9c, 0x5a, 0x4e, 0x65, 0xf1, 0x39, 0x35, 0x38, 0xae, 0x7b, 0x55, 0xac, 0x6a, 0x92, 0x24, 0x7e, 0x50, 0xd3, 0xba, 0x78, 0x51, 0xfe, 0x4d, 0x32, 0x05, 0x11, 0xf5, 0x52, 0xf1, 0x31, 0x45, 0x39, 0x98, 0x7b, 0x28, 0x56, 0xc3, 0x5d, 0x4f, 0x07, 0x6f, 0x84, 0xb8, 0x1a, 0x58, 0x0b, 0xc4, 0x7c, 0xc4, 0x8d, 0x32, 0x8e,
+ /* (2^210)P */ 0x7e, 0xaf, 0x98, 0xce, 0xc5, 0x2b, 0x9d, 0xf6, 0xfa, 0x2c, 0xb6, 0x2a, 0x5a, 0x1d, 0xc0, 0x24, 0x8d, 0xa4, 0xce, 0xb1, 0x12, 0x01, 0xf9, 0x79, 0xc6, 0x79, 0x38, 0x0c, 0xd4, 0x07, 0xc9, 0xf7, 0x37, 0xa1, 0x0b, 0xfe, 0x72, 0xec, 0x5d, 0xd6, 0xb0, 0x1c, 0x70, 0xbe, 0x70, 0x01, 0x13, 0xe0, 0x86, 0x95, 0xc7, 0x2e, 0x12, 0x3b, 0xe6, 0xa6,
+ /* (2^211)P */ 0x24, 0x82, 0x67, 0xe0, 0x14, 0x7b, 0x56, 0x08, 0x38, 0x44, 0xdb, 0xa0, 0x3a, 0x05, 0x47, 0xb2, 0xc0, 0xac, 0xd1, 0xcc, 0x3f, 0x82, 0xb8, 0x8a, 0x88, 0xbc, 0xf5, 0x33, 0xa1, 0x35, 0x0f, 0xf6, 0xe2, 0xef, 0x6c, 0xf7, 0x37, 0x9e, 0xe8, 0x10, 0xca, 0xb0, 0x8e, 0x80, 0x86, 0x00, 0x23, 0xd0, 0x4a, 0x76, 0x9f, 0xf7, 0x2c, 0x52, 0x15, 0x0e,
+ /* (2^212)P */ 0x5e, 0x49, 0xe1, 0x2c, 0x9a, 0x01, 0x76, 0xa6, 0xb3, 0x07, 0x5b, 0xa4, 0x07, 0xef, 0x1d, 0xc3, 0x6a, 0xbb, 0x64, 0xbe, 0x71, 0x15, 0x6e, 0x32, 0x31, 0x46, 0x9a, 0x9e, 0x8f, 0x45, 0x73, 0xce, 0x0b, 0x94, 0x1a, 0x52, 0x07, 0xf4, 0x50, 0x30, 0x49, 0x53, 0x50, 0xfb, 0x71, 0x1f, 0x5a, 0x03, 0xa9, 0x76, 0xf2, 0x8f, 0x42, 0xff, 0xed, 0xed,
+ /* (2^213)P */ 0xed, 0x08, 0xdb, 0x91, 0x1c, 0xee, 0xa2, 0xb4, 0x47, 0xa2, 0xfa, 0xcb, 0x03, 0xd1, 0xff, 0x8c, 0xad, 0x64, 0x50, 0x61, 0xcd, 0xfc, 0x88, 0xa0, 0x31, 0x95, 0x30, 0xb9, 0x58, 0xdd, 0xd7, 0x43, 0xe4, 0x46, 0xc2, 0x16, 0xd9, 0x72, 0x4a, 0x56, 0x51, 0x70, 0x85, 0xf1, 0xa1, 0x80, 0x40, 0xd5, 0xba, 0x67, 0x81, 0xda, 0xcd, 0x03, 0xea, 0x51,
+ /* (2^214)P */ 0x42, 0x50, 0xf0, 0xef, 0x37, 0x61, 0x72, 0x85, 0xe1, 0xf1, 0xff, 0x6f, 0x3d, 0xe8, 0x7b, 0x21, 0x5c, 0xe5, 0x50, 0x03, 0xde, 0x00, 0xc1, 0xf7, 0x3a, 0x55, 0x12, 0x1c, 0x9e, 0x1e, 0xce, 0xd1, 0x2f, 0xaf, 0x05, 0x70, 0x5b, 0x47, 0xf2, 0x04, 0x7a, 0x89, 0xbc, 0x78, 0xa6, 0x65, 0x6c, 0xaa, 0x3c, 0xa2, 0x3c, 0x8b, 0x5c, 0xa9, 0x22, 0x48,
+ /* (2^215)P */ 0x7e, 0x8c, 0x8f, 0x2f, 0x60, 0xe3, 0x5a, 0x94, 0xd4, 0xce, 0xdd, 0x9d, 0x83, 0x3b, 0x77, 0x78, 0x43, 0x1d, 0xfd, 0x8f, 0xc8, 0xe8, 0x02, 0x90, 0xab, 0xf6, 0xc9, 0xfc, 0xf1, 0x63, 0xaa, 0x5f, 0x42, 0xf1, 0x78, 0x34, 0x64, 0x16, 0x75, 0x9c, 0x7d, 0xd0, 0xe4, 0x74, 0x5a, 0xa8, 0xfb, 0xcb, 0xac, 0x20, 0xa3, 0xc2, 0xa6, 0x20, 0xf8, 0x1b,
+ /* (2^216)P */ 0x00, 0x4f, 0x1e, 0x56, 0xb5, 0x34, 0xb2, 0x87, 0x31, 0xe5, 0xee, 0x8d, 0xf1, 0x41, 0x67, 0xb7, 0x67, 0x3a, 0x54, 0x86, 0x5c, 0xf0, 0x0b, 0x37, 0x2f, 0x1b, 0x92, 0x5d, 0x58, 0x93, 0xdc, 0xd8, 0x58, 0xcc, 0x9e, 0x67, 0xd0, 0x97, 0x3a, 0xaf, 0x49, 0x39, 0x2d, 0x3b, 0xd8, 0x98, 0xfb, 0x76, 0x6b, 0xe7, 0xaf, 0xc3, 0x45, 0x44, 0x53, 0x94,
+ /* (2^217)P */ 0x30, 0xbd, 0x90, 0x75, 0xd3, 0xbd, 0x3b, 0x58, 0x27, 0x14, 0x9f, 0x6b, 0xd4, 0x31, 0x99, 0xcd, 0xde, 0x3a, 0x21, 0x1e, 0xb4, 0x02, 0xe4, 0x33, 0x04, 0x02, 0xb0, 0x50, 0x66, 0x68, 0x90, 0xdd, 0x7b, 0x69, 0x31, 0xd9, 0xcf, 0x68, 0x73, 0xf1, 0x60, 0xdd, 0xc8, 0x1d, 0x5d, 0xe3, 0xd6, 0x5b, 0x2a, 0xa4, 0xea, 0xc4, 0x3f, 0x08, 0xcd, 0x9c,
+ /* (2^218)P */ 0x6b, 0x1a, 0xbf, 0x55, 0xc1, 0x1b, 0x0c, 0x05, 0x09, 0xdf, 0xf5, 0x5e, 0xa3, 0x77, 0x95, 0xe9, 0xdf, 0x19, 0xdd, 0xc7, 0x94, 0xcb, 0x06, 0x73, 0xd0, 0x88, 0x02, 0x33, 0x94, 0xca, 0x7a, 0x2f, 0x8e, 0x3d, 0x72, 0x61, 0x2d, 0x4d, 0xa6, 0x61, 0x1f, 0x32, 0x5e, 0x87, 0x53, 0x36, 0x11, 0x15, 0x20, 0xb3, 0x5a, 0x57, 0x51, 0x93, 0x20, 0xd8,
+ /* (2^219)P */ 0xb7, 0x56, 0xf4, 0xab, 0x7d, 0x0c, 0xfb, 0x99, 0x1a, 0x30, 0x29, 0xb0, 0x75, 0x2a, 0xf8, 0x53, 0x71, 0x23, 0xbd, 0xa7, 0xd8, 0x0a, 0xe2, 0x27, 0x65, 0xe9, 0x74, 0x26, 0x98, 0x4a, 0x69, 0x19, 0xb2, 0x4d, 0x0a, 0x17, 0x98, 0xb2, 0xa9, 0x57, 0x4e, 0xf6, 0x86, 0xc8, 0x01, 0xa4, 0xc6, 0x98, 0xad, 0x5a, 0x90, 0x2c, 0x05, 0x46, 0x64, 0xb7,
+ /* (2^220)P */ 0x7b, 0x91, 0xdf, 0xfc, 0xf8, 0x1c, 0x8c, 0x15, 0x9e, 0xf7, 0xd5, 0xa8, 0xe8, 0xe7, 0xe3, 0xa3, 0xb0, 0x04, 0x74, 0xfa, 0x78, 0xfb, 0x26, 0xbf, 0x67, 0x42, 0xf9, 0x8c, 0x9b, 0xb4, 0x69, 0x5b, 0x02, 0x13, 0x6d, 0x09, 0x6c, 0xd6, 0x99, 0x61, 0x7b, 0x89, 0x4a, 0x67, 0x75, 0xa3, 0x98, 0x13, 0x23, 0x1d, 0x18, 0x24, 0x0e, 0xef, 0x41, 0x79,
+ /* (2^221)P */ 0x86, 0x33, 0xab, 0x08, 0xcb, 0xbf, 0x1e, 0x76, 0x3c, 0x0b, 0xbd, 0x30, 0xdb, 0xe9, 0xa3, 0x35, 0x87, 0x1b, 0xe9, 0x07, 0x00, 0x66, 0x7f, 0x3b, 0x35, 0x0c, 0x8a, 0x3f, 0x61, 0xbc, 0xe0, 0xae, 0xf6, 0xcc, 0x54, 0xe1, 0x72, 0x36, 0x2d, 0xee, 0x93, 0x24, 0xf8, 0xd7, 0xc5, 0xf9, 0xcb, 0xb0, 0xe5, 0x88, 0x0d, 0x23, 0x4b, 0x76, 0x15, 0xa2,
+ /* (2^222)P */ 0x37, 0xdb, 0x83, 0xd5, 0x6d, 0x06, 0x24, 0x37, 0x1b, 0x15, 0x85, 0x15, 0xe2, 0xc0, 0x4e, 0x02, 0xa9, 0x6d, 0x0a, 0x3a, 0x94, 0x4a, 0x6f, 0x49, 0x00, 0x01, 0x72, 0xbb, 0x60, 0x14, 0x35, 0xae, 0xb4, 0xc6, 0x01, 0x0a, 0x00, 0x9e, 0xc3, 0x58, 0xc5, 0xd1, 0x5e, 0x30, 0x73, 0x96, 0x24, 0x85, 0x9d, 0xf0, 0xf9, 0xec, 0x09, 0xd3, 0xe7, 0x70,
+ /* (2^223)P */ 0xf3, 0xbd, 0x96, 0x87, 0xe9, 0x71, 0xbd, 0xd6, 0xa2, 0x45, 0xeb, 0x0a, 0xcd, 0x2c, 0xf1, 0x72, 0xa6, 0x31, 0xa9, 0x6f, 0x09, 0xa1, 0x5e, 0xdd, 0xc8, 0x8d, 0x0d, 0xbc, 0x5a, 0x8d, 0xb1, 0x2c, 0x9a, 0xcc, 0x37, 0x74, 0xc2, 0xa9, 0x4e, 0xd6, 0xc0, 0x3c, 0xa0, 0x23, 0xb0, 0xa0, 0x77, 0x14, 0x80, 0x45, 0x71, 0x6a, 0x2d, 0x41, 0xc3, 0x82,
+ /* (2^224)P */ 0x37, 0x44, 0xec, 0x8a, 0x3e, 0xc1, 0x0c, 0xa9, 0x12, 0x9c, 0x08, 0x88, 0xcb, 0xd9, 0xf8, 0xba, 0x00, 0xd6, 0xc3, 0xdf, 0xef, 0x7a, 0x44, 0x7e, 0x25, 0x69, 0xc9, 0xc1, 0x46, 0xe5, 0x20, 0x9e, 0xcc, 0x0b, 0x05, 0x3e, 0xf4, 0x78, 0x43, 0x0c, 0xa6, 0x2f, 0xc1, 0xfa, 0x70, 0xb2, 0x3c, 0x31, 0x7a, 0x63, 0x58, 0xab, 0x17, 0xcf, 0x4c, 0x4f,
+ /* (2^225)P */ 0x2b, 0x08, 0x31, 0x59, 0x75, 0x8b, 0xec, 0x0a, 0xa9, 0x79, 0x70, 0xdd, 0xf1, 0x11, 0xc3, 0x11, 0x1f, 0xab, 0x37, 0xaa, 0x26, 0xea, 0x53, 0xc4, 0x79, 0xa7, 0x91, 0x00, 0xaa, 0x08, 0x42, 0xeb, 0x8b, 0x8b, 0xe8, 0xc3, 0x2f, 0xb8, 0x78, 0x90, 0x38, 0x0e, 0x8a, 0x42, 0x0c, 0x0f, 0xbf, 0x3e, 0xf8, 0xd8, 0x07, 0xcf, 0x6a, 0x34, 0xc9, 0xfa,
+ /* (2^226)P */ 0x11, 0xe0, 0x76, 0x4d, 0x23, 0xc5, 0xa6, 0xcc, 0x9f, 0x9a, 0x2a, 0xde, 0x3a, 0xb5, 0x92, 0x39, 0x19, 0x8a, 0xf1, 0x8d, 0xf9, 0x4d, 0xc9, 0xb4, 0x39, 0x9f, 0x57, 0xd8, 0x72, 0xab, 0x1d, 0x61, 0x6a, 0xb2, 0xff, 0x52, 0xba, 0x54, 0x0e, 0xfb, 0x83, 0x30, 0x8a, 0xf7, 0x3b, 0xf4, 0xd8, 0xae, 0x1a, 0x94, 0x3a, 0xec, 0x63, 0xfe, 0x6e, 0x7c,
+ /* (2^227)P */ 0xdc, 0x70, 0x8e, 0x55, 0x44, 0xbf, 0xd2, 0x6a, 0xa0, 0x14, 0x61, 0x89, 0xd5, 0x55, 0x45, 0x3c, 0xf6, 0x40, 0x0d, 0x83, 0x85, 0x44, 0xb4, 0x62, 0x56, 0xfe, 0x60, 0xd7, 0x07, 0x1d, 0x47, 0x30, 0x3b, 0x73, 0xa4, 0xb5, 0xb7, 0xea, 0xac, 0xda, 0xf1, 0x17, 0xaa, 0x60, 0xdf, 0xe9, 0x84, 0xda, 0x31, 0x32, 0x61, 0xbf, 0xd0, 0x7e, 0x8a, 0x02,
+ /* (2^228)P */ 0xb9, 0x51, 0xb3, 0x89, 0x21, 0x5d, 0xa2, 0xfe, 0x79, 0x2a, 0xb3, 0x2a, 0x3b, 0xe6, 0x6f, 0x2b, 0x22, 0x03, 0xea, 0x7b, 0x1f, 0xaf, 0x85, 0xc3, 0x38, 0x55, 0x5b, 0x8e, 0xb4, 0xaa, 0x77, 0xfe, 0x03, 0x6e, 0xda, 0x91, 0x24, 0x0c, 0x48, 0x39, 0x27, 0x43, 0x16, 0xd2, 0x0a, 0x0d, 0x43, 0xa3, 0x0e, 0xca, 0x45, 0xd1, 0x7f, 0xf5, 0xd3, 0x16,
+ /* (2^229)P */ 0x3d, 0x32, 0x9b, 0x38, 0xf8, 0x06, 0x93, 0x78, 0x5b, 0x50, 0x2b, 0x06, 0xd8, 0x66, 0xfe, 0xab, 0x9b, 0x58, 0xc7, 0xd1, 0x4d, 0xd5, 0xf8, 0x3b, 0x10, 0x7e, 0x85, 0xde, 0x58, 0x4e, 0xdf, 0x53, 0xd9, 0x58, 0xe0, 0x15, 0x81, 0x9f, 0x1a, 0x78, 0xfc, 0x9f, 0x10, 0xc2, 0x23, 0xd6, 0x78, 0xd1, 0x9d, 0xd2, 0xd5, 0x1c, 0x53, 0xe2, 0xc9, 0x76,
+ /* (2^230)P */ 0x98, 0x1e, 0x38, 0x7b, 0x71, 0x18, 0x4b, 0x15, 0xaf, 0xa1, 0xa6, 0x98, 0xcb, 0x26, 0xa3, 0xc8, 0x07, 0x46, 0xda, 0x3b, 0x70, 0x65, 0xec, 0x7a, 0x2b, 0x34, 0x94, 0xa8, 0xb6, 0x14, 0xf8, 0x1a, 0xce, 0xf7, 0xc8, 0x60, 0xf3, 0x88, 0xf4, 0x33, 0x60, 0x7b, 0xd1, 0x02, 0xe7, 0xda, 0x00, 0x4a, 0xea, 0xd2, 0xfd, 0x88, 0xd2, 0x99, 0x28, 0xf3,
+ /* (2^231)P */ 0x28, 0x24, 0x1d, 0x26, 0xc2, 0xeb, 0x8b, 0x3b, 0xb4, 0x6b, 0xbe, 0x6b, 0x77, 0xff, 0xf3, 0x21, 0x3b, 0x26, 0x6a, 0x8c, 0x8e, 0x2a, 0x44, 0xa8, 0x01, 0x2b, 0x71, 0xea, 0x64, 0x30, 0xfd, 0xfd, 0x95, 0xcb, 0x39, 0x38, 0x48, 0xfa, 0x96, 0x97, 0x8c, 0x2f, 0x33, 0xca, 0x03, 0xe6, 0xd7, 0x94, 0x55, 0x6c, 0xc3, 0xb3, 0xa8, 0xf7, 0xae, 0x8c,
+ /* (2^232)P */ 0xea, 0x62, 0x8a, 0xb4, 0xeb, 0x74, 0xf7, 0xb8, 0xae, 0xc5, 0x20, 0x71, 0x06, 0xd6, 0x7c, 0x62, 0x9b, 0x69, 0x74, 0xef, 0xa7, 0x6d, 0xd6, 0x8c, 0x37, 0xb9, 0xbf, 0xcf, 0xeb, 0xe4, 0x2f, 0x04, 0x02, 0x21, 0x7d, 0x75, 0x6b, 0x92, 0x48, 0xf8, 0x70, 0xad, 0x69, 0xe2, 0xea, 0x0e, 0x88, 0x67, 0x72, 0xcc, 0x2d, 0x10, 0xce, 0x2d, 0xcf, 0x65,
+ /* (2^233)P */ 0x49, 0xf3, 0x57, 0x64, 0xe5, 0x5c, 0xc5, 0x65, 0x49, 0x97, 0xc4, 0x8a, 0xcc, 0xa9, 0xca, 0x94, 0x7b, 0x86, 0x88, 0xb6, 0x51, 0x27, 0x69, 0xa5, 0x0f, 0x8b, 0x06, 0x59, 0xa0, 0x94, 0xef, 0x63, 0x1a, 0x01, 0x9e, 0x4f, 0xd2, 0x5a, 0x93, 0xc0, 0x7c, 0xe6, 0x61, 0x77, 0xb6, 0xf5, 0x40, 0xd9, 0x98, 0x43, 0x5b, 0x56, 0x68, 0xe9, 0x37, 0x8f,
+ /* (2^234)P */ 0xee, 0x87, 0xd2, 0x05, 0x1b, 0x39, 0x89, 0x10, 0x07, 0x6d, 0xe8, 0xfd, 0x8b, 0x4d, 0xb2, 0xa7, 0x7b, 0x1e, 0xa0, 0x6c, 0x0d, 0x3d, 0x3d, 0x49, 0xba, 0x61, 0x36, 0x1f, 0xc2, 0x84, 0x4a, 0xcc, 0x87, 0xa9, 0x1b, 0x23, 0x04, 0xe2, 0x3e, 0x97, 0xe1, 0xdb, 0xd5, 0x5a, 0xe8, 0x41, 0x6b, 0xe5, 0x5a, 0xa1, 0x99, 0xe5, 0x7b, 0xa7, 0xe0, 0x3b,
+ /* (2^235)P */ 0xea, 0xa3, 0x6a, 0xdd, 0x77, 0x7f, 0x77, 0x41, 0xc5, 0x6a, 0xe4, 0xaf, 0x11, 0x5f, 0x88, 0xa5, 0x10, 0xee, 0xd0, 0x8c, 0x0c, 0xb4, 0xa5, 0x2a, 0xd0, 0xd8, 0x1d, 0x47, 0x06, 0xc0, 0xd5, 0xce, 0x51, 0x54, 0x9b, 0x2b, 0xe6, 0x2f, 0xe7, 0xe7, 0x31, 0x5f, 0x5c, 0x23, 0x81, 0x3e, 0x03, 0x93, 0xaa, 0x2d, 0x71, 0x84, 0xa0, 0x89, 0x32, 0xa6,
+ /* (2^236)P */ 0x55, 0xa3, 0x13, 0x92, 0x4e, 0x93, 0x7d, 0xec, 0xca, 0x57, 0xfb, 0x37, 0xae, 0xd2, 0x18, 0x2e, 0x54, 0x05, 0x6c, 0xd1, 0x28, 0xca, 0x90, 0x40, 0x82, 0x2e, 0x79, 0xc6, 0x5a, 0xc7, 0xdd, 0x84, 0x93, 0xdf, 0x15, 0xb8, 0x1f, 0xb1, 0xf9, 0xaf, 0x2c, 0xe5, 0x32, 0xcd, 0xc2, 0x99, 0x6d, 0xac, 0x85, 0x5c, 0x63, 0xd3, 0xe2, 0xff, 0x24, 0xda,
+ /* (2^237)P */ 0x2d, 0x8d, 0xfd, 0x65, 0xcc, 0xe5, 0x02, 0xa0, 0xe5, 0xb9, 0xec, 0x59, 0x09, 0x50, 0x27, 0xb7, 0x3d, 0x2a, 0x79, 0xb2, 0x76, 0x5d, 0x64, 0x95, 0xf8, 0xc5, 0xaf, 0x8a, 0x62, 0x11, 0x5c, 0x56, 0x1c, 0x05, 0x64, 0x9e, 0x5e, 0xbd, 0x54, 0x04, 0xe6, 0x9e, 0xab, 0xe6, 0x22, 0x7e, 0x42, 0x54, 0xb5, 0xa5, 0xd0, 0x8d, 0x28, 0x6b, 0x0f, 0x0b,
+ /* (2^238)P */ 0x2d, 0xb2, 0x8c, 0x59, 0x10, 0x37, 0x84, 0x3b, 0x9b, 0x65, 0x1b, 0x0f, 0x10, 0xf9, 0xea, 0x60, 0x1b, 0x02, 0xf5, 0xee, 0x8b, 0xe6, 0x32, 0x7d, 0x10, 0x7f, 0x5f, 0x8c, 0x72, 0x09, 0x4e, 0x1f, 0x29, 0xff, 0x65, 0xcb, 0x3e, 0x3a, 0xd2, 0x96, 0x50, 0x1e, 0xea, 0x64, 0x99, 0xb5, 0x4c, 0x7a, 0x69, 0xb8, 0x95, 0xae, 0x48, 0xc0, 0x7c, 0xb1,
+ /* (2^239)P */ 0xcd, 0x7c, 0x4f, 0x3e, 0xea, 0xf3, 0x90, 0xcb, 0x12, 0x76, 0xd1, 0x17, 0xdc, 0x0d, 0x13, 0x0f, 0xfd, 0x4d, 0xb5, 0x1f, 0xe4, 0xdd, 0xf2, 0x4d, 0x58, 0xea, 0xa5, 0x66, 0x92, 0xcf, 0xe5, 0x54, 0xea, 0x9b, 0x35, 0x83, 0x1a, 0x44, 0x8e, 0x62, 0x73, 0x45, 0x98, 0xa3, 0x89, 0x95, 0x52, 0x93, 0x1a, 0x8d, 0x63, 0x0f, 0xc2, 0x57, 0x3c, 0xb1,
+ /* (2^240)P */ 0x72, 0xb4, 0xdf, 0x51, 0xb7, 0xf6, 0x52, 0xa2, 0x14, 0x56, 0xe5, 0x0a, 0x2e, 0x75, 0x81, 0x02, 0xee, 0x93, 0x48, 0x0a, 0x92, 0x4e, 0x0c, 0x0f, 0xdf, 0x09, 0x89, 0x99, 0xf6, 0xf9, 0x22, 0xa2, 0x32, 0xf8, 0xb0, 0x76, 0x0c, 0xb2, 0x4d, 0x6e, 0xbe, 0x83, 0x35, 0x61, 0x44, 0xd2, 0x58, 0xc7, 0xdd, 0x14, 0xcf, 0xc3, 0x4b, 0x7c, 0x07, 0xee,
+ /* (2^241)P */ 0x8b, 0x03, 0xee, 0xcb, 0xa7, 0x2e, 0x28, 0xbd, 0x97, 0xd1, 0x4c, 0x2b, 0xd1, 0x92, 0x67, 0x5b, 0x5a, 0x12, 0xbf, 0x29, 0x17, 0xfc, 0x50, 0x09, 0x74, 0x76, 0xa2, 0xd4, 0x82, 0xfd, 0x2c, 0x0c, 0x90, 0xf7, 0xe7, 0xe5, 0x9a, 0x2c, 0x16, 0x40, 0xb9, 0x6c, 0xd9, 0xe0, 0x22, 0x9e, 0xf8, 0xdd, 0x73, 0xe4, 0x7b, 0x9e, 0xbe, 0x4f, 0x66, 0x22,
+ /* (2^242)P */ 0xa4, 0x10, 0xbe, 0xb8, 0x83, 0x3a, 0x77, 0x8e, 0xea, 0x0a, 0xc4, 0x97, 0x3e, 0xb6, 0x6c, 0x81, 0xd7, 0x65, 0xd9, 0xf7, 0xae, 0xe6, 0xbe, 0xab, 0x59, 0x81, 0x29, 0x4b, 0xff, 0xe1, 0x0f, 0xc3, 0x2b, 0xad, 0x4b, 0xef, 0xc4, 0x50, 0x9f, 0x88, 0x31, 0xf2, 0xde, 0x80, 0xd6, 0xf4, 0x20, 0x9c, 0x77, 0x9b, 0xbe, 0xbe, 0x08, 0xf5, 0xf0, 0x95,
+ /* (2^243)P */ 0x0e, 0x7c, 0x7b, 0x7c, 0xb3, 0xd8, 0x83, 0xfc, 0x8c, 0x75, 0x51, 0x74, 0x1b, 0xe1, 0x6d, 0x11, 0x05, 0x46, 0x24, 0x0d, 0xa4, 0x2b, 0x32, 0xfd, 0x2c, 0x4e, 0x21, 0xdf, 0x39, 0x6b, 0x96, 0xfc, 0xff, 0x92, 0xfc, 0x35, 0x0d, 0x9a, 0x4b, 0xc0, 0x70, 0x46, 0x32, 0x7d, 0xc0, 0xc4, 0x04, 0xe0, 0x2d, 0x83, 0xa7, 0x00, 0xc7, 0xcb, 0xb4, 0x8f,
+ /* (2^244)P */ 0xa9, 0x5a, 0x7f, 0x0e, 0xdd, 0x2c, 0x85, 0xaa, 0x4d, 0xac, 0xde, 0xb3, 0xb6, 0xaf, 0xe6, 0xd1, 0x06, 0x7b, 0x2c, 0xa4, 0x01, 0x19, 0x22, 0x7d, 0x78, 0xf0, 0x3a, 0xea, 0x89, 0xfe, 0x21, 0x61, 0x6d, 0xb8, 0xfe, 0xa5, 0x2a, 0xab, 0x0d, 0x7b, 0x51, 0x39, 0xb6, 0xde, 0xbc, 0xf0, 0xc5, 0x48, 0xd7, 0x09, 0x82, 0x6e, 0x66, 0x75, 0xc5, 0xcd,
+ /* (2^245)P */ 0xee, 0xdf, 0x2b, 0x6c, 0xa8, 0xde, 0x61, 0xe1, 0x27, 0xfa, 0x2a, 0x0f, 0x68, 0xe7, 0x7a, 0x9b, 0x13, 0xe9, 0x56, 0xd2, 0x1c, 0x3d, 0x2f, 0x3c, 0x7a, 0xf6, 0x6f, 0x45, 0xee, 0xe8, 0xf4, 0xa0, 0xa6, 0xe8, 0xa5, 0x27, 0xee, 0xf2, 0x85, 0xa9, 0xd5, 0x0e, 0xa9, 0x26, 0x60, 0xfe, 0xee, 0xc7, 0x59, 0x99, 0x5e, 0xa3, 0xdf, 0x23, 0x36, 0xd5,
+ /* (2^246)P */ 0x15, 0x66, 0x6f, 0xd5, 0x78, 0xa4, 0x0a, 0xf7, 0xb1, 0xe8, 0x75, 0x6b, 0x48, 0x7d, 0xa6, 0x4d, 0x3d, 0x36, 0x9b, 0xc7, 0xcc, 0x68, 0x9a, 0xfe, 0x2f, 0x39, 0x2a, 0x51, 0x31, 0x39, 0x7d, 0x73, 0x6f, 0xc8, 0x74, 0x72, 0x6f, 0x6e, 0xda, 0x5f, 0xad, 0x48, 0xc8, 0x40, 0xe1, 0x06, 0x01, 0x36, 0xa1, 0x88, 0xc8, 0x99, 0x9c, 0xd1, 0x11, 0x8f,
+ /* (2^247)P */ 0xab, 0xc5, 0xcb, 0xcf, 0xbd, 0x73, 0x21, 0xd0, 0x82, 0xb1, 0x2e, 0x2d, 0xd4, 0x36, 0x1b, 0xed, 0xa9, 0x8a, 0x26, 0x79, 0xc4, 0x17, 0xae, 0xe5, 0x09, 0x0a, 0x0c, 0xa4, 0x21, 0xa0, 0x6e, 0xdd, 0x62, 0x8e, 0x44, 0x62, 0xcc, 0x50, 0xff, 0x93, 0xb3, 0x9a, 0x72, 0x8c, 0x3f, 0xa1, 0xa6, 0x4d, 0x87, 0xd5, 0x1c, 0x5a, 0xc0, 0x0b, 0x1a, 0xd6,
+ /* (2^248)P */ 0x67, 0x36, 0x6a, 0x1f, 0x96, 0xe5, 0x80, 0x20, 0xa9, 0xe8, 0x0b, 0x0e, 0x21, 0x29, 0x3f, 0xc8, 0x0a, 0x6d, 0x27, 0x47, 0xca, 0xd9, 0x05, 0x55, 0xbf, 0x11, 0xcf, 0x31, 0x7a, 0x37, 0xc7, 0x90, 0xa9, 0xf4, 0x07, 0x5e, 0xd5, 0xc3, 0x92, 0xaa, 0x95, 0xc8, 0x23, 0x2a, 0x53, 0x45, 0xe3, 0x3a, 0x24, 0xe9, 0x67, 0x97, 0x3a, 0x82, 0xf9, 0xa6,
+ /* (2^249)P */ 0x92, 0x9e, 0x6d, 0x82, 0x67, 0xe9, 0xf9, 0x17, 0x96, 0x2c, 0xa7, 0xd3, 0x89, 0xf9, 0xdb, 0xd8, 0x20, 0xc6, 0x2e, 0xec, 0x4a, 0x76, 0x64, 0xbf, 0x27, 0x40, 0xe2, 0xb4, 0xdf, 0x1f, 0xa0, 0xef, 0x07, 0x80, 0xfb, 0x8e, 0x12, 0xf8, 0xb8, 0xe1, 0xc6, 0xdf, 0x7c, 0x69, 0x35, 0x5a, 0xe1, 0x8e, 0x5d, 0x69, 0x84, 0x56, 0xb6, 0x31, 0x1c, 0x0b,
+ /* (2^250)P */ 0xd6, 0x94, 0x5c, 0xef, 0xbb, 0x46, 0x45, 0x44, 0x5b, 0xa1, 0xae, 0x03, 0x65, 0xdd, 0xb5, 0x66, 0x88, 0x35, 0x29, 0x95, 0x16, 0x54, 0xa6, 0xf5, 0xc9, 0x78, 0x34, 0xe6, 0x0f, 0xc4, 0x2b, 0x5b, 0x79, 0x51, 0x68, 0x48, 0x3a, 0x26, 0x87, 0x05, 0x70, 0xaf, 0x8b, 0xa6, 0xc7, 0x2e, 0xb3, 0xa9, 0x10, 0x01, 0xb0, 0xb9, 0x31, 0xfd, 0xdc, 0x80,
+ /* (2^251)P */ 0x25, 0xf2, 0xad, 0xd6, 0x75, 0xa3, 0x04, 0x05, 0x64, 0x8a, 0x97, 0x60, 0x27, 0x2a, 0xe5, 0x6d, 0xb0, 0x73, 0xf4, 0x07, 0x2a, 0x9d, 0xe9, 0x46, 0xb4, 0x1c, 0x51, 0xf8, 0x63, 0x98, 0x7e, 0xe5, 0x13, 0x51, 0xed, 0x98, 0x65, 0x98, 0x4f, 0x8f, 0xe7, 0x7e, 0x72, 0xd7, 0x64, 0x11, 0x2f, 0xcd, 0x12, 0xf8, 0xc4, 0x63, 0x52, 0x0f, 0x7f, 0xc4,
+ /* (2^252)P */ 0x5c, 0xd9, 0x85, 0x63, 0xc7, 0x8a, 0x65, 0x9a, 0x25, 0x83, 0x31, 0x73, 0x49, 0xf0, 0x93, 0x96, 0x70, 0x67, 0x6d, 0xb1, 0xff, 0x95, 0x54, 0xe4, 0xf8, 0x15, 0x6c, 0x5f, 0xbd, 0xf6, 0x0f, 0x38, 0x7b, 0x68, 0x7d, 0xd9, 0x3d, 0xf0, 0xa9, 0xa0, 0xe4, 0xd1, 0xb6, 0x34, 0x6d, 0x14, 0x16, 0xc2, 0x4c, 0x30, 0x0e, 0x67, 0xd3, 0xbe, 0x2e, 0xc0,
+ /* (2^253)P */ 0x06, 0x6b, 0x52, 0xc8, 0x14, 0xcd, 0xae, 0x03, 0x93, 0xea, 0xc1, 0xf2, 0xf6, 0x8b, 0xc5, 0xb6, 0xdc, 0x82, 0x42, 0x29, 0x94, 0xe0, 0x25, 0x6c, 0x3f, 0x9f, 0x5d, 0xe4, 0x96, 0xf6, 0x8e, 0x3f, 0xf9, 0x72, 0xc4, 0x77, 0x60, 0x8b, 0xa4, 0xf9, 0xa8, 0xc3, 0x0a, 0x81, 0xb1, 0x97, 0x70, 0x18, 0xab, 0xea, 0x37, 0x8a, 0x08, 0xc7, 0xe2, 0x95,
+ /* (2^254)P */ 0x94, 0x49, 0xd9, 0x5f, 0x76, 0x72, 0x82, 0xad, 0x2d, 0x50, 0x1a, 0x7a, 0x5b, 0xe6, 0x95, 0x1e, 0x95, 0x65, 0x87, 0x1c, 0x52, 0xd7, 0x44, 0xe6, 0x9b, 0x56, 0xcd, 0x6f, 0x05, 0xff, 0x67, 0xc5, 0xdb, 0xa2, 0xac, 0xe4, 0xa2, 0x28, 0x63, 0x5f, 0xfb, 0x0c, 0x3b, 0xf1, 0x87, 0xc3, 0x36, 0x78, 0x3f, 0x77, 0xfa, 0x50, 0x85, 0xf9, 0xd7, 0x82,
+ /* (2^255)P */ 0x64, 0xc0, 0xe0, 0xd8, 0x2d, 0xed, 0xcb, 0x6a, 0xfd, 0xcd, 0xbc, 0x7e, 0x9f, 0xc8, 0x85, 0xe9, 0xc1, 0x7c, 0x0f, 0xe5, 0x18, 0xea, 0xd4, 0x51, 0xad, 0x59, 0x13, 0x75, 0xd9, 0x3d, 0xd4, 0x8a, 0xb2, 0xbe, 0x78, 0x52, 0x2b, 0x52, 0x94, 0x37, 0x41, 0xd6, 0xb4, 0xb6, 0x45, 0x20, 0x76, 0xe0, 0x1f, 0x31, 0xdb, 0xb1, 0xa1, 0x43, 0xf0, 0x18,
+ /* (2^256)P */ 0x74, 0xa9, 0xa4, 0xa9, 0xdd, 0x6e, 0x3e, 0x68, 0xe5, 0xc3, 0x2e, 0x92, 0x17, 0xa4, 0xcb, 0x80, 0xb1, 0xf0, 0x06, 0x93, 0xef, 0xe6, 0x00, 0xe6, 0x3b, 0xb1, 0x32, 0x65, 0x7b, 0x83, 0xb6, 0x8a, 0x49, 0x1b, 0x14, 0x89, 0xee, 0xba, 0xf5, 0x6a, 0x8d, 0x36, 0xef, 0xb0, 0xd8, 0xb2, 0x16, 0x99, 0x17, 0x35, 0x02, 0x16, 0x55, 0x58, 0xdd, 0x82,
+ /* (2^257)P */ 0x36, 0x95, 0xe8, 0xf4, 0x36, 0x42, 0xbb, 0xc5, 0x3e, 0xfa, 0x30, 0x84, 0x9e, 0x59, 0xfd, 0xd2, 0x95, 0x42, 0xf8, 0x64, 0xd9, 0xb9, 0x0e, 0x9f, 0xfa, 0xd0, 0x7b, 0x20, 0x31, 0x77, 0x48, 0x29, 0x4d, 0xd0, 0x32, 0x57, 0x56, 0x30, 0xa6, 0x17, 0x53, 0x04, 0xbf, 0x08, 0x28, 0xec, 0xb8, 0x46, 0xc1, 0x03, 0x89, 0xdc, 0xed, 0xa0, 0x35, 0x53,
+ /* (2^258)P */ 0xc5, 0x7f, 0x9e, 0xd8, 0xc5, 0xba, 0x5f, 0x68, 0xc8, 0x23, 0x75, 0xea, 0x0d, 0xd9, 0x5a, 0xfd, 0x61, 0x1a, 0xa3, 0x2e, 0x45, 0x63, 0x14, 0x55, 0x86, 0x21, 0x29, 0xbe, 0xef, 0x5e, 0x50, 0xe5, 0x18, 0x59, 0xe7, 0xe3, 0xce, 0x4d, 0x8c, 0x15, 0x8f, 0x89, 0x66, 0x44, 0x52, 0x3d, 0xfa, 0xc7, 0x9a, 0x59, 0x90, 0x8e, 0xc0, 0x06, 0x3f, 0xc9,
+ /* (2^259)P */ 0x8e, 0x04, 0xd9, 0x16, 0x50, 0x1d, 0x8c, 0x9f, 0xd5, 0xe3, 0xce, 0xfd, 0x47, 0x04, 0x27, 0x4d, 0xc2, 0xfa, 0x71, 0xd9, 0x0b, 0xb8, 0x65, 0xf4, 0x11, 0xf3, 0x08, 0xee, 0x81, 0xc8, 0x67, 0x99, 0x0b, 0x8d, 0x77, 0xa3, 0x4f, 0xb5, 0x9b, 0xdb, 0x26, 0xf1, 0x97, 0xeb, 0x04, 0x54, 0xeb, 0x80, 0x08, 0x1d, 0x1d, 0xf6, 0x3d, 0x1f, 0x5a, 0xb8,
+ /* (2^260)P */ 0xb7, 0x9c, 0x9d, 0xee, 0xb9, 0x5c, 0xad, 0x0d, 0x9e, 0xfd, 0x60, 0x3c, 0x27, 0x4e, 0xa2, 0x95, 0xfb, 0x64, 0x7e, 0x79, 0x64, 0x87, 0x10, 0xb4, 0x73, 0xe0, 0x9d, 0x46, 0x4d, 0x3d, 0xee, 0x83, 0xe4, 0x16, 0x88, 0x97, 0xe6, 0x4d, 0xba, 0x70, 0xb6, 0x96, 0x7b, 0xff, 0x4b, 0xc8, 0xcf, 0x72, 0x83, 0x3e, 0x5b, 0x24, 0x2e, 0x57, 0xf1, 0x82,
+ /* (2^261)P */ 0x30, 0x71, 0x40, 0x51, 0x4f, 0x44, 0xbb, 0xc7, 0xf0, 0x54, 0x6e, 0x9d, 0xeb, 0x15, 0xad, 0xf8, 0x61, 0x43, 0x5a, 0xef, 0xc0, 0xb1, 0x57, 0xae, 0x03, 0x40, 0xe8, 0x68, 0x6f, 0x03, 0x20, 0x4f, 0x8a, 0x51, 0x2a, 0x9e, 0xd2, 0x45, 0xaf, 0xb4, 0xf5, 0xd4, 0x95, 0x7f, 0x3d, 0x3d, 0xb7, 0xb6, 0x28, 0xc5, 0x08, 0x8b, 0x44, 0xd6, 0x3f, 0xe7,
+ /* (2^262)P */ 0xa9, 0x52, 0x04, 0x67, 0xcb, 0x20, 0x63, 0xf8, 0x18, 0x01, 0x44, 0x21, 0x6a, 0x8a, 0x83, 0x48, 0xd4, 0xaf, 0x23, 0x0f, 0x35, 0x8d, 0xe5, 0x5a, 0xc4, 0x7c, 0x55, 0x46, 0x19, 0x5f, 0x35, 0xe0, 0x5d, 0x97, 0x4c, 0x2d, 0x04, 0xed, 0x59, 0xd4, 0xb0, 0xb2, 0xc6, 0xe3, 0x51, 0xe1, 0x38, 0xc6, 0x30, 0x49, 0x8f, 0xae, 0x61, 0x64, 0xce, 0xa8,
+ /* (2^263)P */ 0x9b, 0x64, 0x83, 0x3c, 0xd3, 0xdf, 0xb9, 0x27, 0xe7, 0x5b, 0x7f, 0xeb, 0xf3, 0x26, 0xcf, 0xb1, 0x8f, 0xaf, 0x26, 0xc8, 0x48, 0xce, 0xa1, 0xac, 0x7d, 0x10, 0x34, 0x28, 0xe1, 0x1f, 0x69, 0x03, 0x64, 0x77, 0x61, 0xdd, 0x4a, 0x9b, 0x18, 0x47, 0xf8, 0xca, 0x63, 0xc9, 0x03, 0x2d, 0x20, 0x2a, 0x69, 0x6e, 0x42, 0xd0, 0xe7, 0xaa, 0xb5, 0xf3,
+ /* (2^264)P */ 0xea, 0x31, 0x0c, 0x57, 0x0f, 0x3e, 0xe3, 0x35, 0xd8, 0x30, 0xa5, 0x6f, 0xdd, 0x95, 0x43, 0xc6, 0x66, 0x07, 0x4f, 0x34, 0xc3, 0x7e, 0x04, 0x10, 0x2d, 0xc4, 0x1c, 0x94, 0x52, 0x2e, 0x5b, 0x9a, 0x65, 0x2f, 0x91, 0xaa, 0x4f, 0x3c, 0xdc, 0x23, 0x18, 0xe1, 0x4f, 0x85, 0xcd, 0xf4, 0x8c, 0x51, 0xf7, 0xab, 0x4f, 0xdc, 0x15, 0x5c, 0x9e, 0xc5,
+ /* (2^265)P */ 0x54, 0x57, 0x23, 0x17, 0xe7, 0x82, 0x2f, 0x04, 0x7d, 0xfe, 0xe7, 0x1f, 0xa2, 0x57, 0x79, 0xe9, 0x58, 0x9b, 0xbe, 0xc6, 0x16, 0x4a, 0x17, 0x50, 0x90, 0x4a, 0x34, 0x70, 0x87, 0x37, 0x01, 0x26, 0xd8, 0xa3, 0x5f, 0x07, 0x7c, 0xd0, 0x7d, 0x05, 0x8a, 0x93, 0x51, 0x2f, 0x99, 0xea, 0xcf, 0x00, 0xd8, 0xc7, 0xe6, 0x9b, 0x8c, 0x62, 0x45, 0x87,
+ /* (2^266)P */ 0xc3, 0xfd, 0x29, 0x66, 0xe7, 0x30, 0x29, 0x77, 0xe0, 0x0d, 0x63, 0x5b, 0xe6, 0x90, 0x1a, 0x1e, 0x99, 0xc2, 0xa7, 0xab, 0xff, 0xa7, 0xbd, 0x79, 0x01, 0x97, 0xfd, 0x27, 0x1b, 0x43, 0x2b, 0xe6, 0xfe, 0x5e, 0xf1, 0xb9, 0x35, 0x38, 0x08, 0x25, 0x55, 0x90, 0x68, 0x2e, 0xc3, 0x67, 0x39, 0x9f, 0x2b, 0x2c, 0x70, 0x48, 0x8c, 0x47, 0xee, 0x56,
+ /* (2^267)P */ 0xf7, 0x32, 0x70, 0xb5, 0xe6, 0x42, 0xfd, 0x0a, 0x39, 0x9b, 0x07, 0xfe, 0x0e, 0xf4, 0x47, 0xba, 0x6a, 0x3f, 0xf5, 0x2c, 0x15, 0xf3, 0x60, 0x3f, 0xb1, 0x83, 0x7b, 0x2e, 0x34, 0x58, 0x1a, 0x6e, 0x4a, 0x49, 0x05, 0x45, 0xca, 0xdb, 0x00, 0x01, 0x0c, 0x42, 0x5e, 0x60, 0x40, 0x5f, 0xd9, 0xc7, 0x3a, 0x9e, 0x1c, 0x8d, 0xab, 0x11, 0x55, 0x65,
+ /* (2^268)P */ 0x87, 0x40, 0xb7, 0x0d, 0xaa, 0x34, 0x89, 0x90, 0x75, 0x6d, 0xa2, 0xfe, 0x3b, 0x6d, 0x5c, 0x39, 0x98, 0x10, 0x9e, 0x15, 0xc5, 0x35, 0xa2, 0x27, 0x23, 0x0a, 0x2d, 0x60, 0xe2, 0xa8, 0x7f, 0x3e, 0x77, 0x8f, 0xcc, 0x44, 0xcc, 0x30, 0x28, 0xe2, 0xf0, 0x04, 0x8c, 0xee, 0xe4, 0x5f, 0x68, 0x8c, 0xdf, 0x70, 0xbf, 0x31, 0xee, 0x2a, 0xfc, 0xce,
+ /* (2^269)P */ 0x92, 0xf2, 0xa0, 0xd9, 0x58, 0x3b, 0x7c, 0x1a, 0x99, 0x46, 0x59, 0x54, 0x60, 0x06, 0x8d, 0x5e, 0xf0, 0x22, 0xa1, 0xed, 0x92, 0x8a, 0x4d, 0x76, 0x95, 0x05, 0x0b, 0xff, 0xfc, 0x9a, 0xd1, 0xcc, 0x05, 0xb9, 0x5e, 0x99, 0xe8, 0x2a, 0x76, 0x7b, 0xfd, 0xa6, 0xe2, 0xd1, 0x1a, 0xd6, 0x76, 0x9f, 0x2f, 0x0e, 0xd1, 0xa8, 0x77, 0x5a, 0x40, 0x5a,
+ /* (2^270)P */ 0xff, 0xf9, 0x3f, 0xa9, 0xa6, 0x6c, 0x6d, 0x03, 0x8b, 0xa7, 0x10, 0x5d, 0x3f, 0xec, 0x3e, 0x1c, 0x0b, 0x6b, 0xa2, 0x6a, 0x22, 0xa9, 0x28, 0xd0, 0x66, 0xc9, 0xc2, 0x3d, 0x47, 0x20, 0x7d, 0xa6, 0x1d, 0xd8, 0x25, 0xb5, 0xf2, 0xf9, 0x70, 0x19, 0x6b, 0xf8, 0x43, 0x36, 0xc5, 0x1f, 0xe4, 0x5a, 0x4c, 0x13, 0xe4, 0x6d, 0x08, 0x0b, 0x1d, 0xb1,
+ /* (2^271)P */ 0x3f, 0x20, 0x9b, 0xfb, 0xec, 0x7d, 0x31, 0xc5, 0xfc, 0x88, 0x0b, 0x30, 0xed, 0x36, 0xc0, 0x63, 0xb1, 0x7d, 0x10, 0xda, 0xb6, 0x2e, 0xad, 0xf3, 0xec, 0x94, 0xe7, 0xec, 0xb5, 0x9c, 0xfe, 0xf5, 0x35, 0xf0, 0xa2, 0x2d, 0x7f, 0xca, 0x6b, 0x67, 0x1a, 0xf6, 0xb3, 0xda, 0x09, 0x2a, 0xaa, 0xdf, 0xb1, 0xca, 0x9b, 0xfb, 0xeb, 0xb3, 0xcd, 0xc0,
+ /* (2^272)P */ 0xcd, 0x4d, 0x89, 0x00, 0xa4, 0x3b, 0x48, 0xf0, 0x76, 0x91, 0x35, 0xa5, 0xf8, 0xc9, 0xb6, 0x46, 0xbc, 0xf6, 0x9a, 0x45, 0x47, 0x17, 0x96, 0x80, 0x5b, 0x3a, 0x28, 0x33, 0xf9, 0x5a, 0xef, 0x43, 0x07, 0xfe, 0x3b, 0xf4, 0x8e, 0x19, 0xce, 0xd2, 0x94, 0x4b, 0x6d, 0x8e, 0x67, 0x20, 0xc7, 0x4f, 0x2f, 0x59, 0x8e, 0xe1, 0xa1, 0xa9, 0xf9, 0x0e,
+ /* (2^273)P */ 0xdc, 0x7b, 0xb5, 0x50, 0x2e, 0xe9, 0x7e, 0x8b, 0x78, 0xa1, 0x38, 0x96, 0x22, 0xc3, 0x61, 0x67, 0x6d, 0xc8, 0x58, 0xed, 0x41, 0x1d, 0x5d, 0x86, 0x98, 0x7f, 0x2f, 0x1b, 0x8d, 0x3e, 0xaa, 0xc1, 0xd2, 0x0a, 0xf3, 0xbf, 0x95, 0x04, 0xf3, 0x10, 0x3c, 0x2b, 0x7f, 0x90, 0x46, 0x04, 0xaa, 0x6a, 0xa9, 0x35, 0x76, 0xac, 0x49, 0xb5, 0x00, 0x45,
+ /* (2^274)P */ 0xb1, 0x93, 0x79, 0x84, 0x4a, 0x2a, 0x30, 0x78, 0x16, 0xaa, 0xc5, 0x74, 0x06, 0xce, 0xa5, 0xa7, 0x32, 0x86, 0xe0, 0xf9, 0x10, 0xd2, 0x58, 0x76, 0xfb, 0x66, 0x49, 0x76, 0x3a, 0x90, 0xba, 0xb5, 0xcc, 0x99, 0xcd, 0x09, 0xc1, 0x9a, 0x74, 0x23, 0xdf, 0x0c, 0xfe, 0x99, 0x52, 0x80, 0xa3, 0x7c, 0x1c, 0x71, 0x5f, 0x2c, 0x49, 0x57, 0xf4, 0xf9,
+ /* (2^275)P */ 0x6d, 0xbf, 0x52, 0xe6, 0x25, 0x98, 0xed, 0xcf, 0xe3, 0xbc, 0x08, 0xa2, 0x1a, 0x90, 0xae, 0xa0, 0xbf, 0x07, 0x15, 0xad, 0x0a, 0x9f, 0x3e, 0x47, 0x44, 0xc2, 0x10, 0x46, 0xa6, 0x7a, 0x9e, 0x2f, 0x57, 0xbc, 0xe2, 0xf0, 0x1d, 0xd6, 0x9a, 0x06, 0xed, 0xfc, 0x54, 0x95, 0x92, 0x15, 0xa2, 0xf7, 0x8d, 0x6b, 0xef, 0xb2, 0x05, 0xed, 0x5c, 0x63,
+ /* (2^276)P */ 0xbc, 0x0b, 0x27, 0x3a, 0x3a, 0xf8, 0xe1, 0x48, 0x02, 0x7e, 0x27, 0xe6, 0x81, 0x62, 0x07, 0x73, 0x74, 0xe5, 0x52, 0xd7, 0xf8, 0x26, 0xca, 0x93, 0x4d, 0x3e, 0x9b, 0x55, 0x09, 0x8e, 0xe3, 0xd7, 0xa6, 0xe3, 0xb6, 0x2a, 0xa9, 0xb3, 0xb0, 0xa0, 0x8c, 0x01, 0xbb, 0x07, 0x90, 0x78, 0x6d, 0x6d, 0xe9, 0xf0, 0x7a, 0x90, 0xbd, 0xdc, 0x0c, 0x36,
+ /* (2^277)P */ 0x7f, 0x20, 0x12, 0x0f, 0x40, 0x00, 0x53, 0xd8, 0x0c, 0x27, 0x47, 0x47, 0x22, 0x80, 0xfb, 0x62, 0xe4, 0xa7, 0xf7, 0xbd, 0x42, 0xa5, 0xc3, 0x2b, 0xb2, 0x7f, 0x50, 0xcc, 0xe2, 0xfb, 0xd5, 0xc0, 0x63, 0xdd, 0x24, 0x5f, 0x7c, 0x08, 0x91, 0xbf, 0x6e, 0x47, 0x44, 0xd4, 0x6a, 0xc0, 0xc3, 0x09, 0x39, 0x27, 0xdd, 0xc7, 0xca, 0x06, 0x29, 0x55,
+ /* (2^278)P */ 0x76, 0x28, 0x58, 0xb0, 0xd2, 0xf3, 0x0f, 0x04, 0xe9, 0xc9, 0xab, 0x66, 0x5b, 0x75, 0x51, 0xdc, 0xe5, 0x8f, 0xe8, 0x1f, 0xdb, 0x03, 0x0f, 0xb0, 0x7d, 0xf9, 0x20, 0x64, 0x89, 0xe9, 0xdc, 0xe6, 0x24, 0xc3, 0xd5, 0xd2, 0x41, 0xa6, 0xe4, 0xe3, 0xc4, 0x79, 0x7c, 0x0f, 0xa1, 0x61, 0x2f, 0xda, 0xa4, 0xc9, 0xfd, 0xad, 0x5c, 0x65, 0x6a, 0xf3,
+ /* (2^279)P */ 0xd5, 0xab, 0x72, 0x7a, 0x3b, 0x59, 0xea, 0xcf, 0xd5, 0x17, 0xd2, 0xb2, 0x5f, 0x2d, 0xab, 0xad, 0x9e, 0x88, 0x64, 0x55, 0x96, 0x6e, 0xf3, 0x44, 0xa9, 0x11, 0xf5, 0xf8, 0x3a, 0xf1, 0xcd, 0x79, 0x4c, 0x99, 0x6d, 0x23, 0x6a, 0xa0, 0xc2, 0x1a, 0x19, 0x45, 0xb5, 0xd8, 0x95, 0x2f, 0x49, 0xe9, 0x46, 0x39, 0x26, 0x60, 0x04, 0x15, 0x8b, 0xcc,
+ /* (2^280)P */ 0x66, 0x0c, 0xf0, 0x54, 0x41, 0x02, 0x91, 0xab, 0xe5, 0x85, 0x8a, 0x44, 0xa6, 0x34, 0x96, 0x32, 0xc0, 0xdf, 0x6c, 0x41, 0x39, 0xd4, 0xc6, 0xe1, 0xe3, 0x81, 0xb0, 0x4c, 0x34, 0x4f, 0xe5, 0xf4, 0x35, 0x46, 0x1f, 0xeb, 0x75, 0xfd, 0x43, 0x37, 0x50, 0x99, 0xab, 0xad, 0xb7, 0x8c, 0xa1, 0x57, 0xcb, 0xe6, 0xce, 0x16, 0x2e, 0x85, 0xcc, 0xf9,
+ /* (2^281)P */ 0x63, 0xd1, 0x3f, 0x9e, 0xa2, 0x17, 0x2e, 0x1d, 0x3e, 0xce, 0x48, 0x2d, 0xbb, 0x8f, 0x69, 0xc9, 0xa6, 0x3d, 0x4e, 0xfe, 0x09, 0x56, 0xb3, 0x02, 0x5f, 0x99, 0x97, 0x0c, 0x54, 0xda, 0x32, 0x97, 0x9b, 0xf4, 0x95, 0xf1, 0xad, 0xe3, 0x2b, 0x04, 0xa7, 0x9b, 0x3f, 0xbb, 0xe7, 0x87, 0x2e, 0x1f, 0x8b, 0x4b, 0x7a, 0xa4, 0x43, 0x0c, 0x0f, 0x35,
+ /* (2^282)P */ 0x05, 0xdc, 0xe0, 0x2c, 0xa1, 0xc1, 0xd0, 0xf1, 0x1f, 0x4e, 0xc0, 0x6c, 0x35, 0x7b, 0xca, 0x8f, 0x8b, 0x02, 0xb1, 0xf7, 0xd6, 0x2e, 0xe7, 0x93, 0x80, 0x85, 0x18, 0x88, 0x19, 0xb9, 0xb4, 0x4a, 0xbc, 0xeb, 0x5a, 0x78, 0x38, 0xed, 0xc6, 0x27, 0x2a, 0x74, 0x76, 0xf0, 0x1b, 0x79, 0x92, 0x2f, 0xd2, 0x81, 0x98, 0xdf, 0xa9, 0x50, 0x19, 0xeb,
+ /* (2^283)P */ 0xb5, 0xe7, 0xb4, 0x11, 0x3a, 0x81, 0xb6, 0xb4, 0xf8, 0xa2, 0xb3, 0x6c, 0xfc, 0x9d, 0xe0, 0xc0, 0xe0, 0x59, 0x7f, 0x05, 0x37, 0xef, 0x2c, 0xa9, 0x3a, 0x24, 0xac, 0x7b, 0x25, 0xa0, 0x55, 0xd2, 0x44, 0x82, 0x82, 0x6e, 0x64, 0xa3, 0x58, 0xc8, 0x67, 0xae, 0x26, 0xa7, 0x0f, 0x42, 0x63, 0xe1, 0x93, 0x01, 0x52, 0x19, 0xaf, 0x49, 0x3e, 0x33,
+ /* (2^284)P */ 0x05, 0x85, 0xe6, 0x66, 0xaf, 0x5f, 0xdf, 0xbf, 0x9d, 0x24, 0x62, 0x60, 0x90, 0xe2, 0x4c, 0x7d, 0x4e, 0xc3, 0x74, 0x5d, 0x4f, 0x53, 0xf3, 0x63, 0x13, 0xf4, 0x74, 0x28, 0x6b, 0x7d, 0x57, 0x0c, 0x9d, 0x84, 0xa7, 0x1a, 0xff, 0xa0, 0x79, 0xdf, 0xfc, 0x65, 0x98, 0x8e, 0x22, 0x0d, 0x62, 0x7e, 0xf2, 0x34, 0x60, 0x83, 0x05, 0x14, 0xb1, 0xc1,
+ /* (2^285)P */ 0x64, 0x22, 0xcc, 0xdf, 0x5c, 0xbc, 0x88, 0x68, 0x4c, 0xd9, 0xbc, 0x0e, 0xc9, 0x8b, 0xb4, 0x23, 0x52, 0xad, 0xb0, 0xb3, 0xf1, 0x17, 0xd8, 0x15, 0x04, 0x6b, 0x99, 0xf0, 0xc4, 0x7d, 0x48, 0x22, 0x4a, 0xf8, 0x6f, 0xaa, 0x88, 0x0d, 0xc5, 0x5e, 0xa9, 0x1c, 0x61, 0x3d, 0x95, 0xa9, 0x7b, 0x6a, 0x79, 0x33, 0x0a, 0x2b, 0x99, 0xe3, 0x4e, 0x48,
+ /* (2^286)P */ 0x6b, 0x9b, 0x6a, 0x2a, 0xf1, 0x60, 0x31, 0xb4, 0x73, 0xd1, 0x87, 0x45, 0x9c, 0x15, 0x58, 0x4b, 0x91, 0x6d, 0x94, 0x1c, 0x41, 0x11, 0x4a, 0x83, 0xec, 0xaf, 0x65, 0xbc, 0x34, 0xaa, 0x26, 0xe2, 0xaf, 0xed, 0x46, 0x05, 0x4e, 0xdb, 0xc6, 0x4e, 0x10, 0x28, 0x4e, 0x72, 0xe5, 0x31, 0xa3, 0x20, 0xd7, 0xb1, 0x96, 0x64, 0xf6, 0xce, 0x08, 0x08,
+ /* (2^287)P */ 0x16, 0xa9, 0x5c, 0x9f, 0x9a, 0xb4, 0xb8, 0xc8, 0x32, 0x78, 0xc0, 0x3a, 0xd9, 0x5f, 0x94, 0xac, 0x3a, 0x42, 0x1f, 0x43, 0xd6, 0x80, 0x47, 0x2c, 0xdc, 0x76, 0x27, 0xfa, 0x50, 0xe5, 0xa1, 0xe4, 0xc3, 0xcb, 0x61, 0x31, 0xe1, 0x2e, 0xde, 0x81, 0x3b, 0x77, 0x1c, 0x39, 0x3c, 0xdb, 0xda, 0x87, 0x4b, 0x84, 0x12, 0xeb, 0xdd, 0x54, 0xbf, 0xe7,
+ /* (2^288)P */ 0xbf, 0xcb, 0x73, 0x21, 0x3d, 0x7e, 0x13, 0x8c, 0xa6, 0x34, 0x21, 0x2b, 0xa5, 0xe4, 0x9f, 0x8e, 0x9c, 0x01, 0x9c, 0x43, 0xd9, 0xc7, 0xb9, 0xf1, 0xbe, 0x7f, 0x45, 0x51, 0x97, 0xa1, 0x8e, 0x01, 0xf8, 0xbd, 0xd2, 0xbf, 0x81, 0x3a, 0x8b, 0xab, 0xe4, 0x89, 0xb7, 0xbd, 0xf2, 0xcd, 0xa9, 0x8a, 0x8a, 0xde, 0xfb, 0x8a, 0x55, 0x12, 0x7b, 0x17,
+ /* (2^289)P */ 0x1b, 0x95, 0x58, 0x4d, 0xe6, 0x51, 0x31, 0x52, 0x1c, 0xd8, 0x15, 0x84, 0xb1, 0x0d, 0x36, 0x25, 0x88, 0x91, 0x46, 0x71, 0x42, 0x56, 0xe2, 0x90, 0x08, 0x9e, 0x77, 0x1b, 0xee, 0x22, 0x3f, 0xec, 0xee, 0x8c, 0x7b, 0x2e, 0x79, 0xc4, 0x6c, 0x07, 0xa1, 0x7e, 0x52, 0xf5, 0x26, 0x5c, 0x84, 0x2a, 0x50, 0x6e, 0x82, 0xb3, 0x76, 0xda, 0x35, 0x16,
+ /* (2^290)P */ 0x0a, 0x6f, 0x99, 0x87, 0xc0, 0x7d, 0x8a, 0xb2, 0xca, 0xae, 0xe8, 0x65, 0x98, 0x0f, 0xb3, 0x44, 0xe1, 0xdc, 0x52, 0x79, 0x75, 0xec, 0x8f, 0x95, 0x87, 0x45, 0xd1, 0x32, 0x18, 0x55, 0x15, 0xce, 0x64, 0x9b, 0x08, 0x4f, 0x2c, 0xea, 0xba, 0x1c, 0x57, 0x06, 0x63, 0xc8, 0xb1, 0xfd, 0xc5, 0x67, 0xe7, 0x1f, 0x87, 0x9e, 0xde, 0x72, 0x7d, 0xec,
+ /* (2^291)P */ 0x36, 0x8b, 0x4d, 0x2c, 0xc2, 0x46, 0xe8, 0x96, 0xac, 0x0b, 0x8c, 0xc5, 0x09, 0x10, 0xfc, 0xf2, 0xda, 0xea, 0x22, 0xb2, 0xd3, 0x89, 0xeb, 0xb2, 0x85, 0x0f, 0xff, 0x59, 0x50, 0x2c, 0x99, 0x5a, 0x1f, 0xec, 0x2a, 0x6f, 0xec, 0xcf, 0xe9, 0xce, 0x12, 0x6b, 0x19, 0xd8, 0xde, 0x9b, 0xce, 0x0e, 0x6a, 0xaa, 0xe1, 0x32, 0xea, 0x4c, 0xfe, 0x92,
+ /* (2^292)P */ 0x5f, 0x17, 0x70, 0x53, 0x26, 0x03, 0x0b, 0xab, 0xd1, 0xc1, 0x42, 0x0b, 0xab, 0x2b, 0x3d, 0x31, 0xa4, 0xd5, 0x2b, 0x5e, 0x00, 0xd5, 0x9a, 0x22, 0x34, 0xe0, 0x53, 0x3f, 0x59, 0x7f, 0x2c, 0x6d, 0x72, 0x9a, 0xa4, 0xbe, 0x3d, 0x42, 0x05, 0x1b, 0xf2, 0x7f, 0x88, 0x56, 0xd1, 0x7c, 0x7d, 0x6b, 0x9f, 0x43, 0xfe, 0x65, 0x19, 0xae, 0x9c, 0x4c,
+ /* (2^293)P */ 0xf3, 0x7c, 0x20, 0xa9, 0xfc, 0xf2, 0xf2, 0x3b, 0x3c, 0x57, 0x41, 0x94, 0xe5, 0xcc, 0x6a, 0x37, 0x5d, 0x09, 0xf2, 0xab, 0xc2, 0xca, 0x60, 0x38, 0x6b, 0x7a, 0xe1, 0x78, 0x2b, 0xc1, 0x1d, 0xe8, 0xfd, 0xbc, 0x3d, 0x5c, 0xa2, 0xdb, 0x49, 0x20, 0x79, 0xe6, 0x1b, 0x9b, 0x65, 0xd9, 0x6d, 0xec, 0x57, 0x1d, 0xd2, 0xe9, 0x90, 0xeb, 0x43, 0x7b,
+ /* (2^294)P */ 0x2a, 0x8b, 0x2e, 0x19, 0x18, 0x10, 0xb8, 0x83, 0xe7, 0x7d, 0x2d, 0x9a, 0x3a, 0xe5, 0xd1, 0xe4, 0x7c, 0x38, 0xe5, 0x59, 0x2a, 0x6e, 0xd9, 0x01, 0x29, 0x3d, 0x23, 0xf7, 0x52, 0xba, 0x61, 0x04, 0x9a, 0xde, 0xc4, 0x31, 0x50, 0xeb, 0x1b, 0xaa, 0xde, 0x39, 0x58, 0xd8, 0x1b, 0x1e, 0xfc, 0x57, 0x9a, 0x28, 0x43, 0x9e, 0x97, 0x5e, 0xaa, 0xa3,
+ /* (2^295)P */ 0x97, 0x0a, 0x74, 0xc4, 0x39, 0x99, 0x6b, 0x40, 0xc7, 0x3e, 0x8c, 0xa7, 0xb1, 0x4e, 0x9a, 0x59, 0x6e, 0x1c, 0xfe, 0xfc, 0x2a, 0x5e, 0x73, 0x2b, 0x8c, 0xa9, 0x71, 0xf5, 0xda, 0x6b, 0x15, 0xab, 0xf7, 0xbe, 0x2a, 0x44, 0x5f, 0xba, 0xae, 0x67, 0x93, 0xc5, 0x86, 0xc1, 0xb8, 0xdf, 0xdc, 0xcb, 0xd7, 0xff, 0xb1, 0x71, 0x7c, 0x6f, 0x88, 0xf8,
+ /* (2^296)P */ 0x3f, 0x89, 0xb1, 0xbf, 0x24, 0x16, 0xac, 0x56, 0xfe, 0xdf, 0x94, 0x71, 0xbf, 0xd6, 0x57, 0x0c, 0xb4, 0x77, 0x37, 0xaa, 0x2a, 0x70, 0x76, 0x49, 0xaf, 0x0c, 0x97, 0x8e, 0x78, 0x2a, 0x67, 0xc9, 0x3b, 0x3d, 0x5b, 0x01, 0x2f, 0xda, 0xd5, 0xa8, 0xde, 0x02, 0xa9, 0xac, 0x76, 0x00, 0x0b, 0x46, 0xc6, 0x2d, 0xdc, 0x08, 0xf4, 0x10, 0x2c, 0xbe,
+ /* (2^297)P */ 0xcb, 0x07, 0xf9, 0x91, 0xc6, 0xd5, 0x3e, 0x54, 0x63, 0xae, 0xfc, 0x10, 0xbe, 0x3a, 0x20, 0x73, 0x4e, 0x65, 0x0e, 0x2d, 0x86, 0x77, 0x83, 0x9d, 0xe2, 0x0a, 0xe9, 0xac, 0x22, 0x52, 0x76, 0xd4, 0x6e, 0xfa, 0xe0, 0x09, 0xef, 0x78, 0x82, 0x9f, 0x26, 0xf9, 0x06, 0xb5, 0xe7, 0x05, 0x0e, 0xf2, 0x46, 0x72, 0x93, 0xd3, 0x24, 0xbd, 0x87, 0x60,
+ /* (2^298)P */ 0x14, 0x55, 0x84, 0x7b, 0x6c, 0x60, 0x80, 0x73, 0x8c, 0xbe, 0x2d, 0xd6, 0x69, 0xd6, 0x17, 0x26, 0x44, 0x9f, 0x88, 0xa2, 0x39, 0x7c, 0x89, 0xbc, 0x6d, 0x9e, 0x46, 0xb6, 0x68, 0x66, 0xea, 0xdc, 0x31, 0xd6, 0x21, 0x51, 0x9f, 0x28, 0x28, 0xaf, 0x9e, 0x47, 0x2c, 0x4c, 0x8f, 0xf3, 0xaf, 0x1f, 0xe4, 0xab, 0xac, 0xe9, 0x0c, 0x91, 0x3a, 0x61,
+ /* (2^299)P */ 0xb0, 0x37, 0x55, 0x4b, 0xe9, 0xc3, 0xb1, 0xce, 0x42, 0xe6, 0xc5, 0x11, 0x7f, 0x2c, 0x11, 0xfc, 0x4e, 0x71, 0x17, 0x00, 0x74, 0x7f, 0xbf, 0x07, 0x4d, 0xfd, 0x40, 0xb2, 0x87, 0xb0, 0xef, 0x1f, 0x35, 0x2c, 0x2d, 0xd7, 0xe1, 0xe4, 0xad, 0x0e, 0x7f, 0x63, 0x66, 0x62, 0x23, 0x41, 0xf6, 0xc1, 0x14, 0xa6, 0xd7, 0xa9, 0x11, 0x56, 0x9d, 0x1b,
+ /* (2^300)P */ 0x02, 0x82, 0x42, 0x18, 0x4f, 0x1b, 0xc9, 0x5d, 0x78, 0x5f, 0xee, 0xed, 0x01, 0x49, 0x8f, 0xf2, 0xa0, 0xe2, 0x6e, 0xbb, 0x6b, 0x04, 0x8d, 0xb2, 0x41, 0xae, 0xc8, 0x1b, 0x59, 0x34, 0xb8, 0x2a, 0xdb, 0x1f, 0xd2, 0x52, 0xdf, 0x3f, 0x35, 0x00, 0x8b, 0x61, 0xbc, 0x97, 0xa0, 0xc4, 0x77, 0xd1, 0xe4, 0x2c, 0x59, 0x68, 0xff, 0x30, 0xf2, 0xe2,
+ /* (2^301)P */ 0x79, 0x08, 0xb1, 0xdb, 0x55, 0xae, 0xd0, 0xed, 0xda, 0xa0, 0xec, 0x6c, 0xae, 0x68, 0xf2, 0x0b, 0x61, 0xb3, 0xf5, 0x21, 0x69, 0x87, 0x0b, 0x03, 0xea, 0x8a, 0x15, 0xd9, 0x7e, 0xca, 0xf7, 0xcd, 0xf3, 0x33, 0xb3, 0x4c, 0x5b, 0x23, 0x4e, 0x6f, 0x90, 0xad, 0x91, 0x4b, 0x4f, 0x46, 0x37, 0xe5, 0xe8, 0xb7, 0xeb, 0xd5, 0xca, 0x34, 0x4e, 0x23,
+ /* (2^302)P */ 0x09, 0x02, 0xdd, 0xfd, 0x70, 0xac, 0x56, 0x80, 0x36, 0x5e, 0x49, 0xd0, 0x3f, 0xc2, 0xe0, 0xba, 0x46, 0x7f, 0x5c, 0xf7, 0xc5, 0xbd, 0xd5, 0x55, 0x7d, 0x3f, 0xd5, 0x7d, 0x06, 0xdf, 0x27, 0x20, 0x4f, 0xe9, 0x30, 0xec, 0x1b, 0xa0, 0x0c, 0xd4, 0x2c, 0xe1, 0x2b, 0x65, 0x73, 0xea, 0x75, 0x35, 0xe8, 0xe6, 0x56, 0xd6, 0x07, 0x15, 0x99, 0xdf,
+ /* (2^303)P */ 0x4e, 0x10, 0xb7, 0xd0, 0x63, 0x8c, 0xcf, 0x16, 0x00, 0x7c, 0x58, 0xdf, 0x86, 0xdc, 0x4e, 0xca, 0x9c, 0x40, 0x5a, 0x42, 0xfd, 0xec, 0x98, 0xa4, 0x42, 0x53, 0xae, 0x16, 0x9d, 0xfd, 0x75, 0x5a, 0x12, 0x56, 0x1e, 0xc6, 0x57, 0xcc, 0x79, 0x27, 0x96, 0x00, 0xcf, 0x80, 0x4f, 0x8a, 0x36, 0x5c, 0xbb, 0xe9, 0x12, 0xdb, 0xb6, 0x2b, 0xad, 0x96,
+ /* (2^304)P */ 0x92, 0x32, 0x1f, 0xfd, 0xc6, 0x02, 0x94, 0x08, 0x1b, 0x60, 0x6a, 0x9f, 0x8b, 0xd6, 0xc8, 0xad, 0xd5, 0x1b, 0x27, 0x4e, 0xa4, 0x4d, 0x4a, 0x00, 0x10, 0x5f, 0x86, 0x11, 0xf5, 0xe3, 0x14, 0x32, 0x43, 0xee, 0xb9, 0xc7, 0xab, 0xf4, 0x6f, 0xe5, 0x66, 0x0c, 0x06, 0x0d, 0x96, 0x79, 0x28, 0xaf, 0x45, 0x2b, 0x56, 0xbe, 0xe4, 0x4a, 0x52, 0xd6,
+ /* (2^305)P */ 0x15, 0x16, 0x69, 0xef, 0x60, 0xca, 0x82, 0x25, 0x0f, 0xc6, 0x30, 0xa0, 0x0a, 0xd1, 0x83, 0x29, 0xcd, 0xb6, 0x89, 0x6c, 0xf5, 0xb2, 0x08, 0x38, 0xe6, 0xca, 0x6b, 0x19, 0x93, 0xc6, 0x5f, 0x75, 0x8e, 0x60, 0x34, 0x23, 0xc4, 0x13, 0x17, 0x69, 0x55, 0xcc, 0x72, 0x9c, 0x2b, 0x6c, 0x80, 0xf4, 0x4b, 0x8b, 0xb6, 0x97, 0x65, 0x07, 0xb6, 0xfb,
+ /* (2^306)P */ 0x01, 0x99, 0x74, 0x28, 0xa6, 0x67, 0xa3, 0xe5, 0x25, 0xfb, 0xdf, 0x82, 0x93, 0xe7, 0x35, 0x74, 0xce, 0xe3, 0x15, 0x1c, 0x1d, 0x79, 0x52, 0x84, 0x08, 0x04, 0x2f, 0x5c, 0xb8, 0xcd, 0x7f, 0x89, 0xb0, 0x39, 0x93, 0x63, 0xc9, 0x5d, 0x06, 0x01, 0x59, 0xf7, 0x7e, 0xf1, 0x4c, 0x3d, 0x12, 0x8d, 0x69, 0x1d, 0xb7, 0x21, 0x5e, 0x88, 0x82, 0xa2,
+ /* (2^307)P */ 0x8e, 0x69, 0xaf, 0x9a, 0x41, 0x0d, 0x9d, 0xcf, 0x8e, 0x8d, 0x5c, 0x51, 0x6e, 0xde, 0x0e, 0x48, 0x23, 0x89, 0xe5, 0x37, 0x80, 0xd6, 0x9d, 0x72, 0x32, 0x26, 0x38, 0x2d, 0x63, 0xa0, 0xfa, 0xd3, 0x40, 0xc0, 0x8c, 0x68, 0x6f, 0x2b, 0x1e, 0x9a, 0x39, 0x51, 0x78, 0x74, 0x9a, 0x7b, 0x4a, 0x8f, 0x0c, 0xa0, 0x88, 0x60, 0xa5, 0x21, 0xcd, 0xc7,
+ /* (2^308)P */ 0x3a, 0x7f, 0x73, 0x14, 0xbf, 0x89, 0x6a, 0x4c, 0x09, 0x5d, 0xf2, 0x93, 0x20, 0x2d, 0xc4, 0x29, 0x86, 0x06, 0x95, 0xab, 0x22, 0x76, 0x4c, 0x54, 0xe1, 0x7e, 0x80, 0x6d, 0xab, 0x29, 0x61, 0x87, 0x77, 0xf6, 0xc0, 0x3e, 0xda, 0xab, 0x65, 0x7e, 0x39, 0x12, 0xa1, 0x6b, 0x42, 0xf7, 0xc5, 0x97, 0x77, 0xec, 0x6f, 0x22, 0xbe, 0x44, 0xc7, 0x03,
+ /* (2^309)P */ 0xa5, 0x23, 0x90, 0x41, 0xa3, 0xc5, 0x3e, 0xe0, 0xa5, 0x32, 0x49, 0x1f, 0x39, 0x78, 0xb1, 0xd8, 0x24, 0xea, 0xd4, 0x87, 0x53, 0x42, 0x51, 0xf4, 0xd9, 0x46, 0x25, 0x2f, 0x62, 0xa9, 0x90, 0x9a, 0x4a, 0x25, 0x8a, 0xd2, 0x10, 0xe7, 0x3c, 0xbc, 0x58, 0x8d, 0x16, 0x14, 0x96, 0xa4, 0x6f, 0xf8, 0x12, 0x69, 0x91, 0x73, 0xe2, 0xfa, 0xf4, 0x57,
+ /* (2^310)P */ 0x51, 0x45, 0x3f, 0x96, 0xdc, 0x97, 0x38, 0xa6, 0x01, 0x63, 0x09, 0xea, 0xc2, 0x13, 0x30, 0xb0, 0x00, 0xb8, 0x0a, 0xce, 0xd1, 0x8f, 0x3e, 0x69, 0x62, 0x46, 0x33, 0x9c, 0xbf, 0x4b, 0xcb, 0x0c, 0x90, 0x1c, 0x45, 0xcf, 0x37, 0x5b, 0xf7, 0x4b, 0x5e, 0x95, 0xc3, 0x28, 0x9f, 0x08, 0x83, 0x53, 0x74, 0xab, 0x0c, 0xb4, 0xc0, 0xa1, 0xbc, 0x89,
+ /* (2^311)P */ 0x06, 0xb1, 0x51, 0x15, 0x65, 0x60, 0x21, 0x17, 0x7a, 0x20, 0x65, 0xee, 0x12, 0x35, 0x4d, 0x46, 0xf4, 0xf8, 0xd0, 0xb1, 0xca, 0x09, 0x30, 0x08, 0x89, 0x23, 0x3b, 0xe7, 0xab, 0x8b, 0x77, 0xa6, 0xad, 0x25, 0xdd, 0xea, 0x3c, 0x7d, 0xa5, 0x24, 0xb3, 0xe8, 0xfa, 0xfb, 0xc9, 0xf2, 0x71, 0xe9, 0xfa, 0xf2, 0xdc, 0x54, 0xdd, 0x55, 0x2e, 0x2f,
+ /* (2^312)P */ 0x7f, 0x96, 0x96, 0xfb, 0x52, 0x86, 0xcf, 0xea, 0x62, 0x18, 0xf1, 0x53, 0x1f, 0x61, 0x2a, 0x9f, 0x8c, 0x51, 0xca, 0x2c, 0xde, 0x6d, 0xce, 0xab, 0x58, 0x32, 0x0b, 0x33, 0x9b, 0x99, 0xb4, 0x5c, 0x88, 0x2a, 0x76, 0xcc, 0x3e, 0x54, 0x1e, 0x9d, 0xa2, 0x89, 0xe4, 0x19, 0xba, 0x80, 0xc8, 0x39, 0x32, 0x7f, 0x0f, 0xc7, 0x84, 0xbb, 0x43, 0x56,
+ /* (2^313)P */ 0x9b, 0x07, 0xb4, 0x42, 0xa9, 0xa0, 0x78, 0x4f, 0x28, 0x70, 0x2b, 0x7e, 0x61, 0xe0, 0xdd, 0x02, 0x98, 0xfc, 0xed, 0x31, 0x80, 0xf1, 0x15, 0x52, 0x89, 0x23, 0xcd, 0x5d, 0x2b, 0xc5, 0x19, 0x32, 0xfb, 0x70, 0x50, 0x7a, 0x97, 0x6b, 0x42, 0xdb, 0xca, 0xdb, 0xc4, 0x59, 0x99, 0xe0, 0x12, 0x1f, 0x17, 0xba, 0x8b, 0xf0, 0xc4, 0x38, 0x5d, 0x27,
+ /* (2^314)P */ 0x29, 0x1d, 0xdc, 0x2b, 0xf6, 0x5b, 0x04, 0x61, 0x36, 0x76, 0xa0, 0x56, 0x36, 0x6e, 0xd7, 0x24, 0x4d, 0xe7, 0xef, 0x44, 0xd2, 0xd5, 0x07, 0xcd, 0xc4, 0x9d, 0x80, 0x48, 0xc3, 0x38, 0xcf, 0xd8, 0xa3, 0xdd, 0xb2, 0x5e, 0xb5, 0x70, 0x15, 0xbb, 0x36, 0x85, 0x8a, 0xd7, 0xfb, 0x56, 0x94, 0x73, 0x9c, 0x81, 0xbe, 0xb1, 0x44, 0x28, 0xf1, 0x37,
+ /* (2^315)P */ 0xbf, 0xcf, 0x5c, 0xd2, 0xe2, 0xea, 0xc2, 0xcd, 0x70, 0x7a, 0x9d, 0xcb, 0x81, 0xc1, 0xe9, 0xf1, 0x56, 0x71, 0x52, 0xf7, 0x1b, 0x87, 0xc6, 0xd8, 0xcc, 0xb2, 0x69, 0xf3, 0xb0, 0xbd, 0xba, 0x83, 0x12, 0x26, 0xc4, 0xce, 0x72, 0xde, 0x3b, 0x21, 0x28, 0x9e, 0x5a, 0x94, 0xf5, 0x04, 0xa3, 0xc8, 0x0f, 0x5e, 0xbc, 0x71, 0xf9, 0x0d, 0xce, 0xf5,
+ /* (2^316)P */ 0x93, 0x97, 0x00, 0x85, 0xf4, 0xb4, 0x40, 0xec, 0xd9, 0x2b, 0x6c, 0xd6, 0x63, 0x9e, 0x93, 0x0a, 0x5a, 0xf4, 0xa7, 0x9a, 0xe3, 0x3c, 0xf0, 0x55, 0xd1, 0x96, 0x6c, 0xf5, 0x2a, 0xce, 0xd7, 0x95, 0x72, 0xbf, 0xc5, 0x0c, 0xce, 0x79, 0xa2, 0x0a, 0x78, 0xe0, 0x72, 0xd0, 0x66, 0x28, 0x05, 0x75, 0xd3, 0x23, 0x09, 0x91, 0xed, 0x7e, 0xc4, 0xbc,
+ /* (2^317)P */ 0x77, 0xc2, 0x9a, 0xf7, 0xa6, 0xe6, 0x18, 0xb4, 0xe7, 0xf6, 0xda, 0xec, 0x44, 0x6d, 0xfb, 0x08, 0xee, 0x65, 0xa8, 0x92, 0x85, 0x1f, 0xba, 0x38, 0x93, 0x20, 0x5c, 0x4d, 0xd2, 0x18, 0x0f, 0x24, 0xbe, 0x1a, 0x96, 0x44, 0x7d, 0xeb, 0xb3, 0xda, 0x95, 0xf4, 0xaf, 0x6c, 0x06, 0x0f, 0x47, 0x37, 0xc8, 0x77, 0x63, 0xe1, 0x29, 0xef, 0xff, 0xa5,
+ /* (2^318)P */ 0x16, 0x12, 0xd9, 0x47, 0x90, 0x22, 0x9b, 0x05, 0xf2, 0xa5, 0x9a, 0xae, 0x83, 0x98, 0xb5, 0xac, 0xab, 0x29, 0xaa, 0xdc, 0x5f, 0xde, 0xcd, 0xf7, 0x42, 0xad, 0x3b, 0x96, 0xd6, 0x3e, 0x6e, 0x52, 0x47, 0xb1, 0xab, 0x51, 0xde, 0x49, 0x7c, 0x87, 0x8d, 0x86, 0xe2, 0x70, 0x13, 0x21, 0x51, 0x1c, 0x0c, 0x25, 0xc1, 0xb0, 0xe6, 0x19, 0xcf, 0x12,
+ /* (2^319)P */ 0xf0, 0xbc, 0x97, 0x8f, 0x4b, 0x2f, 0xd1, 0x1f, 0x8c, 0x57, 0xed, 0x3c, 0xf4, 0x26, 0x19, 0xbb, 0x60, 0xca, 0x24, 0xc5, 0xd9, 0x97, 0xe2, 0x5f, 0x76, 0x49, 0x39, 0x7e, 0x2d, 0x12, 0x21, 0x98, 0xda, 0xe6, 0xdb, 0xd2, 0xd8, 0x9f, 0x18, 0xd8, 0x83, 0x6c, 0xba, 0x89, 0x8d, 0x29, 0xfa, 0x46, 0x33, 0x8c, 0x28, 0xdf, 0x6a, 0xb3, 0x69, 0x28,
+ /* (2^320)P */ 0x86, 0x17, 0xbc, 0xd6, 0x7c, 0xba, 0x1e, 0x83, 0xbb, 0x84, 0xb5, 0x8c, 0xad, 0xdf, 0xa1, 0x24, 0x81, 0x70, 0x40, 0x0f, 0xad, 0xad, 0x3b, 0x23, 0xd0, 0x93, 0xa0, 0x49, 0x5c, 0x4b, 0x51, 0xbe, 0x20, 0x49, 0x4e, 0xda, 0x2d, 0xd3, 0xad, 0x1b, 0x74, 0x08, 0x41, 0xf0, 0xef, 0x19, 0xe9, 0x45, 0x5d, 0x02, 0xae, 0x26, 0x25, 0xd9, 0xd1, 0xc2,
+ /* (2^321)P */ 0x48, 0x81, 0x3e, 0xb2, 0x83, 0xf8, 0x4d, 0xb3, 0xd0, 0x4c, 0x75, 0xb3, 0xa0, 0x52, 0x26, 0xf2, 0xaf, 0x5d, 0x36, 0x70, 0x72, 0xd6, 0xb7, 0x88, 0x08, 0x69, 0xbd, 0x15, 0x25, 0xb1, 0x45, 0x1b, 0xb7, 0x0b, 0x5f, 0x71, 0x5d, 0x83, 0x49, 0xb9, 0x84, 0x3b, 0x7c, 0xc1, 0x50, 0x93, 0x05, 0x53, 0xe0, 0x61, 0xea, 0xc1, 0xef, 0xdb, 0x82, 0x97,
+ /* (2^322)P */ 0x00, 0xd5, 0xc3, 0x3a, 0x4d, 0x8a, 0x23, 0x7a, 0xef, 0xff, 0x37, 0xef, 0xf3, 0xbc, 0xa9, 0xb6, 0xae, 0xd7, 0x3a, 0x7b, 0xfd, 0x3e, 0x8e, 0x9b, 0xab, 0x44, 0x54, 0x60, 0x28, 0x6c, 0xbf, 0x15, 0x24, 0x4a, 0x56, 0x60, 0x7f, 0xa9, 0x7a, 0x28, 0x59, 0x2c, 0x8a, 0xd1, 0x7d, 0x6b, 0x00, 0xfd, 0xa5, 0xad, 0xbc, 0x19, 0x3f, 0xcb, 0x73, 0xe0,
+ /* (2^323)P */ 0xcf, 0x9e, 0x66, 0x06, 0x4d, 0x2b, 0xf5, 0x9c, 0xc2, 0x9d, 0x9e, 0xed, 0x5a, 0x5c, 0x2d, 0x00, 0xbf, 0x29, 0x90, 0x88, 0xe4, 0x5d, 0xfd, 0xe2, 0xf0, 0x38, 0xec, 0x4d, 0x26, 0xea, 0x54, 0xf0, 0x3c, 0x84, 0x10, 0x6a, 0xf9, 0x66, 0x9c, 0xe7, 0x21, 0xfd, 0x0f, 0xc7, 0x13, 0x50, 0x81, 0xb6, 0x50, 0xf9, 0x04, 0x7f, 0xa4, 0x37, 0x85, 0x14,
+ /* (2^324)P */ 0xdb, 0x87, 0x49, 0xc7, 0xa8, 0x39, 0x0c, 0x32, 0x98, 0x0c, 0xb9, 0x1a, 0x1b, 0x4d, 0xe0, 0x8a, 0x9a, 0x8e, 0x8f, 0xab, 0x5a, 0x17, 0x3d, 0x04, 0x21, 0xce, 0x3e, 0x2c, 0xf9, 0xa3, 0x97, 0xe4, 0x77, 0x95, 0x0e, 0xb6, 0xa5, 0x15, 0xad, 0x3a, 0x1e, 0x46, 0x53, 0x17, 0x09, 0x83, 0x71, 0x4e, 0x86, 0x38, 0xd5, 0x23, 0x44, 0x16, 0x8d, 0xc8,
+ /* (2^325)P */ 0x05, 0x5e, 0x99, 0x08, 0xbb, 0xc3, 0xc0, 0xb7, 0x6c, 0x12, 0xf2, 0xf3, 0xf4, 0x7c, 0x6a, 0x4d, 0x9e, 0xeb, 0x3d, 0xb9, 0x63, 0x94, 0xce, 0x81, 0xd8, 0x11, 0xcb, 0x55, 0x69, 0x4a, 0x20, 0x0b, 0x4c, 0x2e, 0x14, 0xb8, 0xd4, 0x6a, 0x7c, 0xf0, 0xed, 0xfc, 0x8f, 0xef, 0xa0, 0xeb, 0x6c, 0x01, 0xe2, 0xdc, 0x10, 0x22, 0xa2, 0x01, 0x85, 0x64,
+ /* (2^326)P */ 0x58, 0xe1, 0x9c, 0x27, 0x55, 0xc6, 0x25, 0xa6, 0x7d, 0x67, 0x88, 0x65, 0x99, 0x6c, 0xcb, 0xdb, 0x27, 0x4f, 0x44, 0x29, 0xf5, 0x4a, 0x23, 0x10, 0xbc, 0x03, 0x3f, 0x36, 0x1e, 0xef, 0xb0, 0xba, 0x75, 0xe8, 0x74, 0x5f, 0x69, 0x3e, 0x26, 0x40, 0xb4, 0x2f, 0xdc, 0x43, 0xbf, 0xa1, 0x8b, 0xbd, 0xca, 0x6e, 0xc1, 0x6e, 0x21, 0x79, 0xa0, 0xd0,
+ /* (2^327)P */ 0x78, 0x93, 0x4a, 0x2d, 0x22, 0x6e, 0x6e, 0x7d, 0x74, 0xd2, 0x66, 0x58, 0xce, 0x7b, 0x1d, 0x97, 0xb1, 0xf2, 0xda, 0x1c, 0x79, 0xfb, 0xba, 0xd1, 0xc0, 0xc5, 0x6e, 0xc9, 0x11, 0x89, 0xd2, 0x41, 0x8d, 0x70, 0xb9, 0xcc, 0xea, 0x6a, 0xb3, 0x45, 0xb6, 0x05, 0x2e, 0xf2, 0x17, 0xf1, 0x27, 0xb8, 0xed, 0x06, 0x1f, 0xdb, 0x9d, 0x1f, 0x69, 0x28,
+ /* (2^328)P */ 0x93, 0x12, 0xa8, 0x11, 0xe1, 0x92, 0x30, 0x8d, 0xac, 0xe1, 0x1c, 0x60, 0x7c, 0xed, 0x2d, 0x2e, 0xd3, 0x03, 0x5c, 0x9c, 0xc5, 0xbd, 0x64, 0x4a, 0x8c, 0xba, 0x76, 0xfe, 0xc6, 0xc1, 0xea, 0xc2, 0x4f, 0xbe, 0x70, 0x3d, 0x64, 0xcf, 0x8e, 0x18, 0xcb, 0xcd, 0x57, 0xa7, 0xf7, 0x36, 0xa9, 0x6b, 0x3e, 0xb8, 0x69, 0xee, 0x47, 0xa2, 0x7e, 0xb2,
+ /* (2^329)P */ 0x96, 0xaf, 0x3a, 0xf5, 0xed, 0xcd, 0xaf, 0xf7, 0x82, 0xaf, 0x59, 0x62, 0x0b, 0x36, 0x85, 0xf9, 0xaf, 0xd6, 0x38, 0xff, 0x87, 0x2e, 0x1d, 0x6c, 0x8b, 0xaf, 0x3b, 0xdf, 0x28, 0xa2, 0xd6, 0x4d, 0x80, 0x92, 0xc3, 0x0f, 0x34, 0xa8, 0xae, 0x69, 0x5d, 0x7b, 0x9d, 0xbc, 0xf5, 0xfd, 0x1d, 0xb1, 0x96, 0x55, 0x86, 0xe1, 0x5c, 0xb6, 0xac, 0xb9,
+ /* (2^330)P */ 0x50, 0x9e, 0x37, 0x28, 0x7d, 0xa8, 0x33, 0x63, 0xda, 0x3f, 0x20, 0x98, 0x0e, 0x09, 0xa8, 0x77, 0x3b, 0x7a, 0xfc, 0x16, 0x85, 0x44, 0x64, 0x77, 0x65, 0x68, 0x92, 0x41, 0xc6, 0x1f, 0xdf, 0x27, 0xf9, 0xec, 0xa0, 0x61, 0x22, 0xea, 0x19, 0xe7, 0x75, 0x8b, 0x4e, 0xe5, 0x0f, 0xb7, 0xf7, 0xd2, 0x53, 0xf4, 0xdd, 0x4a, 0xaa, 0x78, 0x40, 0xb7,
+ /* (2^331)P */ 0xd4, 0x89, 0xe3, 0x79, 0xba, 0xb6, 0xc3, 0xda, 0xe6, 0x78, 0x65, 0x7d, 0x6e, 0x22, 0x62, 0xb1, 0x3d, 0xea, 0x90, 0x84, 0x30, 0x5e, 0xd4, 0x39, 0x84, 0x78, 0xd9, 0x75, 0xd6, 0xce, 0x2a, 0x11, 0x29, 0x69, 0xa4, 0x5e, 0xaa, 0x2a, 0x98, 0x5a, 0xe5, 0x91, 0x8f, 0xb2, 0xfb, 0xda, 0x97, 0xe8, 0x83, 0x6f, 0x04, 0xb9, 0x5d, 0xaf, 0xe1, 0x9b,
+ /* (2^332)P */ 0x8b, 0xe4, 0xe1, 0x48, 0x9c, 0xc4, 0x83, 0x89, 0xdf, 0x65, 0xd3, 0x35, 0x55, 0x13, 0xf4, 0x1f, 0x36, 0x92, 0x33, 0x38, 0xcb, 0xed, 0x15, 0xe6, 0x60, 0x2d, 0x25, 0xf5, 0x36, 0x60, 0x3a, 0x37, 0x9b, 0x71, 0x9d, 0x42, 0xb0, 0x14, 0xc8, 0xba, 0x62, 0xa3, 0x49, 0xb0, 0x88, 0xc1, 0x72, 0x73, 0xdd, 0x62, 0x40, 0xa9, 0x62, 0x88, 0x99, 0xca,
+ /* (2^333)P */ 0x47, 0x7b, 0xea, 0xda, 0x46, 0x2f, 0x45, 0xc6, 0xe3, 0xb4, 0x4d, 0x8d, 0xac, 0x0b, 0x54, 0x22, 0x06, 0x31, 0x16, 0x66, 0x3e, 0xe4, 0x38, 0x12, 0xcd, 0xf3, 0xe7, 0x99, 0x37, 0xd9, 0x62, 0x24, 0x4b, 0x05, 0xf2, 0x58, 0xe6, 0x29, 0x4b, 0x0d, 0xf6, 0xc1, 0xba, 0xa0, 0x1e, 0x0f, 0xcb, 0x1f, 0xc6, 0x2b, 0x19, 0xfc, 0x82, 0x01, 0xd0, 0x86,
+ /* (2^334)P */ 0xa2, 0xae, 0x77, 0x20, 0xfb, 0xa8, 0x18, 0xb4, 0x61, 0xef, 0xe8, 0x52, 0x79, 0xbb, 0x86, 0x90, 0x5d, 0x2e, 0x76, 0xed, 0x66, 0x60, 0x5d, 0x00, 0xb5, 0xa4, 0x00, 0x40, 0x89, 0xec, 0xd1, 0xd2, 0x0d, 0x26, 0xb9, 0x30, 0xb2, 0xd2, 0xb8, 0xe8, 0x0e, 0x56, 0xf9, 0x67, 0x94, 0x2e, 0x62, 0xe1, 0x79, 0x48, 0x2b, 0xa9, 0xfa, 0xea, 0xdb, 0x28,
+ /* (2^335)P */ 0x35, 0xf1, 0xb0, 0x43, 0xbd, 0x27, 0xef, 0x18, 0x44, 0xa2, 0x04, 0xb4, 0x69, 0xa1, 0x97, 0x1f, 0x8c, 0x04, 0x82, 0x9b, 0x00, 0x6d, 0xf8, 0xbf, 0x7d, 0xc1, 0x5b, 0xab, 0xe8, 0xb2, 0x34, 0xbd, 0xaf, 0x7f, 0xb2, 0x0d, 0xf3, 0xed, 0xfc, 0x5b, 0x50, 0xee, 0xe7, 0x4a, 0x20, 0xd9, 0xf5, 0xc6, 0x9a, 0x97, 0x6d, 0x07, 0x2f, 0xb9, 0x31, 0x02,
+ /* (2^336)P */ 0xf9, 0x54, 0x4a, 0xc5, 0x61, 0x7e, 0x1d, 0xa6, 0x0e, 0x1a, 0xa8, 0xd3, 0x8c, 0x36, 0x7d, 0xf1, 0x06, 0xb1, 0xac, 0x93, 0xcd, 0xe9, 0x8f, 0x61, 0x6c, 0x5d, 0x03, 0x23, 0xdf, 0x85, 0x53, 0x39, 0x63, 0x5e, 0xeb, 0xf3, 0xd3, 0xd3, 0x75, 0x97, 0x9b, 0x62, 0x9b, 0x01, 0xb3, 0x19, 0xd8, 0x2b, 0x36, 0xf2, 0x2c, 0x2c, 0x6f, 0x36, 0xc6, 0x3c,
+ /* (2^337)P */ 0x05, 0x74, 0x43, 0x10, 0xb6, 0xb0, 0xf8, 0xbf, 0x02, 0x46, 0x9a, 0xee, 0xc1, 0xaf, 0xc1, 0xe5, 0x5a, 0x2e, 0xbb, 0xe1, 0xdc, 0xc6, 0xce, 0x51, 0x29, 0x50, 0xbf, 0x1b, 0xde, 0xff, 0xba, 0x4d, 0x8d, 0x8b, 0x7e, 0xe7, 0xbd, 0x5b, 0x8f, 0xbe, 0xe3, 0x75, 0x71, 0xff, 0x37, 0x05, 0x5a, 0x10, 0xeb, 0x54, 0x7e, 0x44, 0x72, 0x2c, 0xd4, 0xfc,
+ /* (2^338)P */ 0x03, 0x12, 0x1c, 0xb2, 0x08, 0x90, 0xa1, 0x2d, 0x50, 0xa0, 0xad, 0x7f, 0x8d, 0xa6, 0x97, 0xc1, 0xbd, 0xdc, 0xc3, 0xa7, 0xad, 0x31, 0xdf, 0xb8, 0x03, 0x84, 0xc3, 0xb9, 0x29, 0x3d, 0x92, 0x2e, 0xc3, 0x90, 0x07, 0xe8, 0xa7, 0xc7, 0xbc, 0x61, 0xe9, 0x3e, 0xa0, 0x35, 0xda, 0x1d, 0xab, 0x48, 0xfe, 0x50, 0xc9, 0x25, 0x59, 0x23, 0x69, 0x3f,
+ /* (2^339)P */ 0x8e, 0x91, 0xab, 0x6b, 0x91, 0x4f, 0x89, 0x76, 0x67, 0xad, 0xb2, 0x65, 0x9d, 0xad, 0x02, 0x36, 0xdc, 0xac, 0x96, 0x93, 0x97, 0x21, 0x14, 0xd0, 0xe8, 0x11, 0x60, 0x1e, 0xeb, 0x96, 0x06, 0xf2, 0x53, 0xf2, 0x6d, 0xb7, 0x93, 0x6f, 0x26, 0x91, 0x23, 0xe3, 0x34, 0x04, 0x92, 0x91, 0x37, 0x08, 0x50, 0xd6, 0x28, 0x09, 0x27, 0xa1, 0x0c, 0x00,
+ /* (2^340)P */ 0x1f, 0xbb, 0x21, 0x26, 0x33, 0xcb, 0xa4, 0xd1, 0xee, 0x85, 0xf9, 0xd9, 0x3c, 0x90, 0xc3, 0xd1, 0x26, 0xa2, 0x25, 0x93, 0x43, 0x61, 0xed, 0x91, 0x6e, 0x54, 0x03, 0x2e, 0x42, 0x9d, 0xf7, 0xa6, 0x02, 0x0f, 0x2f, 0x9c, 0x7a, 0x8d, 0x12, 0xc2, 0x18, 0xfc, 0x41, 0xff, 0x85, 0x26, 0x1a, 0x44, 0x55, 0x0b, 0x89, 0xab, 0x6f, 0x62, 0x33, 0x8c,
+ /* (2^341)P */ 0xe0, 0x3c, 0x5d, 0x70, 0x64, 0x87, 0x81, 0x35, 0xf2, 0x37, 0xa6, 0x24, 0x3e, 0xe0, 0x62, 0xd5, 0x71, 0xe7, 0x93, 0xfb, 0xac, 0xc3, 0xe7, 0xc7, 0x04, 0xe2, 0x70, 0xd3, 0x29, 0x5b, 0x21, 0xbf, 0xf4, 0x26, 0x5d, 0xf3, 0x95, 0xb4, 0x2a, 0x6a, 0x07, 0x55, 0xa6, 0x4b, 0x3b, 0x15, 0xf2, 0x25, 0x8a, 0x95, 0x3f, 0x63, 0x2f, 0x7a, 0x23, 0x96,
+ /* (2^342)P */ 0x0d, 0x3d, 0xd9, 0x13, 0xa7, 0xb3, 0x5e, 0x67, 0xf7, 0x02, 0x23, 0xee, 0x84, 0xff, 0x99, 0xda, 0xb9, 0x53, 0xf8, 0xf0, 0x0e, 0x39, 0x2f, 0x3c, 0x64, 0x34, 0xe3, 0x09, 0xfd, 0x2b, 0x33, 0xc7, 0xfe, 0x62, 0x2b, 0x84, 0xdf, 0x2b, 0xd2, 0x7c, 0x26, 0x01, 0x70, 0x66, 0x5b, 0x85, 0xc2, 0xbe, 0x88, 0x37, 0xf1, 0x30, 0xac, 0xb8, 0x76, 0xa3,
+ /* (2^343)P */ 0x6e, 0x01, 0xf0, 0x55, 0x35, 0xe4, 0xbd, 0x43, 0x62, 0x9d, 0xd6, 0x11, 0xef, 0x6f, 0xb8, 0x8c, 0xaa, 0x98, 0x87, 0xc6, 0x6d, 0xc4, 0xcc, 0x74, 0x92, 0x53, 0x4a, 0xdf, 0xe4, 0x08, 0x89, 0x17, 0xd0, 0x0f, 0xf4, 0x00, 0x60, 0x78, 0x08, 0x44, 0xb5, 0xda, 0x18, 0xed, 0x98, 0xc8, 0x61, 0x3d, 0x39, 0xdb, 0xcf, 0x1d, 0x49, 0x40, 0x65, 0x75,
+ /* (2^344)P */ 0x8e, 0x10, 0xae, 0x5f, 0x06, 0xd2, 0x95, 0xfd, 0x20, 0x16, 0x49, 0x5b, 0x57, 0xbe, 0x22, 0x8b, 0x43, 0xfb, 0xe6, 0xcc, 0x26, 0xa5, 0x5d, 0xd3, 0x68, 0xc5, 0xf9, 0x5a, 0x86, 0x24, 0x87, 0x27, 0x05, 0xfd, 0xe2, 0xff, 0xb3, 0xa3, 0x7b, 0x37, 0x59, 0xc5, 0x4e, 0x14, 0x94, 0xf9, 0x3b, 0xcb, 0x7c, 0xed, 0xca, 0x1d, 0xb2, 0xac, 0x05, 0x4a,
+ /* (2^345)P */ 0xf4, 0xd1, 0x81, 0xeb, 0x89, 0xbf, 0xfe, 0x1e, 0x41, 0x92, 0x29, 0xee, 0xe1, 0x43, 0xf5, 0x86, 0x1d, 0x2f, 0xbb, 0x1e, 0x84, 0x5d, 0x7b, 0x8d, 0xd5, 0xda, 0xee, 0x1e, 0x8a, 0xd0, 0x27, 0xf2, 0x60, 0x51, 0x59, 0x82, 0xf4, 0x84, 0x2b, 0x5b, 0x14, 0x2d, 0x81, 0x82, 0x3e, 0x2b, 0xb4, 0x6d, 0x51, 0x4f, 0xc5, 0xcb, 0xbf, 0x74, 0xe3, 0xb4,
+ /* (2^346)P */ 0x19, 0x2f, 0x22, 0xb3, 0x04, 0x5f, 0x81, 0xca, 0x05, 0x60, 0xb9, 0xaa, 0xee, 0x0e, 0x2f, 0x48, 0x38, 0xf9, 0x91, 0xb4, 0x66, 0xe4, 0x57, 0x28, 0x54, 0x10, 0xe9, 0x61, 0x9d, 0xd4, 0x90, 0x75, 0xb1, 0x39, 0x23, 0xb6, 0xfc, 0x82, 0xe0, 0xfa, 0xbb, 0x5c, 0x6e, 0xc3, 0x44, 0x13, 0x00, 0x83, 0x55, 0x9e, 0x8e, 0x10, 0x61, 0x81, 0x91, 0x04,
+ /* (2^347)P */ 0x5f, 0x2a, 0xd7, 0x81, 0xd9, 0x9c, 0xbb, 0x79, 0xbc, 0x62, 0x56, 0x98, 0x03, 0x5a, 0x18, 0x85, 0x2a, 0x9c, 0xd0, 0xfb, 0xd2, 0xb1, 0xaf, 0xef, 0x0d, 0x24, 0xc5, 0xfa, 0x39, 0xbb, 0x6b, 0xed, 0xa4, 0xdf, 0xe4, 0x87, 0xcd, 0x41, 0xd3, 0x72, 0x32, 0xc6, 0x28, 0x21, 0xb1, 0xba, 0x8b, 0xa3, 0x91, 0x79, 0x76, 0x22, 0x25, 0x10, 0x61, 0xd1,
+ /* (2^348)P */ 0x73, 0xb5, 0x32, 0x97, 0xdd, 0xeb, 0xdd, 0x22, 0x22, 0xf1, 0x33, 0x3c, 0x77, 0x56, 0x7d, 0x6b, 0x48, 0x2b, 0x05, 0x81, 0x03, 0x03, 0x91, 0x9a, 0xe3, 0x5e, 0xd4, 0xee, 0x3f, 0xf8, 0xbb, 0x50, 0x21, 0x32, 0x4c, 0x4a, 0x58, 0x49, 0xde, 0x0c, 0xde, 0x30, 0x82, 0x3d, 0x92, 0xf0, 0x6c, 0xcc, 0x32, 0x3e, 0xd2, 0x78, 0x8a, 0x6e, 0x2c, 0xd0,
+ /* (2^349)P */ 0xf0, 0xf7, 0xa1, 0x0b, 0xc1, 0x74, 0x85, 0xa8, 0xe9, 0xdd, 0x48, 0xa1, 0xc0, 0x16, 0xd8, 0x2b, 0x61, 0x08, 0xc2, 0x2b, 0x30, 0x26, 0x79, 0xce, 0x9e, 0xfd, 0x39, 0xd7, 0x81, 0xa4, 0x63, 0x8c, 0xd5, 0x74, 0xa0, 0x88, 0xfa, 0x03, 0x30, 0xe9, 0x7f, 0x2b, 0xc6, 0x02, 0xc9, 0x5e, 0xe4, 0xd5, 0x4d, 0x92, 0xd0, 0xf6, 0xf2, 0x5b, 0x79, 0x08,
+ /* (2^350)P */ 0x34, 0x89, 0x81, 0x43, 0xd1, 0x94, 0x2c, 0x10, 0x54, 0x9b, 0xa0, 0xe5, 0x44, 0xe8, 0xc2, 0x2f, 0x3e, 0x0e, 0x74, 0xae, 0xba, 0xe2, 0xac, 0x85, 0x6b, 0xd3, 0x5c, 0x97, 0xf7, 0x90, 0xf1, 0x12, 0xc0, 0x03, 0xc8, 0x1f, 0x37, 0x72, 0x8c, 0x9b, 0x9c, 0x17, 0x96, 0x9d, 0xc7, 0xbf, 0xa3, 0x3f, 0x44, 0x3d, 0x87, 0x81, 0xbd, 0x81, 0xa6, 0x5f,
+ /* (2^351)P */ 0xe4, 0xff, 0x78, 0x62, 0x82, 0x5b, 0x76, 0x58, 0xf5, 0x5b, 0xa6, 0xc4, 0x53, 0x11, 0x3b, 0x7b, 0xaa, 0x67, 0xf8, 0xea, 0x3b, 0x5d, 0x9a, 0x2e, 0x04, 0xeb, 0x4a, 0x24, 0xfb, 0x56, 0xf0, 0xa8, 0xd4, 0x14, 0xed, 0x0f, 0xfd, 0xc5, 0x26, 0x17, 0x2a, 0xf0, 0xb9, 0x13, 0x8c, 0xbd, 0x65, 0x14, 0x24, 0x95, 0x27, 0x12, 0x63, 0x2a, 0x09, 0x18,
+ /* (2^352)P */ 0xe1, 0x5c, 0xe7, 0xe0, 0x00, 0x6a, 0x96, 0xf2, 0x49, 0x6a, 0x39, 0xa5, 0xe0, 0x17, 0x79, 0x4a, 0x63, 0x07, 0x62, 0x09, 0x61, 0x1b, 0x6e, 0xa9, 0xb5, 0x62, 0xb7, 0xde, 0xdf, 0x80, 0x4c, 0x5a, 0x99, 0x73, 0x59, 0x9d, 0xfb, 0xb1, 0x5e, 0xbe, 0xb8, 0xb7, 0x63, 0x93, 0xe8, 0xad, 0x5e, 0x1f, 0xae, 0x59, 0x1c, 0xcd, 0xb4, 0xc2, 0xb3, 0x8a,
+ /* (2^353)P */ 0x78, 0x53, 0xa1, 0x4c, 0x70, 0x9c, 0x63, 0x7e, 0xb3, 0x12, 0x40, 0x5f, 0xbb, 0x23, 0xa7, 0xf7, 0x77, 0x96, 0x5b, 0x4d, 0x91, 0x10, 0x52, 0x85, 0x9e, 0xa5, 0x38, 0x0b, 0xfd, 0x25, 0x01, 0x4b, 0xfa, 0x4d, 0xd3, 0x3f, 0x78, 0x74, 0x42, 0xff, 0x62, 0x2d, 0x27, 0xdc, 0x9d, 0xd1, 0x29, 0x76, 0x2e, 0x78, 0xb3, 0x35, 0xfa, 0x15, 0xd5, 0x38,
+ /* (2^354)P */ 0x8b, 0xc7, 0x43, 0xce, 0xf0, 0x5e, 0xf1, 0x0d, 0x02, 0x38, 0xe8, 0x82, 0xc9, 0x25, 0xad, 0x2d, 0x27, 0xa4, 0x54, 0x18, 0xb2, 0x30, 0x73, 0xa4, 0x41, 0x08, 0xe4, 0x86, 0xe6, 0x8c, 0xe9, 0x2a, 0x34, 0xb3, 0xd6, 0x61, 0x8f, 0x66, 0x26, 0x08, 0xb6, 0x06, 0x33, 0xaa, 0x12, 0xac, 0x72, 0xec, 0x2e, 0x52, 0xa3, 0x25, 0x3e, 0xd7, 0x62, 0xe8,
+ /* (2^355)P */ 0xc4, 0xbb, 0x89, 0xc8, 0x40, 0xcc, 0x84, 0xec, 0x4a, 0xd9, 0xc4, 0x55, 0x78, 0x00, 0xcf, 0xd8, 0xe9, 0x24, 0x59, 0xdc, 0x5e, 0xf0, 0x66, 0xa1, 0x83, 0xae, 0x97, 0x18, 0xc5, 0x54, 0x27, 0xa2, 0x21, 0x52, 0x03, 0x31, 0x5b, 0x11, 0x67, 0xf6, 0x12, 0x00, 0x87, 0x2f, 0xff, 0x59, 0x70, 0x8f, 0x6d, 0x71, 0xab, 0xab, 0x24, 0xb8, 0xba, 0x35,
+ /* (2^356)P */ 0x69, 0x43, 0xa7, 0x14, 0x06, 0x96, 0xe9, 0xc2, 0xe3, 0x2b, 0x45, 0x22, 0xc0, 0xd0, 0x2f, 0x34, 0xd1, 0x01, 0x99, 0xfc, 0x99, 0x38, 0xa1, 0x25, 0x2e, 0x59, 0x6c, 0x27, 0xc9, 0xeb, 0x7b, 0xdc, 0x4e, 0x26, 0x68, 0xba, 0xfa, 0xec, 0x02, 0x05, 0x64, 0x80, 0x30, 0x20, 0x5c, 0x26, 0x7f, 0xaf, 0x95, 0x17, 0x3d, 0x5c, 0x9e, 0x96, 0x96, 0xaf,
+ /* (2^357)P */ 0xa6, 0xba, 0x21, 0x29, 0x32, 0xe2, 0x98, 0xde, 0x9b, 0x6d, 0x0b, 0x44, 0x91, 0xa8, 0x3e, 0xd4, 0xb8, 0x04, 0x6c, 0xf6, 0x04, 0x39, 0xbd, 0x52, 0x05, 0x15, 0x27, 0x78, 0x8e, 0x55, 0xac, 0x79, 0xc5, 0xe6, 0x00, 0x7f, 0x90, 0xa2, 0xdd, 0x07, 0x13, 0xe0, 0x24, 0x70, 0x5c, 0x0f, 0x4d, 0xa9, 0xf9, 0xae, 0xcb, 0x34, 0x10, 0x9d, 0x89, 0x9d,
+ /* (2^358)P */ 0x12, 0xe0, 0xb3, 0x9f, 0xc4, 0x96, 0x1d, 0xcf, 0xed, 0x99, 0x64, 0x28, 0x8d, 0xc7, 0x31, 0x82, 0xee, 0x5e, 0x75, 0x48, 0xff, 0x3a, 0xf2, 0x09, 0x34, 0x03, 0x93, 0x52, 0x19, 0xb2, 0xc5, 0x81, 0x93, 0x45, 0x5e, 0x59, 0x21, 0x2b, 0xec, 0x89, 0xba, 0x36, 0x6e, 0xf9, 0x82, 0x75, 0x7e, 0x82, 0x3f, 0xaa, 0xe2, 0xe3, 0x3b, 0x94, 0xfd, 0x98,
+ /* (2^359)P */ 0x7c, 0xdb, 0x75, 0x31, 0x61, 0xfb, 0x15, 0x28, 0x94, 0xd7, 0xc3, 0x5a, 0xa9, 0xa1, 0x0a, 0x66, 0x0f, 0x2b, 0x13, 0x3e, 0x42, 0xb5, 0x28, 0x3a, 0xca, 0x83, 0xf3, 0x61, 0x22, 0xf4, 0x40, 0xc5, 0xdf, 0xe7, 0x31, 0x9f, 0x7e, 0x51, 0x75, 0x06, 0x9d, 0x51, 0xc8, 0xe7, 0x9f, 0xc3, 0x71, 0x4f, 0x3d, 0x5b, 0xfb, 0xe9, 0x8e, 0x08, 0x40, 0x8e,
+ /* (2^360)P */ 0xf7, 0x31, 0xad, 0x50, 0x5d, 0x25, 0x93, 0x73, 0x68, 0xf6, 0x7c, 0x89, 0x5a, 0x3d, 0x9f, 0x9b, 0x05, 0x82, 0xe7, 0x70, 0x4b, 0x19, 0xaa, 0xcf, 0xff, 0xde, 0x50, 0x8f, 0x2f, 0x69, 0xd3, 0xf0, 0x99, 0x51, 0x6b, 0x9d, 0xb6, 0x56, 0x6f, 0xf8, 0x4c, 0x74, 0x8b, 0x4c, 0x91, 0xf9, 0xa9, 0xb1, 0x3e, 0x07, 0xdf, 0x0b, 0x27, 0x8a, 0xb1, 0xed,
+ /* (2^361)P */ 0xfb, 0x67, 0xd9, 0x48, 0xd2, 0xe4, 0x44, 0x9b, 0x43, 0x15, 0x8a, 0xeb, 0x00, 0x53, 0xad, 0x25, 0xc7, 0x7e, 0x19, 0x30, 0x87, 0xb7, 0xd5, 0x5f, 0x04, 0xf8, 0xaa, 0xdd, 0x57, 0xae, 0x34, 0x75, 0xe2, 0x84, 0x4b, 0x54, 0x60, 0x37, 0x95, 0xe4, 0xd3, 0xec, 0xac, 0xef, 0x47, 0x31, 0xa3, 0xc8, 0x31, 0x22, 0xdb, 0x26, 0xe7, 0x6a, 0xb5, 0xad,
+ /* (2^362)P */ 0x44, 0x09, 0x5c, 0x95, 0xe4, 0x72, 0x3c, 0x1a, 0xd1, 0xac, 0x42, 0x51, 0x99, 0x6f, 0xfa, 0x1f, 0xf2, 0x22, 0xbe, 0xff, 0x7b, 0x66, 0xf5, 0x6c, 0xb3, 0x66, 0xc7, 0x4d, 0x78, 0x31, 0x83, 0x80, 0xf5, 0x41, 0xe9, 0x7f, 0xbe, 0xf7, 0x23, 0x49, 0x6b, 0x84, 0x4e, 0x7e, 0x47, 0x07, 0x6e, 0x74, 0xdf, 0xe5, 0x9d, 0x9e, 0x56, 0x2a, 0xc0, 0xbc,
+ /* (2^363)P */ 0xac, 0x10, 0x80, 0x8c, 0x7c, 0xfa, 0x83, 0xdf, 0xb3, 0xd0, 0xc4, 0xbe, 0xfb, 0x9f, 0xac, 0xc9, 0xc3, 0x40, 0x95, 0x0b, 0x09, 0x23, 0xda, 0x63, 0x67, 0xcf, 0xe7, 0x9f, 0x7d, 0x7b, 0x6b, 0xe2, 0xe6, 0x6d, 0xdb, 0x87, 0x9e, 0xa6, 0xff, 0x6d, 0xab, 0xbd, 0xfb, 0x54, 0x84, 0x68, 0xcf, 0x89, 0xf1, 0xd0, 0xe2, 0x85, 0x61, 0xdc, 0x22, 0xd1,
+ /* (2^364)P */ 0xa8, 0x48, 0xfb, 0x8c, 0x6a, 0x63, 0x01, 0x72, 0x43, 0x43, 0xeb, 0x21, 0xa3, 0x00, 0x8a, 0xc0, 0x87, 0x51, 0x9e, 0x86, 0x75, 0x16, 0x79, 0xf9, 0x6b, 0x11, 0x80, 0x62, 0xc2, 0x9d, 0xb8, 0x8c, 0x30, 0x8e, 0x8d, 0x03, 0x52, 0x7e, 0x31, 0x59, 0x38, 0xf9, 0x25, 0xc7, 0x0f, 0xc7, 0xa8, 0x2b, 0x5c, 0x80, 0xfa, 0x90, 0xa2, 0x63, 0xca, 0xe7,
+ /* (2^365)P */ 0xf1, 0x5d, 0xb5, 0xd9, 0x20, 0x10, 0x7d, 0x0f, 0xc5, 0x50, 0x46, 0x07, 0xff, 0x02, 0x75, 0x2b, 0x4a, 0xf3, 0x39, 0x91, 0x72, 0xb7, 0xd5, 0xcc, 0x38, 0xb8, 0xe7, 0x36, 0x26, 0x5e, 0x11, 0x97, 0x25, 0xfb, 0x49, 0x68, 0xdc, 0xb4, 0x46, 0x87, 0x5c, 0xc2, 0x7f, 0xaa, 0x7d, 0x36, 0x23, 0xa6, 0xc6, 0x53, 0xec, 0xbc, 0x57, 0x47, 0xc1, 0x2b,
+ /* (2^366)P */ 0x25, 0x5d, 0x7d, 0x95, 0xda, 0x0b, 0x8f, 0x78, 0x1e, 0x19, 0x09, 0xfa, 0x67, 0xe0, 0xa0, 0x17, 0x24, 0x76, 0x6c, 0x30, 0x1f, 0x62, 0x3d, 0xbe, 0x45, 0x70, 0xcc, 0xb6, 0x1e, 0x68, 0x06, 0x25, 0x68, 0x16, 0x1a, 0x33, 0x3f, 0x90, 0xc7, 0x78, 0x2d, 0x98, 0x3c, 0x2f, 0xb9, 0x2d, 0x94, 0x0b, 0xfb, 0x49, 0x56, 0x30, 0xd7, 0xc1, 0xe6, 0x48,
+ /* (2^367)P */ 0x7a, 0xd1, 0xe0, 0x8e, 0x67, 0xfc, 0x0b, 0x50, 0x1f, 0x84, 0x98, 0xfa, 0xaf, 0xae, 0x2e, 0x31, 0x27, 0xcf, 0x3f, 0xf2, 0x6e, 0x8d, 0x81, 0x8f, 0xd2, 0x5f, 0xde, 0xd3, 0x5e, 0xe9, 0xe7, 0x13, 0x48, 0x83, 0x5a, 0x4e, 0x84, 0xd1, 0x58, 0xcf, 0x6b, 0x84, 0xdf, 0x13, 0x1d, 0x91, 0x85, 0xe8, 0xcb, 0x29, 0x79, 0xd2, 0xca, 0xac, 0x6a, 0x93,
+ /* (2^368)P */ 0x53, 0x82, 0xce, 0x61, 0x96, 0x88, 0x6f, 0xe1, 0x4a, 0x4c, 0x1e, 0x30, 0x73, 0xe8, 0x74, 0xde, 0x40, 0x2b, 0xe0, 0xc4, 0xb5, 0xd8, 0x7c, 0x15, 0xe7, 0xe1, 0xb1, 0xe0, 0xd6, 0x88, 0xb1, 0x6a, 0x57, 0x19, 0x6a, 0x22, 0x66, 0x57, 0xf6, 0x8d, 0xfd, 0xc0, 0xf2, 0xa3, 0x03, 0x56, 0xfb, 0x2e, 0x75, 0x5e, 0xc7, 0x8e, 0x22, 0x96, 0x5c, 0x06,
+ /* (2^369)P */ 0x98, 0x7e, 0xbf, 0x3e, 0xbf, 0x24, 0x9d, 0x15, 0xd3, 0xf6, 0xd3, 0xd2, 0xf0, 0x11, 0xf2, 0xdb, 0x36, 0x23, 0x38, 0xf7, 0x1d, 0x71, 0x20, 0xd2, 0x54, 0x7f, 0x1e, 0x24, 0x8f, 0xe2, 0xaa, 0xf7, 0x3f, 0x6b, 0x41, 0x4e, 0xdc, 0x0e, 0xec, 0xe8, 0x35, 0x0a, 0x08, 0x6d, 0x89, 0x5b, 0x32, 0x91, 0x01, 0xb6, 0xe0, 0x2c, 0xc6, 0xa1, 0xbe, 0xb4,
+ /* (2^370)P */ 0x29, 0xf2, 0x1e, 0x1c, 0xdc, 0x68, 0x8a, 0x43, 0x87, 0x2c, 0x48, 0xb3, 0x9e, 0xed, 0xd2, 0x82, 0x46, 0xac, 0x2f, 0xef, 0x93, 0x34, 0x37, 0xca, 0x64, 0x8d, 0xc9, 0x06, 0x90, 0xbb, 0x78, 0x0a, 0x3c, 0x4c, 0xcf, 0x35, 0x7a, 0x0f, 0xf7, 0xa7, 0xf4, 0x2f, 0x45, 0x69, 0x3f, 0xa9, 0x5d, 0xce, 0x7b, 0x8a, 0x84, 0xc3, 0xae, 0xf4, 0xda, 0xd5,
+ /* (2^371)P */ 0xca, 0xba, 0x95, 0x43, 0x05, 0x7b, 0x06, 0xd9, 0x5c, 0x0a, 0x18, 0x5f, 0x6a, 0x6a, 0xce, 0xc0, 0x3d, 0x95, 0x51, 0x0e, 0x1a, 0xbe, 0x85, 0x7a, 0xf2, 0x69, 0xec, 0xc0, 0x8c, 0xca, 0xa3, 0x32, 0x0a, 0x76, 0x50, 0xc6, 0x76, 0x61, 0x00, 0x89, 0xbf, 0x6e, 0x0f, 0x48, 0x90, 0x31, 0x93, 0xec, 0x34, 0x70, 0xf0, 0xc3, 0x8d, 0xf0, 0x0f, 0xb5,
+ /* (2^372)P */ 0xbe, 0x23, 0xe2, 0x18, 0x99, 0xf1, 0xed, 0x8a, 0xf6, 0xc9, 0xac, 0xb8, 0x1e, 0x9a, 0x3c, 0x15, 0xae, 0xd7, 0x6d, 0xb3, 0x04, 0xee, 0x5b, 0x0d, 0x1e, 0x79, 0xb7, 0xf9, 0xf9, 0x8d, 0xad, 0xf9, 0x8f, 0x5a, 0x6a, 0x7b, 0xd7, 0x9b, 0xca, 0x62, 0xfe, 0x9c, 0xc0, 0x6f, 0x6d, 0x9d, 0x76, 0xa3, 0x69, 0xb9, 0x4c, 0xa1, 0xc4, 0x0c, 0x76, 0xaa,
+ /* (2^373)P */ 0x1c, 0x06, 0xfe, 0x3f, 0x45, 0x70, 0xcd, 0x97, 0xa9, 0xa2, 0xb1, 0xd3, 0xf2, 0xa5, 0x0c, 0x49, 0x2c, 0x75, 0x73, 0x1f, 0xcf, 0x00, 0xaf, 0xd5, 0x2e, 0xde, 0x0d, 0x8f, 0x8f, 0x7c, 0xc4, 0x58, 0xce, 0xd4, 0xf6, 0x24, 0x19, 0x2e, 0xd8, 0xc5, 0x1d, 0x1a, 0x3f, 0xb8, 0x4f, 0xbc, 0x7d, 0xbd, 0x68, 0xe3, 0x81, 0x98, 0x1b, 0xa8, 0xc9, 0xd9,
+ /* (2^374)P */ 0x39, 0x95, 0x78, 0x24, 0x6c, 0x38, 0xe4, 0xe7, 0xd0, 0x8d, 0xb9, 0x38, 0x71, 0x5e, 0xc1, 0x62, 0x80, 0xcc, 0xcb, 0x8c, 0x97, 0xca, 0xf8, 0xb9, 0xd9, 0x9c, 0xce, 0x72, 0x7b, 0x70, 0xee, 0x5f, 0xea, 0xa2, 0xdf, 0xa9, 0x14, 0x10, 0xf9, 0x6e, 0x59, 0x9f, 0x9c, 0xe0, 0x0c, 0xb2, 0x07, 0x97, 0xcd, 0xd2, 0x89, 0x16, 0xfd, 0x9c, 0xa8, 0xa5,
+ /* (2^375)P */ 0x5a, 0x61, 0xf1, 0x59, 0x7c, 0x38, 0xda, 0xe2, 0x85, 0x99, 0x68, 0xe9, 0xc9, 0xf7, 0x32, 0x7e, 0xc4, 0xca, 0xb7, 0x11, 0x08, 0x69, 0x2b, 0x66, 0x02, 0xf7, 0x2e, 0x18, 0xc3, 0x8e, 0xe1, 0xf9, 0xc5, 0x19, 0x9a, 0x0a, 0x9c, 0x07, 0xba, 0xc7, 0x9c, 0x03, 0x34, 0x89, 0x99, 0x67, 0x0b, 0x16, 0x4b, 0x07, 0x36, 0x16, 0x36, 0x2c, 0xe2, 0xa1,
+ /* (2^376)P */ 0x70, 0x10, 0x91, 0x27, 0xa8, 0x24, 0x8e, 0x29, 0x04, 0x6f, 0x79, 0x1f, 0xd3, 0xa5, 0x68, 0xd3, 0x0b, 0x7d, 0x56, 0x4d, 0x14, 0x57, 0x7b, 0x2e, 0x00, 0x9f, 0x9a, 0xfd, 0x6c, 0x63, 0x18, 0x81, 0xdb, 0x9d, 0xb7, 0xd7, 0xa4, 0x1e, 0xe8, 0x40, 0xf1, 0x4c, 0xa3, 0x01, 0xd5, 0x4b, 0x75, 0xea, 0xdd, 0x97, 0xfd, 0x5b, 0xb2, 0x66, 0x6a, 0x24,
+ /* (2^377)P */ 0x72, 0x11, 0xfe, 0x73, 0x1b, 0xd3, 0xea, 0x7f, 0x93, 0x15, 0x15, 0x05, 0xfe, 0x40, 0xe8, 0x28, 0xd8, 0x50, 0x47, 0x66, 0xfa, 0xb7, 0xb5, 0x04, 0xba, 0x35, 0x1e, 0x32, 0x9f, 0x5f, 0x32, 0xba, 0x3d, 0xd1, 0xed, 0x9a, 0x76, 0xca, 0xa3, 0x3e, 0x77, 0xd8, 0xd8, 0x7c, 0x5f, 0x68, 0x42, 0xb5, 0x86, 0x7f, 0x3b, 0xc9, 0xc1, 0x89, 0x64, 0xda,
+ /* (2^378)P */ 0xd5, 0xd4, 0x17, 0x31, 0xfc, 0x6a, 0xfd, 0xb8, 0xe8, 0xe5, 0x3e, 0x39, 0x06, 0xe4, 0xd1, 0x90, 0x2a, 0xca, 0xf6, 0x54, 0x6c, 0x1b, 0x2f, 0x49, 0x97, 0xb1, 0x2a, 0x82, 0x43, 0x3d, 0x1f, 0x8b, 0xe2, 0x47, 0xc5, 0x24, 0xa8, 0xd5, 0x53, 0x29, 0x7d, 0xc6, 0x87, 0xa6, 0x25, 0x3a, 0x64, 0xdd, 0x71, 0x08, 0x9e, 0xcd, 0xe9, 0x45, 0xc7, 0xba,
+ /* (2^379)P */ 0x37, 0x72, 0x6d, 0x13, 0x7a, 0x8d, 0x04, 0x31, 0xe6, 0xe3, 0x9e, 0x36, 0x71, 0x3e, 0xc0, 0x1e, 0xe3, 0x71, 0xd3, 0x49, 0x4e, 0x4a, 0x36, 0x42, 0x68, 0x68, 0x61, 0xc7, 0x3c, 0xdb, 0x81, 0x49, 0xf7, 0x91, 0x4d, 0xea, 0x4c, 0x4f, 0x98, 0xc6, 0x7e, 0x60, 0x84, 0x4b, 0x6a, 0x37, 0xbb, 0x52, 0xf7, 0xce, 0x02, 0xe4, 0xad, 0xd1, 0x3c, 0xa7,
+ /* (2^380)P */ 0x51, 0x06, 0x2d, 0xf8, 0x08, 0xe8, 0xf1, 0x0c, 0xe5, 0xa9, 0xac, 0x29, 0x73, 0x3b, 0xed, 0x98, 0x5f, 0x55, 0x08, 0x38, 0x51, 0x44, 0x36, 0x5d, 0xea, 0xc3, 0xb8, 0x0e, 0xa0, 0x4f, 0xd2, 0x79, 0xe9, 0x98, 0xc3, 0xf5, 0x00, 0xb9, 0x26, 0x27, 0x42, 0xa8, 0x07, 0xc1, 0x12, 0x31, 0xc1, 0xc3, 0x3c, 0x3b, 0x7a, 0x72, 0x97, 0xc2, 0x70, 0x3a,
+ /* (2^381)P */ 0xf4, 0xb2, 0xba, 0x32, 0xbc, 0xa9, 0x2f, 0x87, 0xc7, 0x3c, 0x45, 0xcd, 0xae, 0xe2, 0x13, 0x6d, 0x3a, 0xf2, 0xf5, 0x66, 0x97, 0x29, 0xaf, 0x53, 0x9f, 0xda, 0xea, 0x14, 0xdf, 0x04, 0x98, 0x19, 0x95, 0x9e, 0x2a, 0x00, 0x5c, 0x9d, 0x1d, 0xf0, 0x39, 0x23, 0xff, 0xfc, 0xca, 0x36, 0xb7, 0xde, 0xdf, 0x37, 0x78, 0x52, 0x21, 0xfa, 0x19, 0x10,
+ /* (2^382)P */ 0x50, 0x20, 0x73, 0x74, 0x62, 0x21, 0xf2, 0xf7, 0x9b, 0x66, 0x85, 0x34, 0x74, 0xd4, 0x9d, 0x60, 0xd7, 0xbc, 0xc8, 0x46, 0x3b, 0xb8, 0x80, 0x42, 0x15, 0x0a, 0x6c, 0x35, 0x1a, 0x69, 0xf0, 0x1d, 0x4b, 0x29, 0x54, 0x5a, 0x9a, 0x48, 0xec, 0x9f, 0x37, 0x74, 0x91, 0xd0, 0xd1, 0x9e, 0x00, 0xc2, 0x76, 0x56, 0xd6, 0xa0, 0x15, 0x14, 0x83, 0x59,
+ /* (2^383)P */ 0xc2, 0xf8, 0x22, 0x20, 0x23, 0x07, 0xbd, 0x1d, 0x6f, 0x1e, 0x8c, 0x56, 0x06, 0x6a, 0x4b, 0x9f, 0xe2, 0xa9, 0x92, 0x46, 0x4b, 0x46, 0x59, 0xd7, 0xe1, 0xda, 0x14, 0x98, 0x07, 0x65, 0x7e, 0x28, 0x20, 0xf2, 0x9d, 0x4f, 0x36, 0x5c, 0x92, 0xe0, 0x9d, 0xfe, 0x3e, 0xda, 0xe4, 0x47, 0x19, 0x3c, 0x00, 0x7f, 0x22, 0xf2, 0x9e, 0x51, 0xae, 0x4d,
+ /* (2^384)P */ 0xbe, 0x8c, 0x1b, 0x10, 0xb6, 0xad, 0xcc, 0xcc, 0xd8, 0x5e, 0x21, 0xa6, 0xfb, 0xf1, 0xf6, 0xbd, 0x0a, 0x24, 0x67, 0xb4, 0x57, 0x7a, 0xbc, 0xe8, 0xe9, 0xff, 0xee, 0x0a, 0x1f, 0xee, 0xbd, 0xc8, 0x44, 0xed, 0x2b, 0xbb, 0x55, 0x1f, 0xdd, 0x7c, 0xb3, 0xeb, 0x3f, 0x63, 0xa1, 0x28, 0x91, 0x21, 0xab, 0x71, 0xc6, 0x4c, 0xd0, 0xe9, 0xb0, 0x21,
+ /* (2^385)P */ 0xad, 0xc9, 0x77, 0x2b, 0xee, 0x89, 0xa4, 0x7b, 0xfd, 0xf9, 0xf6, 0x14, 0xe4, 0xed, 0x1a, 0x16, 0x9b, 0x78, 0x41, 0x43, 0xa8, 0x83, 0x72, 0x06, 0x2e, 0x7c, 0xdf, 0xeb, 0x7e, 0xdd, 0xd7, 0x8b, 0xea, 0x9a, 0x2b, 0x03, 0xba, 0x57, 0xf3, 0xf1, 0xd9, 0xe5, 0x09, 0xc5, 0x98, 0x61, 0x1c, 0x51, 0x6d, 0x5d, 0x6e, 0xfb, 0x5e, 0x95, 0x9f, 0xb5,
+ /* (2^386)P */ 0x23, 0xe2, 0x1e, 0x95, 0xa3, 0x5e, 0x42, 0x10, 0xc7, 0xc3, 0x70, 0xbf, 0x4b, 0x6b, 0x83, 0x36, 0x93, 0xb7, 0x68, 0x47, 0x88, 0x3a, 0x10, 0x88, 0x48, 0x7f, 0x8c, 0xae, 0x54, 0x10, 0x02, 0xa4, 0x52, 0x8f, 0x8d, 0xf7, 0x26, 0x4f, 0x50, 0xc3, 0x6a, 0xe2, 0x4e, 0x3b, 0x4c, 0xb9, 0x8a, 0x14, 0x15, 0x6d, 0x21, 0x29, 0xb3, 0x6e, 0x4e, 0xd0,
+ /* (2^387)P */ 0x4c, 0x8a, 0x18, 0x3f, 0xb7, 0x20, 0xfd, 0x3e, 0x54, 0xca, 0x68, 0x3c, 0xea, 0x6f, 0xf4, 0x6b, 0xa2, 0xbd, 0x01, 0xbd, 0xfe, 0x08, 0xa8, 0xd8, 0xc2, 0x20, 0x36, 0x05, 0xcd, 0xe9, 0xf3, 0x9e, 0xfa, 0x85, 0x66, 0x8f, 0x4b, 0x1d, 0x8c, 0x64, 0x4f, 0xb8, 0xc6, 0x0f, 0x5b, 0x57, 0xd8, 0x24, 0x19, 0x5a, 0x14, 0x4b, 0x92, 0xd3, 0x96, 0xbc,
+ /* (2^388)P */ 0xa9, 0x3f, 0xc9, 0x6c, 0xca, 0x64, 0x1e, 0x6f, 0xdf, 0x65, 0x7f, 0x9a, 0x47, 0x6b, 0x8a, 0x60, 0x31, 0xa6, 0x06, 0xac, 0x69, 0x30, 0xe6, 0xea, 0x63, 0x42, 0x26, 0x5f, 0xdb, 0xd0, 0xf2, 0x8e, 0x34, 0x0a, 0x3a, 0xeb, 0xf3, 0x79, 0xc8, 0xb7, 0x60, 0x56, 0x5c, 0x37, 0x95, 0x71, 0xf8, 0x7f, 0x49, 0x3e, 0x9e, 0x01, 0x26, 0x1e, 0x80, 0x9f,
+ /* (2^389)P */ 0xf8, 0x16, 0x9a, 0xaa, 0xb0, 0x28, 0xb5, 0x8e, 0xd0, 0x60, 0xe5, 0x26, 0xa9, 0x47, 0xc4, 0x5c, 0xa9, 0x39, 0xfe, 0x0a, 0xd8, 0x07, 0x2b, 0xb3, 0xce, 0xf1, 0xea, 0x1a, 0xf4, 0x7b, 0x98, 0x31, 0x3d, 0x13, 0x29, 0x80, 0xe8, 0x0d, 0xcf, 0x56, 0x39, 0x86, 0x50, 0x0c, 0xb3, 0x18, 0xf4, 0xc5, 0xca, 0xf2, 0x6f, 0xcd, 0x8d, 0xd5, 0x02, 0xb0,
+ /* (2^390)P */ 0xbf, 0x39, 0x3f, 0xac, 0x6d, 0x1a, 0x6a, 0xe4, 0x42, 0x24, 0xd6, 0x41, 0x9d, 0xb9, 0x5b, 0x46, 0x73, 0x93, 0x76, 0xaa, 0xb7, 0x37, 0x36, 0xa6, 0x09, 0xe5, 0x04, 0x3b, 0x66, 0xc4, 0x29, 0x3e, 0x41, 0xc2, 0xcb, 0xe5, 0x17, 0xd7, 0x34, 0x67, 0x1d, 0x2c, 0x12, 0xec, 0x24, 0x7a, 0x40, 0xa2, 0x45, 0x41, 0xf0, 0x75, 0xed, 0x43, 0x30, 0xc9,
+ /* (2^391)P */ 0x80, 0xf6, 0x47, 0x5b, 0xad, 0x54, 0x02, 0xbc, 0xdd, 0xa4, 0xb2, 0xd7, 0x42, 0x95, 0xf2, 0x0d, 0x1b, 0xef, 0x37, 0xa7, 0xb4, 0x34, 0x04, 0x08, 0x71, 0x1b, 0xd3, 0xdf, 0xa1, 0xf0, 0x2b, 0xfa, 0xc0, 0x1f, 0xf3, 0x44, 0xb5, 0xc6, 0x47, 0x3d, 0x65, 0x67, 0x45, 0x4d, 0x2f, 0xde, 0x52, 0x73, 0xfc, 0x30, 0x01, 0x6b, 0xc1, 0x03, 0xd8, 0xd7,
+ /* (2^392)P */ 0x1c, 0x67, 0x55, 0x3e, 0x01, 0x17, 0x0f, 0x3e, 0xe5, 0x34, 0x58, 0xfc, 0xcb, 0x71, 0x24, 0x74, 0x5d, 0x36, 0x1e, 0x89, 0x2a, 0x63, 0xf8, 0xf8, 0x9f, 0x50, 0x9f, 0x32, 0x92, 0x29, 0xd8, 0x1a, 0xec, 0x76, 0x57, 0x6c, 0x67, 0x12, 0x6a, 0x6e, 0xef, 0x97, 0x1f, 0xc3, 0x77, 0x60, 0x3c, 0x22, 0xcb, 0xc7, 0x04, 0x1a, 0x89, 0x2d, 0x10, 0xa6,
+ /* (2^393)P */ 0x12, 0xf5, 0xa9, 0x26, 0x16, 0xd9, 0x3c, 0x65, 0x5d, 0x83, 0xab, 0xd1, 0x70, 0x6b, 0x1c, 0xdb, 0xe7, 0x86, 0x0d, 0xfb, 0xe7, 0xf8, 0x2a, 0x58, 0x6e, 0x7a, 0x66, 0x13, 0x53, 0x3a, 0x6f, 0x8d, 0x43, 0x5f, 0x14, 0x23, 0x14, 0xff, 0x3d, 0x52, 0x7f, 0xee, 0xbd, 0x7a, 0x34, 0x8b, 0x35, 0x24, 0xc3, 0x7a, 0xdb, 0xcf, 0x22, 0x74, 0x9a, 0x8f,
+ /* (2^394)P */ 0xdb, 0x20, 0xfc, 0xe5, 0x39, 0x4e, 0x7d, 0x78, 0xee, 0x0b, 0xbf, 0x1d, 0x80, 0xd4, 0x05, 0x4f, 0xb9, 0xd7, 0x4e, 0x94, 0x88, 0x9a, 0x50, 0x78, 0x1a, 0x70, 0x8c, 0xcc, 0x25, 0xb6, 0x61, 0x09, 0xdc, 0x7b, 0xea, 0x3f, 0x7f, 0xea, 0x2a, 0x0d, 0x47, 0x1c, 0x8e, 0xa6, 0x5b, 0xd2, 0xa3, 0x61, 0x93, 0x3c, 0x68, 0x9f, 0x8b, 0xea, 0xb0, 0xcb,
+ /* (2^395)P */ 0xff, 0x54, 0x02, 0x19, 0xae, 0x8b, 0x4c, 0x2c, 0x3a, 0xe0, 0xe4, 0xac, 0x87, 0xf7, 0x51, 0x45, 0x41, 0x43, 0xdc, 0xaa, 0xcd, 0xcb, 0xdc, 0x40, 0xe3, 0x44, 0x3b, 0x1d, 0x9e, 0x3d, 0xb9, 0x82, 0xcc, 0x7a, 0xc5, 0x12, 0xf8, 0x1e, 0xdd, 0xdb, 0x8d, 0xb0, 0x2a, 0xe8, 0xe6, 0x6c, 0x94, 0x3b, 0xb7, 0x2d, 0xba, 0x79, 0x3b, 0xb5, 0x86, 0xfb,
+ /* (2^396)P */ 0x82, 0x88, 0x13, 0xdd, 0x6c, 0xcd, 0x85, 0x2b, 0x90, 0x86, 0xb7, 0xac, 0x16, 0xa6, 0x6e, 0x6a, 0x94, 0xd8, 0x1e, 0x4e, 0x41, 0x0f, 0xce, 0x81, 0x6a, 0xa8, 0x26, 0x56, 0x43, 0x52, 0x52, 0xe6, 0xff, 0x88, 0xcf, 0x47, 0x05, 0x1d, 0xff, 0xf3, 0xa0, 0x10, 0xb2, 0x97, 0x87, 0xeb, 0x47, 0xbb, 0xfa, 0x1f, 0xe8, 0x4c, 0xce, 0xc4, 0xcd, 0x93,
+ /* (2^397)P */ 0xf4, 0x11, 0xf5, 0x8d, 0x89, 0x29, 0x79, 0xb3, 0x59, 0x0b, 0x29, 0x7d, 0x9c, 0x12, 0x4a, 0x65, 0x72, 0x3a, 0xf9, 0xec, 0x37, 0x18, 0x86, 0xef, 0x44, 0x07, 0x25, 0x74, 0x76, 0x53, 0xed, 0x51, 0x01, 0xc6, 0x28, 0xc5, 0xc3, 0x4a, 0x0f, 0x99, 0xec, 0xc8, 0x40, 0x5a, 0x83, 0x30, 0x79, 0xa2, 0x3e, 0x63, 0x09, 0x2d, 0x6f, 0x23, 0x54, 0x1c,
+ /* (2^398)P */ 0x5c, 0x6f, 0x3b, 0x1c, 0x30, 0x77, 0x7e, 0x87, 0x66, 0x83, 0x2e, 0x7e, 0x85, 0x50, 0xfd, 0xa0, 0x7a, 0xc2, 0xf5, 0x0f, 0xc1, 0x64, 0xe7, 0x0b, 0xbd, 0x59, 0xa7, 0xe7, 0x65, 0x53, 0xc3, 0xf5, 0x55, 0x5b, 0xe1, 0x82, 0x30, 0x5a, 0x61, 0xcd, 0xa0, 0x89, 0x32, 0xdb, 0x87, 0xfc, 0x21, 0x8a, 0xab, 0x6d, 0x82, 0xa8, 0x42, 0x81, 0x4f, 0xf2,
+ /* (2^399)P */ 0xb3, 0xeb, 0x88, 0x18, 0xf6, 0x56, 0x96, 0xbf, 0xba, 0x5d, 0x71, 0xa1, 0x5a, 0xd1, 0x04, 0x7b, 0xd5, 0x46, 0x01, 0x74, 0xfe, 0x15, 0x25, 0xb7, 0xff, 0x0c, 0x24, 0x47, 0xac, 0xfd, 0xab, 0x47, 0x32, 0xe1, 0x6a, 0x4e, 0xca, 0xcf, 0x7f, 0xdd, 0xf8, 0xd2, 0x4b, 0x3b, 0xf5, 0x17, 0xba, 0xba, 0x8b, 0xa1, 0xec, 0x28, 0x3f, 0x97, 0xab, 0x2a,
+ /* (2^400)P */ 0x51, 0x38, 0xc9, 0x5e, 0xc6, 0xb3, 0x64, 0xf2, 0x24, 0x4d, 0x04, 0x7d, 0xc8, 0x39, 0x0c, 0x4a, 0xc9, 0x73, 0x74, 0x1b, 0x5c, 0xb2, 0xc5, 0x41, 0x62, 0xa0, 0x4c, 0x6d, 0x8d, 0x91, 0x9a, 0x7b, 0x88, 0xab, 0x9c, 0x7e, 0x23, 0xdb, 0x6f, 0xb5, 0x72, 0xd6, 0x47, 0x40, 0xef, 0x22, 0x58, 0x62, 0x19, 0x6c, 0x38, 0xba, 0x5b, 0x00, 0x30, 0x9f,
+ /* (2^401)P */ 0x65, 0xbb, 0x3b, 0x9b, 0xe9, 0xae, 0xbf, 0xbe, 0xe4, 0x13, 0x95, 0xf3, 0xe3, 0x77, 0xcb, 0xe4, 0x9a, 0x22, 0xb5, 0x4a, 0x08, 0x9d, 0xb3, 0x9e, 0x27, 0xe0, 0x15, 0x6c, 0x9f, 0x7e, 0x9a, 0x5e, 0x15, 0x45, 0x25, 0x8d, 0x01, 0x0a, 0xd2, 0x2b, 0xbd, 0x48, 0x06, 0x0d, 0x18, 0x97, 0x4b, 0xdc, 0xbc, 0xf0, 0xcd, 0xb2, 0x52, 0x3c, 0xac, 0xf5,
+ /* (2^402)P */ 0x3e, 0xed, 0x47, 0x6b, 0x5c, 0xf6, 0x76, 0xd0, 0xe9, 0x15, 0xa3, 0xcb, 0x36, 0x00, 0x21, 0xa3, 0x79, 0x20, 0xa5, 0x3e, 0x88, 0x03, 0xcb, 0x7e, 0x63, 0xbb, 0xed, 0xa9, 0x13, 0x35, 0x16, 0xaf, 0x2e, 0xb4, 0x70, 0x14, 0x93, 0xfb, 0xc4, 0x9b, 0xd8, 0xb1, 0xbe, 0x43, 0xd1, 0x85, 0xb8, 0x97, 0xef, 0xea, 0x88, 0xa1, 0x25, 0x52, 0x62, 0x75,
+ /* (2^403)P */ 0x8e, 0x4f, 0xaa, 0x23, 0x62, 0x7e, 0x2b, 0x37, 0x89, 0x00, 0x11, 0x30, 0xc5, 0x33, 0x4a, 0x89, 0x8a, 0xe2, 0xfc, 0x5c, 0x6a, 0x75, 0xe5, 0xf7, 0x02, 0x4a, 0x9b, 0xf7, 0xb5, 0x6a, 0x85, 0x31, 0xd3, 0x5a, 0xcf, 0xc3, 0xf8, 0xde, 0x2f, 0xcf, 0xb5, 0x24, 0xf4, 0xe3, 0xa1, 0xad, 0x42, 0xae, 0x09, 0xb9, 0x2e, 0x04, 0x2d, 0x01, 0x22, 0x3f,
+ /* (2^404)P */ 0x41, 0x16, 0xfb, 0x7d, 0x50, 0xfd, 0xb5, 0xba, 0x88, 0x24, 0xba, 0xfd, 0x3d, 0xb2, 0x90, 0x15, 0xb7, 0xfa, 0xa2, 0xe1, 0x4c, 0x7d, 0xb9, 0xc6, 0xff, 0x81, 0x57, 0xb6, 0xc2, 0x9e, 0xcb, 0xc4, 0x35, 0xbd, 0x01, 0xb7, 0xaa, 0xce, 0xd0, 0xe9, 0xb5, 0xd6, 0x72, 0xbf, 0xd2, 0xee, 0xc7, 0xac, 0x94, 0xff, 0x29, 0x57, 0x02, 0x49, 0x09, 0xad,
+ /* (2^405)P */ 0x27, 0xa5, 0x78, 0x1b, 0xbf, 0x6b, 0xaf, 0x0b, 0x8c, 0xd9, 0xa8, 0x37, 0xb0, 0x67, 0x18, 0xb6, 0xc7, 0x05, 0x8a, 0x67, 0x03, 0x30, 0x62, 0x6e, 0x56, 0x82, 0xa9, 0x54, 0x3e, 0x0c, 0x4e, 0x07, 0xe1, 0x5a, 0x38, 0xed, 0xfa, 0xc8, 0x55, 0x6b, 0x08, 0xa3, 0x6b, 0x64, 0x2a, 0x15, 0xd6, 0x39, 0x6f, 0x47, 0x99, 0x42, 0x3f, 0x33, 0x84, 0x8f,
+ /* (2^406)P */ 0xbc, 0x45, 0x29, 0x81, 0x0e, 0xa4, 0xc5, 0x72, 0x3a, 0x10, 0xe1, 0xc4, 0x1e, 0xda, 0xc3, 0xfe, 0xb0, 0xce, 0xd2, 0x13, 0x34, 0x67, 0x21, 0xc6, 0x7e, 0xf9, 0x8c, 0xff, 0x39, 0x50, 0xae, 0x92, 0x60, 0x35, 0x2f, 0x8b, 0x6e, 0xc9, 0xc1, 0x27, 0x3a, 0x94, 0x66, 0x3e, 0x26, 0x84, 0x93, 0xc8, 0x6c, 0xcf, 0xd2, 0x03, 0xa1, 0x10, 0xcf, 0xb7,
+ /* (2^407)P */ 0x64, 0xda, 0x19, 0xf6, 0xc5, 0x73, 0x17, 0x44, 0x88, 0x81, 0x07, 0x0d, 0x34, 0xb2, 0x75, 0xf9, 0xd9, 0xe2, 0xe0, 0x8b, 0x71, 0xcf, 0x72, 0x34, 0x83, 0xb4, 0xce, 0xfc, 0xd7, 0x29, 0x09, 0x5a, 0x98, 0xbf, 0x14, 0xac, 0x77, 0x55, 0x38, 0x47, 0x5b, 0x0f, 0x40, 0x24, 0xe5, 0xa5, 0xa6, 0xac, 0x2d, 0xa6, 0xff, 0x9c, 0x73, 0xfe, 0x5c, 0x7e,
+ /* (2^408)P */ 0x1e, 0x33, 0xcc, 0x68, 0xb2, 0xbc, 0x8c, 0x93, 0xaf, 0xcc, 0x38, 0xf8, 0xd9, 0x16, 0x72, 0x50, 0xac, 0xd9, 0xb5, 0x0b, 0x9a, 0xbe, 0x46, 0x7a, 0xf1, 0xee, 0xf1, 0xad, 0xec, 0x5b, 0x59, 0x27, 0x9c, 0x05, 0xa3, 0x87, 0xe0, 0x37, 0x2c, 0x83, 0xce, 0xb3, 0x65, 0x09, 0x8e, 0xc3, 0x9c, 0xbf, 0x6a, 0xa2, 0x00, 0xcc, 0x12, 0x36, 0xc5, 0x95,
+ /* (2^409)P */ 0x36, 0x11, 0x02, 0x14, 0x9c, 0x3c, 0xeb, 0x2f, 0x23, 0x5b, 0x6b, 0x2b, 0x08, 0x54, 0x53, 0xac, 0xb2, 0xa3, 0xe0, 0x26, 0x62, 0x3c, 0xe4, 0xe1, 0x81, 0xee, 0x13, 0x3e, 0xa4, 0x97, 0xef, 0xf9, 0x92, 0x27, 0x01, 0xce, 0x54, 0x8b, 0x3e, 0x31, 0xbe, 0xa7, 0x88, 0xcf, 0x47, 0x99, 0x3c, 0x10, 0x6f, 0x60, 0xb3, 0x06, 0x4e, 0xee, 0x1b, 0xf0,
+ /* (2^410)P */ 0x59, 0x49, 0x66, 0xcf, 0x22, 0xe6, 0xf6, 0x73, 0xfe, 0xa3, 0x1c, 0x09, 0xfa, 0x5f, 0x65, 0xa8, 0xf0, 0x82, 0xc2, 0xef, 0x16, 0x63, 0x6e, 0x79, 0x69, 0x51, 0x39, 0x07, 0x65, 0xc4, 0x81, 0xec, 0x73, 0x0f, 0x15, 0x93, 0xe1, 0x30, 0x33, 0xe9, 0x37, 0x86, 0x42, 0x4c, 0x1f, 0x9b, 0xad, 0xee, 0x3f, 0xf1, 0x2a, 0x8e, 0x6a, 0xa3, 0xc8, 0x35,
+ /* (2^411)P */ 0x1e, 0x49, 0xf1, 0xdd, 0xd2, 0x9c, 0x8e, 0x78, 0xb2, 0x06, 0xe4, 0x6a, 0xab, 0x3a, 0xdc, 0xcd, 0xf4, 0xeb, 0xe1, 0xe7, 0x2f, 0xaa, 0xeb, 0x40, 0x31, 0x9f, 0xb9, 0xab, 0x13, 0xa9, 0x78, 0xbf, 0x38, 0x89, 0x0e, 0x85, 0x14, 0x8b, 0x46, 0x76, 0x14, 0xda, 0xcf, 0x33, 0xc8, 0x79, 0xd3, 0xd5, 0xa3, 0x6a, 0x69, 0x45, 0x70, 0x34, 0xc3, 0xe9,
+ /* (2^412)P */ 0x5e, 0xe7, 0x78, 0xe9, 0x24, 0xcc, 0xe9, 0xf4, 0xc8, 0x6b, 0xe0, 0xfb, 0x3a, 0xbe, 0xcc, 0x42, 0x4a, 0x00, 0x22, 0xf8, 0xe6, 0x32, 0xbe, 0x6d, 0x18, 0x55, 0x60, 0xe9, 0x72, 0x69, 0x50, 0x56, 0xca, 0x04, 0x18, 0x38, 0xa1, 0xee, 0xd8, 0x38, 0x3c, 0xa7, 0x70, 0xe2, 0xb9, 0x4c, 0xa0, 0xc8, 0x89, 0x72, 0xcf, 0x49, 0x7f, 0xdf, 0xbc, 0x67,
+ /* (2^413)P */ 0x1d, 0x17, 0xcb, 0x0b, 0xbd, 0xb2, 0x36, 0xe3, 0xa8, 0x99, 0x31, 0xb6, 0x26, 0x9c, 0x0c, 0x74, 0xaf, 0x4d, 0x24, 0x61, 0xcf, 0x31, 0x7b, 0xed, 0xdd, 0xc3, 0xf6, 0x32, 0x70, 0xfe, 0x17, 0xf6, 0x51, 0x37, 0x65, 0xce, 0x5d, 0xaf, 0xa5, 0x2f, 0x2a, 0xfe, 0x00, 0x71, 0x7c, 0x50, 0xbe, 0x21, 0xc7, 0xed, 0xc6, 0xfc, 0x67, 0xcf, 0x9c, 0xdd,
+ /* (2^414)P */ 0x26, 0x3e, 0xf8, 0xbb, 0xd0, 0xb1, 0x01, 0xd8, 0xeb, 0x0b, 0x62, 0x87, 0x35, 0x4c, 0xde, 0xca, 0x99, 0x9c, 0x6d, 0xf7, 0xb6, 0xf0, 0x57, 0x0a, 0x52, 0x29, 0x6a, 0x3f, 0x26, 0x31, 0x04, 0x07, 0x2a, 0xc9, 0xfa, 0x9b, 0x0e, 0x62, 0x8e, 0x72, 0xf2, 0xad, 0xce, 0xb6, 0x35, 0x7a, 0xc1, 0xae, 0x35, 0xc7, 0xa3, 0x14, 0xcf, 0x0c, 0x28, 0xb7,
+ /* (2^415)P */ 0xa6, 0xf1, 0x32, 0x3a, 0x20, 0xd2, 0x24, 0x97, 0xcf, 0x5d, 0x37, 0x99, 0xaf, 0x33, 0x7a, 0x5b, 0x7a, 0xcc, 0x4e, 0x41, 0x38, 0xb1, 0x4e, 0xad, 0xc9, 0xd9, 0x71, 0x7e, 0xb2, 0xf5, 0xd5, 0x01, 0x6c, 0x4d, 0xfd, 0xa1, 0xda, 0x03, 0x38, 0x9b, 0x3d, 0x92, 0x92, 0xf2, 0xca, 0xbf, 0x1f, 0x24, 0xa4, 0xbb, 0x30, 0x6a, 0x74, 0x56, 0xc8, 0xce,
+ /* (2^416)P */ 0x27, 0xf4, 0xed, 0xc9, 0xc3, 0xb1, 0x79, 0x85, 0xbe, 0xf6, 0xeb, 0xf3, 0x55, 0xc7, 0xaa, 0xa6, 0xe9, 0x07, 0x5d, 0xf4, 0xeb, 0xa6, 0x81, 0xe3, 0x0e, 0xcf, 0xa3, 0xc1, 0xef, 0xe7, 0x34, 0xb2, 0x03, 0x73, 0x8a, 0x91, 0xf1, 0xad, 0x05, 0xc7, 0x0b, 0x43, 0x99, 0x12, 0x31, 0xc8, 0xc7, 0xc5, 0xa4, 0x3d, 0xcd, 0xe5, 0x4e, 0x6d, 0x24, 0xdd,
+ /* (2^417)P */ 0x61, 0x54, 0xd0, 0x95, 0x2c, 0x45, 0x75, 0xac, 0xb5, 0x1a, 0x9d, 0x11, 0xeb, 0xed, 0x6b, 0x57, 0xa3, 0xe6, 0xcd, 0x77, 0xd4, 0x83, 0x8e, 0x39, 0xf1, 0x0f, 0x98, 0xcb, 0x40, 0x02, 0x6e, 0x10, 0x82, 0x9e, 0xb4, 0x93, 0x76, 0xd7, 0x97, 0xa3, 0x53, 0x12, 0x86, 0xc6, 0x15, 0x78, 0x73, 0x93, 0xe7, 0x7f, 0xcf, 0x1f, 0xbf, 0xcd, 0xd2, 0x7a,
+ /* (2^418)P */ 0xc2, 0x21, 0xdc, 0xd5, 0x69, 0xff, 0xca, 0x49, 0x3a, 0xe1, 0xc3, 0x69, 0x41, 0x56, 0xc1, 0x76, 0x63, 0x24, 0xbd, 0x64, 0x1b, 0x3d, 0x92, 0xf9, 0x13, 0x04, 0x25, 0xeb, 0x27, 0xa6, 0xef, 0x39, 0x3a, 0x80, 0xe0, 0xf8, 0x27, 0xee, 0xc9, 0x49, 0x77, 0xef, 0x3f, 0x29, 0x3d, 0x5e, 0xe6, 0x66, 0x83, 0xd1, 0xf6, 0xfe, 0x9d, 0xbc, 0xf1, 0x96,
+ /* (2^419)P */ 0x6b, 0xc6, 0x99, 0x26, 0x3c, 0xf3, 0x63, 0xf9, 0xc7, 0x29, 0x8c, 0x52, 0x62, 0x2d, 0xdc, 0x8a, 0x66, 0xce, 0x2c, 0xa7, 0xe4, 0xf0, 0xd7, 0x37, 0x17, 0x1e, 0xe4, 0xa3, 0x53, 0x7b, 0x29, 0x8e, 0x60, 0x99, 0xf9, 0x0c, 0x7c, 0x6f, 0xa2, 0xcc, 0x9f, 0x80, 0xdd, 0x5e, 0x46, 0xaa, 0x0d, 0x6c, 0xc9, 0x6c, 0xf7, 0x78, 0x5b, 0x38, 0xe3, 0x24,
+ /* (2^420)P */ 0x4b, 0x75, 0x6a, 0x2f, 0x08, 0xe1, 0x72, 0x76, 0xab, 0x82, 0x96, 0xdf, 0x3b, 0x1f, 0x9b, 0xd8, 0xed, 0xdb, 0xcd, 0x15, 0x09, 0x5a, 0x1e, 0xb7, 0xc5, 0x26, 0x72, 0x07, 0x0c, 0x50, 0xcd, 0x3b, 0x4d, 0x3f, 0xa2, 0x67, 0xc2, 0x02, 0x61, 0x2e, 0x68, 0xe9, 0x6f, 0xf0, 0x21, 0x2a, 0xa7, 0x3b, 0x88, 0x04, 0x11, 0x64, 0x49, 0x0d, 0xb4, 0x46,
+ /* (2^421)P */ 0x63, 0x85, 0xf3, 0xc5, 0x2b, 0x5a, 0x9f, 0xf0, 0x17, 0xcb, 0x45, 0x0a, 0xf3, 0x6e, 0x7e, 0xb0, 0x7c, 0xbc, 0xf0, 0x4f, 0x3a, 0xb0, 0xbc, 0x36, 0x36, 0x52, 0x51, 0xcb, 0xfe, 0x9a, 0xcb, 0xe8, 0x7e, 0x4b, 0x06, 0x7f, 0xaa, 0x35, 0xc8, 0x0e, 0x7a, 0x30, 0xa3, 0xb1, 0x09, 0xbb, 0x86, 0x4c, 0xbe, 0xb8, 0xbd, 0xe0, 0x32, 0xa5, 0xd4, 0xf7,
+ /* (2^422)P */ 0x7d, 0x50, 0x37, 0x68, 0x4e, 0x22, 0xb2, 0x2c, 0xd5, 0x0f, 0x2b, 0x6d, 0xb1, 0x51, 0xf2, 0x82, 0xe9, 0x98, 0x7c, 0x50, 0xc7, 0x96, 0x7e, 0x0e, 0xdc, 0xb1, 0x0e, 0xb2, 0x63, 0x8c, 0x30, 0x37, 0x72, 0x21, 0x9c, 0x61, 0xc2, 0xa7, 0x33, 0xd9, 0xb2, 0x63, 0x93, 0xd1, 0x6b, 0x6a, 0x73, 0xa5, 0x58, 0x80, 0xff, 0x04, 0xc7, 0x83, 0x21, 0x29,
+ /* (2^423)P */ 0x29, 0x04, 0xbc, 0x99, 0x39, 0xc9, 0x58, 0xc9, 0x6b, 0x17, 0xe8, 0x90, 0xb3, 0xe6, 0xa9, 0xb6, 0x28, 0x9b, 0xcb, 0x3b, 0x28, 0x90, 0x68, 0x71, 0xff, 0xcf, 0x08, 0x78, 0xc9, 0x8d, 0xa8, 0x4e, 0x43, 0xd1, 0x1c, 0x9e, 0xa4, 0xe3, 0xdf, 0xbf, 0x92, 0xf4, 0xf9, 0x41, 0xba, 0x4d, 0x1c, 0xf9, 0xdd, 0x74, 0x76, 0x1c, 0x6e, 0x3e, 0x94, 0x87,
+ /* (2^424)P */ 0xe4, 0xda, 0xc5, 0xd7, 0xfb, 0x87, 0xc5, 0x4d, 0x6b, 0x19, 0xaa, 0xb9, 0xbc, 0x8c, 0xf2, 0x8a, 0xd8, 0x5d, 0xdb, 0x4d, 0xef, 0xa6, 0xf2, 0x65, 0xf1, 0x22, 0x9c, 0xf1, 0x46, 0x30, 0x71, 0x7c, 0xe4, 0x53, 0x8e, 0x55, 0x2e, 0x9c, 0x9a, 0x31, 0x2a, 0xc3, 0xab, 0x0f, 0xde, 0xe4, 0xbe, 0xd8, 0x96, 0x50, 0x6e, 0x0c, 0x54, 0x49, 0xe6, 0xec,
+ /* (2^425)P */ 0x3c, 0x1d, 0x5a, 0xa5, 0xda, 0xad, 0xdd, 0xc2, 0xae, 0xac, 0x6f, 0x86, 0x75, 0x31, 0x91, 0x64, 0x45, 0x9d, 0xa4, 0xf0, 0x81, 0xf1, 0x0e, 0xba, 0x74, 0xaf, 0x7b, 0xcd, 0x6f, 0xfe, 0xac, 0x4e, 0xdb, 0x4e, 0x45, 0x35, 0x36, 0xc5, 0xc0, 0x6c, 0x3d, 0x64, 0xf4, 0xd8, 0x07, 0x62, 0xd1, 0xec, 0xf3, 0xfc, 0x93, 0xc9, 0x28, 0x0c, 0x2c, 0xf3,
+ /* (2^426)P */ 0x0c, 0x69, 0x2b, 0x5c, 0xb6, 0x41, 0x69, 0xf1, 0xa4, 0xf1, 0x5b, 0x75, 0x4c, 0x42, 0x8b, 0x47, 0xeb, 0x69, 0xfb, 0xa8, 0xe6, 0xf9, 0x7b, 0x48, 0x50, 0xaf, 0xd3, 0xda, 0xb2, 0x35, 0x10, 0xb5, 0x5b, 0x40, 0x90, 0x39, 0xc9, 0x07, 0x06, 0x73, 0x26, 0x20, 0x95, 0x01, 0xa4, 0x2d, 0xf0, 0xe7, 0x2e, 0x00, 0x7d, 0x41, 0x09, 0x68, 0x13, 0xc4,
+ /* (2^427)P */ 0xbe, 0x38, 0x78, 0xcf, 0xc9, 0x4f, 0x36, 0xca, 0x09, 0x61, 0x31, 0x3c, 0x57, 0x2e, 0xec, 0x17, 0xa4, 0x7d, 0x19, 0x2b, 0x9b, 0x5b, 0xbe, 0x8f, 0xd6, 0xc5, 0x2f, 0x86, 0xf2, 0x64, 0x76, 0x17, 0x00, 0x6e, 0x1a, 0x8c, 0x67, 0x1b, 0x68, 0xeb, 0x15, 0xa2, 0xd6, 0x09, 0x91, 0xdd, 0x23, 0x0d, 0x98, 0xb2, 0x10, 0x19, 0x55, 0x9b, 0x63, 0xf2,
+ /* (2^428)P */ 0x51, 0x1f, 0x93, 0xea, 0x2a, 0x3a, 0xfa, 0x41, 0xc0, 0x57, 0xfb, 0x74, 0xa6, 0x65, 0x09, 0x56, 0x14, 0xb6, 0x12, 0xaa, 0xb3, 0x1a, 0x8d, 0x3b, 0x76, 0x91, 0x7a, 0x23, 0x56, 0x9c, 0x6a, 0xc0, 0xe0, 0x3c, 0x3f, 0xb5, 0x1a, 0xf4, 0x57, 0x71, 0x93, 0x2b, 0xb1, 0xa7, 0x70, 0x57, 0x22, 0x80, 0xf5, 0xb8, 0x07, 0x77, 0x87, 0x0c, 0xbe, 0x83,
+ /* (2^429)P */ 0x07, 0x9b, 0x0e, 0x52, 0x38, 0x63, 0x13, 0x86, 0x6a, 0xa6, 0xb4, 0xd2, 0x60, 0x68, 0x9a, 0x99, 0x82, 0x0a, 0x04, 0x5f, 0x89, 0x7a, 0x1a, 0x2a, 0xae, 0x2d, 0x35, 0x0c, 0x1e, 0xad, 0xef, 0x4f, 0x9a, 0xfc, 0xc8, 0xd9, 0xcf, 0x9d, 0x48, 0x71, 0xa5, 0x55, 0x79, 0x73, 0x39, 0x1b, 0xd8, 0x73, 0xec, 0x9b, 0x03, 0x16, 0xd8, 0x82, 0xf7, 0x67,
+ /* (2^430)P */ 0x52, 0x67, 0x42, 0x21, 0xc9, 0x40, 0x78, 0x82, 0x2b, 0x95, 0x2d, 0x20, 0x92, 0xd1, 0xe2, 0x61, 0x25, 0xb0, 0xc6, 0x9c, 0x20, 0x59, 0x8e, 0x28, 0x6f, 0xf3, 0xfd, 0xd3, 0xc1, 0x32, 0x43, 0xc9, 0xa6, 0x08, 0x7a, 0x77, 0x9c, 0x4c, 0x8c, 0x33, 0x71, 0x13, 0x69, 0xe3, 0x52, 0x30, 0xa7, 0xf5, 0x07, 0x67, 0xac, 0xad, 0x46, 0x8a, 0x26, 0x25,
+ /* (2^431)P */ 0xda, 0x86, 0xc4, 0xa2, 0x71, 0x56, 0xdd, 0xd2, 0x48, 0xd3, 0xde, 0x42, 0x63, 0x01, 0xa7, 0x2c, 0x92, 0x83, 0x6f, 0x2e, 0xd8, 0x1e, 0x3f, 0xc1, 0xc5, 0x42, 0x4e, 0x34, 0x19, 0x54, 0x6e, 0x35, 0x2c, 0x51, 0x2e, 0xfd, 0x0f, 0x9a, 0x45, 0x66, 0x5e, 0x4a, 0x83, 0xda, 0x0a, 0x53, 0x68, 0x63, 0xfa, 0xce, 0x47, 0x20, 0xd3, 0x34, 0xba, 0x0d,
+ /* (2^432)P */ 0xd0, 0xe9, 0x64, 0xa4, 0x61, 0x4b, 0x86, 0xe5, 0x93, 0x6f, 0xda, 0x0e, 0x31, 0x7e, 0x6e, 0xe3, 0xc6, 0x73, 0xd8, 0xa3, 0x08, 0x57, 0x52, 0xcd, 0x51, 0x63, 0x1d, 0x9f, 0x93, 0x00, 0x62, 0x91, 0x26, 0x21, 0xa7, 0xdd, 0x25, 0x0f, 0x09, 0x0d, 0x35, 0xad, 0xcf, 0x11, 0x8e, 0x6e, 0xe8, 0xae, 0x1d, 0x95, 0xcb, 0x88, 0xf8, 0x70, 0x7b, 0x91,
+ /* (2^433)P */ 0x0c, 0x19, 0x5c, 0xd9, 0x8d, 0xda, 0x9d, 0x2c, 0x90, 0x54, 0x65, 0xe8, 0xb6, 0x35, 0x50, 0xae, 0xea, 0xae, 0x43, 0xb7, 0x1e, 0x99, 0x8b, 0x4c, 0x36, 0x4e, 0xe4, 0x1e, 0xc4, 0x64, 0x43, 0xb6, 0xeb, 0xd4, 0xe9, 0x60, 0x22, 0xee, 0xcf, 0xb8, 0x52, 0x1b, 0xf0, 0x04, 0xce, 0xbc, 0x2b, 0xf0, 0xbe, 0xcd, 0x44, 0x74, 0x1e, 0x1f, 0x63, 0xf9,
+ /* (2^434)P */ 0xe1, 0x3f, 0x95, 0x94, 0xb2, 0xb6, 0x31, 0xa9, 0x1b, 0xdb, 0xfd, 0x0e, 0xdb, 0xdd, 0x1a, 0x22, 0x78, 0x60, 0x9f, 0x75, 0x5f, 0x93, 0x06, 0x0c, 0xd8, 0xbb, 0xa2, 0x85, 0x2b, 0x5e, 0xc0, 0x9b, 0xa8, 0x5d, 0xaf, 0x93, 0x91, 0x91, 0x47, 0x41, 0x1a, 0xfc, 0xb4, 0x51, 0x85, 0xad, 0x69, 0x4d, 0x73, 0x69, 0xd5, 0x4e, 0x82, 0xfb, 0x66, 0xcb,
+ /* (2^435)P */ 0x7c, 0xbe, 0xc7, 0x51, 0xc4, 0x74, 0x6e, 0xab, 0xfd, 0x41, 0x4f, 0x76, 0x4f, 0x24, 0x03, 0xd6, 0x2a, 0xb7, 0x42, 0xb4, 0xda, 0x41, 0x2c, 0x82, 0x48, 0x4c, 0x7f, 0x6f, 0x25, 0x5d, 0x36, 0xd4, 0x69, 0xf5, 0xef, 0x02, 0x81, 0xea, 0x6f, 0x19, 0x69, 0xe8, 0x6f, 0x5b, 0x2f, 0x14, 0x0e, 0x6f, 0x89, 0xb4, 0xb5, 0xd8, 0xae, 0xef, 0x7b, 0x87,
+ /* (2^436)P */ 0xe9, 0x91, 0xa0, 0x8b, 0xc9, 0xe0, 0x01, 0x90, 0x37, 0xc1, 0x6f, 0xdc, 0x5e, 0xf7, 0xbf, 0x43, 0x00, 0xaa, 0x10, 0x76, 0x76, 0x18, 0x6e, 0x19, 0x1e, 0x94, 0x50, 0x11, 0x0a, 0xd1, 0xe2, 0xdb, 0x08, 0x21, 0xa0, 0x1f, 0xdb, 0x54, 0xfe, 0xea, 0x6e, 0xa3, 0x68, 0x56, 0x87, 0x0b, 0x22, 0x4e, 0x66, 0xf3, 0x82, 0x82, 0x00, 0xcd, 0xd4, 0x12,
+ /* (2^437)P */ 0x25, 0x8e, 0x24, 0x77, 0x64, 0x4c, 0xe0, 0xf8, 0x18, 0xc0, 0xdc, 0xc7, 0x1b, 0x35, 0x65, 0xde, 0x67, 0x41, 0x5e, 0x6f, 0x90, 0x82, 0xa7, 0x2e, 0x6d, 0xf1, 0x47, 0xb4, 0x92, 0x9c, 0xfd, 0x6a, 0x9a, 0x41, 0x36, 0x20, 0x24, 0x58, 0xc3, 0x59, 0x07, 0x9a, 0xfa, 0x9f, 0x03, 0xcb, 0xc7, 0x69, 0x37, 0x60, 0xe1, 0xab, 0x13, 0x72, 0xee, 0xa2,
+ /* (2^438)P */ 0x74, 0x78, 0xfb, 0x13, 0xcb, 0x8e, 0x37, 0x1a, 0xf6, 0x1d, 0x17, 0x83, 0x06, 0xd4, 0x27, 0x06, 0x21, 0xe8, 0xda, 0xdf, 0x6b, 0xf3, 0x83, 0x6b, 0x34, 0x8a, 0x8c, 0xee, 0x01, 0x05, 0x5b, 0xed, 0xd3, 0x1b, 0xc9, 0x64, 0x83, 0xc9, 0x49, 0xc2, 0x57, 0x1b, 0xdd, 0xcf, 0xf1, 0x9d, 0x63, 0xee, 0x1c, 0x0d, 0xa0, 0x0a, 0x73, 0x1f, 0x5b, 0x32,
+ /* (2^439)P */ 0x29, 0xce, 0x1e, 0xc0, 0x6a, 0xf5, 0xeb, 0x99, 0x5a, 0x39, 0x23, 0xe9, 0xdd, 0xac, 0x44, 0x88, 0xbc, 0x80, 0x22, 0xde, 0x2c, 0xcb, 0xa8, 0x3b, 0xff, 0xf7, 0x6f, 0xc7, 0x71, 0x72, 0xa8, 0xa3, 0xf6, 0x4d, 0xc6, 0x75, 0xda, 0x80, 0xdc, 0xd9, 0x30, 0xd9, 0x07, 0x50, 0x5a, 0x54, 0x7d, 0xda, 0x39, 0x6f, 0x78, 0x94, 0xbf, 0x25, 0x98, 0xdc,
+ /* (2^440)P */ 0x01, 0x26, 0x62, 0x44, 0xfb, 0x0f, 0x11, 0x72, 0x73, 0x0a, 0x16, 0xc7, 0x16, 0x9c, 0x9b, 0x37, 0xd8, 0xff, 0x4f, 0xfe, 0x57, 0xdb, 0xae, 0xef, 0x7d, 0x94, 0x30, 0x04, 0x70, 0x83, 0xde, 0x3c, 0xd4, 0xb5, 0x70, 0xda, 0xa7, 0x55, 0xc8, 0x19, 0xe1, 0x36, 0x15, 0x61, 0xe7, 0x3b, 0x7d, 0x85, 0xbb, 0xf3, 0x42, 0x5a, 0x94, 0xf4, 0x53, 0x2a,
+ /* (2^441)P */ 0x14, 0x60, 0xa6, 0x0b, 0x83, 0xe1, 0x23, 0x77, 0xc0, 0xce, 0x50, 0xed, 0x35, 0x8d, 0x98, 0x99, 0x7d, 0xf5, 0x8d, 0xce, 0x94, 0x25, 0xc8, 0x0f, 0x6d, 0xfa, 0x4a, 0xa4, 0x3a, 0x1f, 0x66, 0xfb, 0x5a, 0x64, 0xaf, 0x8b, 0x54, 0x54, 0x44, 0x3f, 0x5b, 0x88, 0x61, 0xe4, 0x48, 0x45, 0x26, 0x20, 0xbe, 0x0d, 0x06, 0xbb, 0x65, 0x59, 0xe1, 0x36,
+ /* (2^442)P */ 0xb7, 0x98, 0xce, 0xa3, 0xe3, 0xee, 0x11, 0x1b, 0x9e, 0x24, 0x59, 0x75, 0x31, 0x37, 0x44, 0x6f, 0x6b, 0x9e, 0xec, 0xb7, 0x44, 0x01, 0x7e, 0xab, 0xbb, 0x69, 0x5d, 0x11, 0xb0, 0x30, 0x64, 0xea, 0x91, 0xb4, 0x7a, 0x8c, 0x02, 0x4c, 0xb9, 0x10, 0xa7, 0xc7, 0x79, 0xe6, 0xdc, 0x77, 0xe3, 0xc8, 0xef, 0x3e, 0xf9, 0x38, 0x81, 0xce, 0x9a, 0xb2,
+ /* (2^443)P */ 0x91, 0x12, 0x76, 0xd0, 0x10, 0xb4, 0xaf, 0xe1, 0x89, 0x3a, 0x93, 0x6b, 0x5c, 0x19, 0x5f, 0x24, 0xed, 0x04, 0x92, 0xc7, 0xf0, 0x00, 0x08, 0xc1, 0x92, 0xff, 0x90, 0xdb, 0xb2, 0xbf, 0xdf, 0x49, 0xcd, 0xbd, 0x5c, 0x6e, 0xbf, 0x16, 0xbb, 0x61, 0xf9, 0x20, 0x33, 0x35, 0x93, 0x11, 0xbc, 0x59, 0x69, 0xce, 0x18, 0x9f, 0xf8, 0x7b, 0xa1, 0x6e,
+ /* (2^444)P */ 0xa1, 0xf4, 0xaf, 0xad, 0xf8, 0xe6, 0x99, 0xd2, 0xa1, 0x4d, 0xde, 0x56, 0xc9, 0x7b, 0x0b, 0x11, 0x3e, 0xbf, 0x89, 0x1a, 0x9a, 0x90, 0xe5, 0xe2, 0xa6, 0x37, 0x88, 0xa1, 0x68, 0x59, 0xae, 0x8c, 0xec, 0x02, 0x14, 0x8d, 0xb7, 0x2e, 0x25, 0x75, 0x7f, 0x76, 0x1a, 0xd3, 0x4d, 0xad, 0x8a, 0x00, 0x6c, 0x96, 0x49, 0xa4, 0xc3, 0x2e, 0x5c, 0x7b,
+ /* (2^445)P */ 0x26, 0x53, 0xf7, 0xda, 0xa8, 0x01, 0x14, 0xb1, 0x63, 0xe3, 0xc3, 0x89, 0x88, 0xb0, 0x85, 0x40, 0x2b, 0x26, 0x9a, 0x10, 0x1a, 0x70, 0x33, 0xf4, 0x50, 0x9d, 0x4d, 0xd8, 0x64, 0xc6, 0x0f, 0xe1, 0x17, 0xc8, 0x10, 0x4b, 0xfc, 0xa0, 0xc9, 0xba, 0x2c, 0x98, 0x09, 0xf5, 0x84, 0xb6, 0x7c, 0x4e, 0xa3, 0xe3, 0x81, 0x1b, 0x32, 0x60, 0x02, 0xdd,
+ /* (2^446)P */ 0xa3, 0xe5, 0x86, 0xd4, 0x43, 0xa8, 0xd1, 0x98, 0x9d, 0x9d, 0xdb, 0x04, 0xcf, 0x6e, 0x35, 0x05, 0x30, 0x53, 0x3b, 0xbc, 0x90, 0x00, 0x4a, 0xc5, 0x40, 0x2a, 0x0f, 0xde, 0x1a, 0xd7, 0x36, 0x27, 0x44, 0x62, 0xa6, 0xac, 0x9d, 0xd2, 0x70, 0x69, 0x14, 0x39, 0x9b, 0xd1, 0xc3, 0x0a, 0x3a, 0x82, 0x0e, 0xf1, 0x94, 0xd7, 0x42, 0x94, 0xd5, 0x7d,
+ /* (2^447)P */ 0x04, 0xc0, 0x6e, 0x12, 0x90, 0x70, 0xf9, 0xdf, 0xf7, 0xc9, 0x86, 0xc0, 0xe6, 0x92, 0x8b, 0x0a, 0xa1, 0xc1, 0x3b, 0xcc, 0x33, 0xb7, 0xf0, 0xeb, 0x51, 0x50, 0x80, 0x20, 0x69, 0x1c, 0x4f, 0x89, 0x05, 0x1e, 0xe4, 0x7a, 0x0a, 0xc2, 0xf0, 0xf5, 0x78, 0x91, 0x76, 0x34, 0x45, 0xdc, 0x24, 0x53, 0x24, 0x98, 0xe2, 0x73, 0x6f, 0xe6, 0x46, 0x67,
+}
diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/constants.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/constants.go
new file mode 100644
index 0000000000000000000000000000000000000000..b6b236e5d3d56d5fa5e91c1b2ddbed37da940a74
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/ecc/goldilocks/constants.go
@@ -0,0 +1,71 @@
+package goldilocks
+
+import fp "github.com/cloudflare/circl/math/fp448"
+
+var (
+ // genX is the x-coordinate of the generator of Goldilocks curve.
+ genX = fp.Elt{
+ 0x5e, 0xc0, 0x0c, 0xc7, 0x2b, 0xa8, 0x26, 0x26,
+ 0x8e, 0x93, 0x00, 0x8b, 0xe1, 0x80, 0x3b, 0x43,
+ 0x11, 0x65, 0xb6, 0x2a, 0xf7, 0x1a, 0xae, 0x12,
+ 0x64, 0xa4, 0xd3, 0xa3, 0x24, 0xe3, 0x6d, 0xea,
+ 0x67, 0x17, 0x0f, 0x47, 0x70, 0x65, 0x14, 0x9e,
+ 0xda, 0x36, 0xbf, 0x22, 0xa6, 0x15, 0x1d, 0x22,
+ 0xed, 0x0d, 0xed, 0x6b, 0xc6, 0x70, 0x19, 0x4f,
+ }
+ // genY is the y-coordinate of the generator of Goldilocks curve.
+ genY = fp.Elt{
+ 0x14, 0xfa, 0x30, 0xf2, 0x5b, 0x79, 0x08, 0x98,
+ 0xad, 0xc8, 0xd7, 0x4e, 0x2c, 0x13, 0xbd, 0xfd,
+ 0xc4, 0x39, 0x7c, 0xe6, 0x1c, 0xff, 0xd3, 0x3a,
+ 0xd7, 0xc2, 0xa0, 0x05, 0x1e, 0x9c, 0x78, 0x87,
+ 0x40, 0x98, 0xa3, 0x6c, 0x73, 0x73, 0xea, 0x4b,
+ 0x62, 0xc7, 0xc9, 0x56, 0x37, 0x20, 0x76, 0x88,
+ 0x24, 0xbc, 0xb6, 0x6e, 0x71, 0x46, 0x3f, 0x69,
+ }
+ // paramD is -39081 in Fp.
+ paramD = fp.Elt{
+ 0x56, 0x67, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ }
+ // order is 2^446-0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d,
+ // which is the number of points in the prime subgroup.
+ order = Scalar{
+ 0xf3, 0x44, 0x58, 0xab, 0x92, 0xc2, 0x78, 0x23,
+ 0x55, 0x8f, 0xc5, 0x8d, 0x72, 0xc2, 0x6c, 0x21,
+ 0x90, 0x36, 0xd6, 0xae, 0x49, 0xdb, 0x4e, 0xc4,
+ 0xe9, 0x23, 0xca, 0x7c, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f,
+ }
+ // residue448 is 2^448 mod order.
+ residue448 = [4]uint64{
+ 0x721cf5b5529eec34, 0x7a4cf635c8e9c2ab, 0xeec492d944a725bf, 0x20cd77058,
+ }
+ // invFour is 1/4 mod order.
+ invFour = Scalar{
+ 0x3d, 0x11, 0xd6, 0xaa, 0xa4, 0x30, 0xde, 0x48,
+ 0xd5, 0x63, 0x71, 0xa3, 0x9c, 0x30, 0x5b, 0x08,
+ 0xa4, 0x8d, 0xb5, 0x6b, 0xd2, 0xb6, 0x13, 0x71,
+ 0xfa, 0x88, 0x32, 0xdf, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0f,
+ }
+ // paramDTwist is -39082 in Fp. The D parameter of the twist curve.
+ paramDTwist = fp.Elt{
+ 0x55, 0x67, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ }
+)
diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go
new file mode 100644
index 0000000000000000000000000000000000000000..5a939100d2ca8f994fe0f4ac8ec836ad8874bd0e
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/ecc/goldilocks/curve.go
@@ -0,0 +1,80 @@
+// Package goldilocks provides elliptic curve operations over the goldilocks curve.
+package goldilocks
+
+import fp "github.com/cloudflare/circl/math/fp448"
+
+// Curve is the Goldilocks curve x^2+y^2=z^2-39081x^2y^2.
+type Curve struct{}
+
+// Identity returns the identity point.
+func (Curve) Identity() *Point {
+ return &Point{
+ y: fp.One(),
+ z: fp.One(),
+ }
+}
+
+// IsOnCurve returns true if the point lies on the curve.
+func (Curve) IsOnCurve(P *Point) bool {
+ x2, y2, t, t2, z2 := &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}
+ rhs, lhs := &fp.Elt{}, &fp.Elt{}
+ fp.Mul(t, &P.ta, &P.tb) // t = ta*tb
+ fp.Sqr(x2, &P.x) // x^2
+ fp.Sqr(y2, &P.y) // y^2
+ fp.Sqr(z2, &P.z) // z^2
+ fp.Sqr(t2, t) // t^2
+ fp.Add(lhs, x2, y2) // x^2 + y^2
+ fp.Mul(rhs, t2, ¶mD) // dt^2
+ fp.Add(rhs, rhs, z2) // z^2 + dt^2
+ fp.Sub(lhs, lhs, rhs) // x^2 + y^2 - (z^2 + dt^2)
+ eq0 := fp.IsZero(lhs)
+
+ fp.Mul(lhs, &P.x, &P.y) // xy
+ fp.Mul(rhs, t, &P.z) // tz
+ fp.Sub(lhs, lhs, rhs) // xy - tz
+ eq1 := fp.IsZero(lhs)
+ return eq0 && eq1
+}
+
+// Generator returns the generator point.
+func (Curve) Generator() *Point {
+ return &Point{
+ x: genX,
+ y: genY,
+ z: fp.One(),
+ ta: genX,
+ tb: genY,
+ }
+}
+
+// Order returns the number of points in the prime subgroup.
+func (Curve) Order() Scalar { return order }
+
+// Double returns 2P.
+func (Curve) Double(P *Point) *Point { R := *P; R.Double(); return &R }
+
+// Add returns P+Q.
+func (Curve) Add(P, Q *Point) *Point { R := *P; R.Add(Q); return &R }
+
+// ScalarMult returns kP. This function runs in constant time.
+func (e Curve) ScalarMult(k *Scalar, P *Point) *Point {
+ k4 := &Scalar{}
+ k4.divBy4(k)
+ return e.pull(twistCurve{}.ScalarMult(k4, e.push(P)))
+}
+
+// ScalarBaseMult returns kG where G is the generator point. This function runs in constant time.
+func (e Curve) ScalarBaseMult(k *Scalar) *Point {
+ k4 := &Scalar{}
+ k4.divBy4(k)
+ return e.pull(twistCurve{}.ScalarBaseMult(k4))
+}
+
+// CombinedMult returns mG+nP, where G is the generator point. This function is non-constant time.
+func (e Curve) CombinedMult(m, n *Scalar, P *Point) *Point {
+ m4 := &Scalar{}
+ n4 := &Scalar{}
+ m4.divBy4(m)
+ n4.divBy4(n)
+ return e.pull(twistCurve{}.CombinedMult(m4, n4, twistCurve{}.pull(P)))
+}
diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/isogeny.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/isogeny.go
new file mode 100644
index 0000000000000000000000000000000000000000..b1daab851c5ddd1bf7443f2b71fb0bd656429738
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/ecc/goldilocks/isogeny.go
@@ -0,0 +1,52 @@
+package goldilocks
+
+import fp "github.com/cloudflare/circl/math/fp448"
+
+func (Curve) pull(P *twistPoint) *Point { return twistCurve{}.push(P) }
+func (twistCurve) pull(P *Point) *twistPoint { return Curve{}.push(P) }
+
+// push sends a point on the Goldilocks curve to a point on the twist curve.
+func (Curve) push(P *Point) *twistPoint {
+ Q := &twistPoint{}
+ Px, Py, Pz := &P.x, &P.y, &P.z
+ a, b, c, d, e, f, g, h := &Q.x, &Q.y, &Q.z, &fp.Elt{}, &Q.ta, &Q.x, &Q.y, &Q.tb
+ fp.Add(e, Px, Py) // x+y
+ fp.Sqr(a, Px) // A = x^2
+ fp.Sqr(b, Py) // B = y^2
+ fp.Sqr(c, Pz) // z^2
+ fp.Add(c, c, c) // C = 2*z^2
+ *d = *a // D = A
+ fp.Sqr(e, e) // (x+y)^2
+ fp.Sub(e, e, a) // (x+y)^2-A
+ fp.Sub(e, e, b) // E = (x+y)^2-A-B
+ fp.Add(h, b, d) // H = B+D
+ fp.Sub(g, b, d) // G = B-D
+ fp.Sub(f, c, h) // F = C-H
+ fp.Mul(&Q.z, f, g) // Z = F * G
+ fp.Mul(&Q.x, e, f) // X = E * F
+ fp.Mul(&Q.y, g, h) // Y = G * H, // T = E * H
+ return Q
+}
+
+// push sends a point on the twist curve to a point on the Goldilocks curve.
+func (twistCurve) push(P *twistPoint) *Point {
+ Q := &Point{}
+ Px, Py, Pz := &P.x, &P.y, &P.z
+ a, b, c, d, e, f, g, h := &Q.x, &Q.y, &Q.z, &fp.Elt{}, &Q.ta, &Q.x, &Q.y, &Q.tb
+ fp.Add(e, Px, Py) // x+y
+ fp.Sqr(a, Px) // A = x^2
+ fp.Sqr(b, Py) // B = y^2
+ fp.Sqr(c, Pz) // z^2
+ fp.Add(c, c, c) // C = 2*z^2
+ fp.Neg(d, a) // D = -A
+ fp.Sqr(e, e) // (x+y)^2
+ fp.Sub(e, e, a) // (x+y)^2-A
+ fp.Sub(e, e, b) // E = (x+y)^2-A-B
+ fp.Add(h, b, d) // H = B+D
+ fp.Sub(g, b, d) // G = B-D
+ fp.Sub(f, c, h) // F = C-H
+ fp.Mul(&Q.z, f, g) // Z = F * G
+ fp.Mul(&Q.x, e, f) // X = E * F
+ fp.Mul(&Q.y, g, h) // Y = G * H, // T = E * H
+ return Q
+}
diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/point.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/point.go
new file mode 100644
index 0000000000000000000000000000000000000000..11f73de0542d17d73504c2e298ee3e1bd2df0d97
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/ecc/goldilocks/point.go
@@ -0,0 +1,171 @@
+package goldilocks
+
+import (
+ "errors"
+ "fmt"
+
+ fp "github.com/cloudflare/circl/math/fp448"
+)
+
+// Point is a point on the Goldilocks Curve.
+type Point struct{ x, y, z, ta, tb fp.Elt }
+
+func (P Point) String() string {
+ return fmt.Sprintf("x: %v\ny: %v\nz: %v\nta: %v\ntb: %v", P.x, P.y, P.z, P.ta, P.tb)
+}
+
+// FromAffine creates a point from affine coordinates.
+func FromAffine(x, y *fp.Elt) (*Point, error) {
+ P := &Point{
+ x: *x,
+ y: *y,
+ z: fp.One(),
+ ta: *x,
+ tb: *y,
+ }
+ if !(Curve{}).IsOnCurve(P) {
+ return P, errors.New("point not on curve")
+ }
+ return P, nil
+}
+
+// isLessThan returns true if 0 <= x < y, and assumes that slices are of the
+// same length and are interpreted in little-endian order.
+func isLessThan(x, y []byte) bool {
+ i := len(x) - 1
+ for i > 0 && x[i] == y[i] {
+ i--
+ }
+ return x[i] < y[i]
+}
+
+// FromBytes returns a point from the input buffer.
+func FromBytes(in []byte) (*Point, error) {
+ if len(in) < fp.Size+1 {
+ return nil, errors.New("wrong input length")
+ }
+ err := errors.New("invalid decoding")
+ P := &Point{}
+ signX := in[fp.Size] >> 7
+ copy(P.y[:], in[:fp.Size])
+ p := fp.P()
+ if !isLessThan(P.y[:], p[:]) {
+ return nil, err
+ }
+
+ u, v := &fp.Elt{}, &fp.Elt{}
+ one := fp.One()
+ fp.Sqr(u, &P.y) // u = y^2
+ fp.Mul(v, u, ¶mD) // v = dy^2
+ fp.Sub(u, u, &one) // u = y^2-1
+ fp.Sub(v, v, &one) // v = dy^2-1
+ isQR := fp.InvSqrt(&P.x, u, v) // x = sqrt(u/v)
+ if !isQR {
+ return nil, err
+ }
+ fp.Modp(&P.x) // x = x mod p
+ if fp.IsZero(&P.x) && signX == 1 {
+ return nil, err
+ }
+ if signX != (P.x[0] & 1) {
+ fp.Neg(&P.x, &P.x)
+ }
+ P.ta = P.x
+ P.tb = P.y
+ P.z = fp.One()
+ return P, nil
+}
+
+// IsIdentity returns true is P is the identity Point.
+func (P *Point) IsIdentity() bool {
+ return fp.IsZero(&P.x) && !fp.IsZero(&P.y) && !fp.IsZero(&P.z) && P.y == P.z
+}
+
+// IsEqual returns true if P is equivalent to Q.
+func (P *Point) IsEqual(Q *Point) bool {
+ l, r := &fp.Elt{}, &fp.Elt{}
+ fp.Mul(l, &P.x, &Q.z)
+ fp.Mul(r, &Q.x, &P.z)
+ fp.Sub(l, l, r)
+ b := fp.IsZero(l)
+ fp.Mul(l, &P.y, &Q.z)
+ fp.Mul(r, &Q.y, &P.z)
+ fp.Sub(l, l, r)
+ b = b && fp.IsZero(l)
+ fp.Mul(l, &P.ta, &P.tb)
+ fp.Mul(l, l, &Q.z)
+ fp.Mul(r, &Q.ta, &Q.tb)
+ fp.Mul(r, r, &P.z)
+ fp.Sub(l, l, r)
+ b = b && fp.IsZero(l)
+ return b
+}
+
+// Neg obtains the inverse of the Point.
+func (P *Point) Neg() { fp.Neg(&P.x, &P.x); fp.Neg(&P.ta, &P.ta) }
+
+// ToAffine returns the x,y affine coordinates of P.
+func (P *Point) ToAffine() (x, y fp.Elt) {
+ fp.Inv(&P.z, &P.z) // 1/z
+ fp.Mul(&P.x, &P.x, &P.z) // x/z
+ fp.Mul(&P.y, &P.y, &P.z) // y/z
+ fp.Modp(&P.x)
+ fp.Modp(&P.y)
+ fp.SetOne(&P.z)
+ P.ta = P.x
+ P.tb = P.y
+ return P.x, P.y
+}
+
+// ToBytes stores P into a slice of bytes.
+func (P *Point) ToBytes(out []byte) error {
+ if len(out) < fp.Size+1 {
+ return errors.New("invalid decoding")
+ }
+ x, y := P.ToAffine()
+ out[fp.Size] = (x[0] & 1) << 7
+ return fp.ToBytes(out[:fp.Size], &y)
+}
+
+// MarshalBinary encodes the receiver into a binary form and returns the result.
+func (P *Point) MarshalBinary() (data []byte, err error) {
+ data = make([]byte, fp.Size+1)
+ err = P.ToBytes(data[:fp.Size+1])
+ return data, err
+}
+
+// UnmarshalBinary must be able to decode the form generated by MarshalBinary.
+func (P *Point) UnmarshalBinary(data []byte) error { Q, err := FromBytes(data); *P = *Q; return err }
+
+// Double sets P = 2Q.
+func (P *Point) Double() { P.Add(P) }
+
+// Add sets P =P+Q..
+func (P *Point) Add(Q *Point) {
+ // This is formula (5) from "Twisted Edwards Curves Revisited" by
+ // Hisil H., Wong K.KH., Carter G., Dawson E. (2008)
+ // https://doi.org/10.1007/978-3-540-89255-7_20
+ x1, y1, z1, ta1, tb1 := &P.x, &P.y, &P.z, &P.ta, &P.tb
+ x2, y2, z2, ta2, tb2 := &Q.x, &Q.y, &Q.z, &Q.ta, &Q.tb
+ x3, y3, z3, E, H := &P.x, &P.y, &P.z, &P.ta, &P.tb
+ A, B, C, D := &fp.Elt{}, &fp.Elt{}, &fp.Elt{}, &fp.Elt{}
+ t1, t2, F, G := C, D, &fp.Elt{}, &fp.Elt{}
+ fp.Mul(t1, ta1, tb1) // t1 = ta1*tb1
+ fp.Mul(t2, ta2, tb2) // t2 = ta2*tb2
+ fp.Mul(A, x1, x2) // A = x1*x2
+ fp.Mul(B, y1, y2) // B = y1*y2
+ fp.Mul(C, t1, t2) // t1*t2
+ fp.Mul(C, C, ¶mD) // C = d*t1*t2
+ fp.Mul(D, z1, z2) // D = z1*z2
+ fp.Add(F, x1, y1) // x1+y1
+ fp.Add(E, x2, y2) // x2+y2
+ fp.Mul(E, E, F) // (x1+y1)*(x2+y2)
+ fp.Sub(E, E, A) // (x1+y1)*(x2+y2)-A
+ fp.Sub(E, E, B) // E = (x1+y1)*(x2+y2)-A-B
+ fp.Sub(F, D, C) // F = D-C
+ fp.Add(G, D, C) // G = D+C
+ fp.Sub(H, B, A) // H = B-A
+ fp.Mul(z3, F, G) // Z = F * G
+ fp.Mul(x3, E, F) // X = E * F
+ fp.Mul(y3, G, H) // Y = G * H, T = E * H
+}
diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/scalar.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/scalar.go
new file mode 100644
index 0000000000000000000000000000000000000000..f98117b2527e105ab49bd33602d1780253ff805a
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/ecc/goldilocks/scalar.go
@@ -0,0 +1,203 @@
+package goldilocks
+
+import (
+ "encoding/binary"
+ "math/bits"
+)
+
+// ScalarSize is the size (in bytes) of scalars.
+const ScalarSize = 56 // 448 / 8
+
+// _N is the number of 64-bit words to store scalars.
+const _N = 7 // 448 / 64
+
+// Scalar represents a positive integer stored in little-endian order.
+type Scalar [ScalarSize]byte
+
+type scalar64 [_N]uint64
+
+func (z *scalar64) fromScalar(x *Scalar) {
+ z[0] = binary.LittleEndian.Uint64(x[0*8 : 1*8])
+ z[1] = binary.LittleEndian.Uint64(x[1*8 : 2*8])
+ z[2] = binary.LittleEndian.Uint64(x[2*8 : 3*8])
+ z[3] = binary.LittleEndian.Uint64(x[3*8 : 4*8])
+ z[4] = binary.LittleEndian.Uint64(x[4*8 : 5*8])
+ z[5] = binary.LittleEndian.Uint64(x[5*8 : 6*8])
+ z[6] = binary.LittleEndian.Uint64(x[6*8 : 7*8])
+}
+
+func (z *scalar64) toScalar(x *Scalar) {
+ binary.LittleEndian.PutUint64(x[0*8:1*8], z[0])
+ binary.LittleEndian.PutUint64(x[1*8:2*8], z[1])
+ binary.LittleEndian.PutUint64(x[2*8:3*8], z[2])
+ binary.LittleEndian.PutUint64(x[3*8:4*8], z[3])
+ binary.LittleEndian.PutUint64(x[4*8:5*8], z[4])
+ binary.LittleEndian.PutUint64(x[5*8:6*8], z[5])
+ binary.LittleEndian.PutUint64(x[6*8:7*8], z[6])
+}
+
+// add calculates z = x + y. Assumes len(z) > max(len(x),len(y)).
+func add(z, x, y []uint64) uint64 {
+ l, L, zz := len(x), len(y), y
+ if l > L {
+ l, L, zz = L, l, x
+ }
+ c := uint64(0)
+ for i := 0; i < l; i++ {
+ z[i], c = bits.Add64(x[i], y[i], c)
+ }
+ for i := l; i < L; i++ {
+ z[i], c = bits.Add64(zz[i], 0, c)
+ }
+ return c
+}
+
+// sub calculates z = x - y. Assumes len(z) > max(len(x),len(y)).
+func sub(z, x, y []uint64) uint64 {
+ l, L, zz := len(x), len(y), y
+ if l > L {
+ l, L, zz = L, l, x
+ }
+ c := uint64(0)
+ for i := 0; i < l; i++ {
+ z[i], c = bits.Sub64(x[i], y[i], c)
+ }
+ for i := l; i < L; i++ {
+ z[i], c = bits.Sub64(zz[i], 0, c)
+ }
+ return c
+}
+
+// mulWord calculates z = x * y. Assumes len(z) >= len(x)+1.
+func mulWord(z, x []uint64, y uint64) {
+ for i := range z {
+ z[i] = 0
+ }
+ carry := uint64(0)
+ for i := range x {
+ hi, lo := bits.Mul64(x[i], y)
+ lo, cc := bits.Add64(lo, z[i], 0)
+ hi, _ = bits.Add64(hi, 0, cc)
+ z[i], cc = bits.Add64(lo, carry, 0)
+ carry, _ = bits.Add64(hi, 0, cc)
+ }
+ z[len(x)] = carry
+}
+
+// Cmov moves x into z if b=1.
+func (z *scalar64) Cmov(b uint64, x *scalar64) {
+ m := uint64(0) - b
+ for i := range z {
+ z[i] = (z[i] &^ m) | (x[i] & m)
+ }
+}
+
+// leftShift shifts to the left the words of z returning the more significant word.
+func (z *scalar64) leftShift(low uint64) uint64 {
+ high := z[_N-1]
+ for i := _N - 1; i > 0; i-- {
+ z[i] = z[i-1]
+ }
+ z[0] = low
+ return high
+}
+
+// reduceOneWord calculates z = z + 2^448*x such that the result fits in a Scalar.
+func (z *scalar64) reduceOneWord(x uint64) {
+ prod := (&scalar64{})[:]
+ mulWord(prod, residue448[:], x)
+ cc := add(z[:], z[:], prod)
+ mulWord(prod, residue448[:], cc)
+ add(z[:], z[:], prod)
+}
+
+// modOrder reduces z mod order.
+func (z *scalar64) modOrder() {
+ var o64, x scalar64
+ o64.fromScalar(&order)
+ // Performs: while (z >= order) { z = z-order }
+ // At most 8 (eight) iterations reduce 3 bits by subtracting.
+ for i := 0; i < 8; i++ {
+ c := sub(x[:], z[:], o64[:]) // (c || x) = z-order
+ z.Cmov(1-c, &x) // if c != 0 { z = x }
+ }
+}
+
+// FromBytes stores z = x mod order, where x is a number stored in little-endian order.
+func (z *Scalar) FromBytes(x []byte) {
+ n := len(x)
+ nCeil := (n + 7) >> 3
+ for i := range z {
+ z[i] = 0
+ }
+ if nCeil < _N {
+ copy(z[:], x)
+ return
+ }
+ copy(z[:], x[8*(nCeil-_N):])
+ var z64 scalar64
+ z64.fromScalar(z)
+ for i := nCeil - _N - 1; i >= 0; i-- {
+ low := binary.LittleEndian.Uint64(x[8*i:])
+ high := z64.leftShift(low)
+ z64.reduceOneWord(high)
+ }
+ z64.modOrder()
+ z64.toScalar(z)
+}
+
+// divBy4 calculates z = x/4 mod order.
+func (z *Scalar) divBy4(x *Scalar) { z.Mul(x, &invFour) }
+
+// Red reduces z mod order.
+func (z *Scalar) Red() { var t scalar64; t.fromScalar(z); t.modOrder(); t.toScalar(z) }
+
+// Neg calculates z = -z mod order.
+func (z *Scalar) Neg() { z.Sub(&order, z) }
+
+// Add calculates z = x+y mod order.
+func (z *Scalar) Add(x, y *Scalar) {
+ var z64, x64, y64, t scalar64
+ x64.fromScalar(x)
+ y64.fromScalar(y)
+ c := add(z64[:], x64[:], y64[:])
+ add(t[:], z64[:], residue448[:])
+ z64.Cmov(c, &t)
+ z64.modOrder()
+ z64.toScalar(z)
+}
+
+// Sub calculates z = x-y mod order.
+func (z *Scalar) Sub(x, y *Scalar) {
+ var z64, x64, y64, t scalar64
+ x64.fromScalar(x)
+ y64.fromScalar(y)
+ c := sub(z64[:], x64[:], y64[:])
+ sub(t[:], z64[:], residue448[:])
+ z64.Cmov(c, &t)
+ z64.modOrder()
+ z64.toScalar(z)
+}
+
+// Mul calculates z = x*y mod order.
+func (z *Scalar) Mul(x, y *Scalar) {
+ var z64, x64, y64 scalar64
+ prod := (&[_N + 1]uint64{})[:]
+ x64.fromScalar(x)
+ y64.fromScalar(y)
+ mulWord(prod, x64[:], y64[_N-1])
+ copy(z64[:], prod[:_N])
+ z64.reduceOneWord(prod[_N])
+ for i := _N - 2; i >= 0; i-- {
+ h := z64.leftShift(0)
+ z64.reduceOneWord(h)
+ mulWord(prod, x64[:], y64[i])
+ c := add(z64[:], z64[:], prod[:_N])
+ z64.reduceOneWord(prod[_N] + c)
+ }
+ z64.modOrder()
+ z64.toScalar(z)
+}
+
+// IsZero returns true if z=0.
+func (z *Scalar) IsZero() bool { z.Red(); return *z == Scalar{} }
diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go
new file mode 100644
index 0000000000000000000000000000000000000000..83d7cdadd3ec1dcd04e580e1f7033d346580b619
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist.go
@@ -0,0 +1,138 @@
+package goldilocks
+
+import (
+ "crypto/subtle"
+ "math/bits"
+
+ "github.com/cloudflare/circl/internal/conv"
+ "github.com/cloudflare/circl/math"
+ fp "github.com/cloudflare/circl/math/fp448"
+)
+
+// twistCurve is -x^2+y^2=1-39082x^2y^2 and is 4-isogenous to Goldilocks.
+type twistCurve struct{}
+
+// Identity returns the identity point.
+func (twistCurve) Identity() *twistPoint {
+ return &twistPoint{
+ y: fp.One(),
+ z: fp.One(),
+ }
+}
+
+// subYDiv16 update x = (x - y) / 16.
+func subYDiv16(x *scalar64, y int64) {
+ s := uint64(y >> 63)
+ x0, b0 := bits.Sub64((*x)[0], uint64(y), 0)
+ x1, b1 := bits.Sub64((*x)[1], s, b0)
+ x2, b2 := bits.Sub64((*x)[2], s, b1)
+ x3, b3 := bits.Sub64((*x)[3], s, b2)
+ x4, b4 := bits.Sub64((*x)[4], s, b3)
+ x5, b5 := bits.Sub64((*x)[5], s, b4)
+ x6, _ := bits.Sub64((*x)[6], s, b5)
+ x[0] = (x0 >> 4) | (x1 << 60)
+ x[1] = (x1 >> 4) | (x2 << 60)
+ x[2] = (x2 >> 4) | (x3 << 60)
+ x[3] = (x3 >> 4) | (x4 << 60)
+ x[4] = (x4 >> 4) | (x5 << 60)
+ x[5] = (x5 >> 4) | (x6 << 60)
+ x[6] = (x6 >> 4)
+}
+
+func recodeScalar(d *[113]int8, k *Scalar) {
+ var k64 scalar64
+ k64.fromScalar(k)
+ for i := 0; i < 112; i++ {
+ d[i] = int8((k64[0] & 0x1f) - 16)
+ subYDiv16(&k64, int64(d[i]))
+ }
+ d[112] = int8(k64[0])
+}
+
+// ScalarMult returns kP.
+func (e twistCurve) ScalarMult(k *Scalar, P *twistPoint) *twistPoint {
+ var TabP [8]preTwistPointProy
+ var S preTwistPointProy
+ var d [113]int8
+
+ var isZero int
+ if k.IsZero() {
+ isZero = 1
+ }
+ subtle.ConstantTimeCopy(isZero, k[:], order[:])
+
+ minusK := *k
+ isEven := 1 - int(k[0]&0x1)
+ minusK.Neg()
+ subtle.ConstantTimeCopy(isEven, k[:], minusK[:])
+ recodeScalar(&d, k)
+
+ P.oddMultiples(TabP[:])
+ Q := e.Identity()
+ for i := 112; i >= 0; i-- {
+ Q.Double()
+ Q.Double()
+ Q.Double()
+ Q.Double()
+ mask := d[i] >> 7
+ absDi := (d[i] + mask) ^ mask
+ inx := int32((absDi - 1) >> 1)
+ sig := int((d[i] >> 7) & 0x1)
+ for j := range TabP {
+ S.cmov(&TabP[j], uint(subtle.ConstantTimeEq(inx, int32(j))))
+ }
+ S.cneg(sig)
+ Q.mixAdd(&S)
+ }
+ Q.cneg(uint(isEven))
+ return Q
+}
+
+const (
+ omegaFix = 7
+ omegaVar = 5
+)
+
+// CombinedMult returns mG+nP.
+func (e twistCurve) CombinedMult(m, n *Scalar, P *twistPoint) *twistPoint {
+ nafFix := math.OmegaNAF(conv.BytesLe2BigInt(m[:]), omegaFix)
+ nafVar := math.OmegaNAF(conv.BytesLe2BigInt(n[:]), omegaVar)
+
+ if len(nafFix) > len(nafVar) {
+ nafVar = append(nafVar, make([]int32, len(nafFix)-len(nafVar))...)
+ } else if len(nafFix) < len(nafVar) {
+ nafFix = append(nafFix, make([]int32, len(nafVar)-len(nafFix))...)
+ }
+
+ var TabQ [1 << (omegaVar - 2)]preTwistPointProy
+ P.oddMultiples(TabQ[:])
+ Q := e.Identity()
+ for i := len(nafFix) - 1; i >= 0; i-- {
+ Q.Double()
+ // Generator point
+ if nafFix[i] != 0 {
+ idxM := absolute(nafFix[i]) >> 1
+ R := tabVerif[idxM]
+ if nafFix[i] < 0 {
+ R.neg()
+ }
+ Q.mixAddZ1(&R)
+ }
+ // Variable input point
+ if nafVar[i] != 0 {
+ idxN := absolute(nafVar[i]) >> 1
+ S := TabQ[idxN]
+ if nafVar[i] < 0 {
+ S.neg()
+ }
+ Q.mixAdd(&S)
+ }
+ }
+ return Q
+}
+
+// absolute returns always a positive value.
+func absolute(x int32) int32 {
+ mask := x >> 31
+ return (x + mask) ^ mask
+}
diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twistPoint.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twistPoint.go
new file mode 100644
index 0000000000000000000000000000000000000000..c55db77b06949c91878df7cf31dd8c33ba9b3a08
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twistPoint.go
@@ -0,0 +1,135 @@
+package goldilocks
+
+import (
+ "fmt"
+
+ fp "github.com/cloudflare/circl/math/fp448"
+)
+
+type twistPoint struct{ x, y, z, ta, tb fp.Elt }
+
+type preTwistPointAffine struct{ addYX, subYX, dt2 fp.Elt }
+
+type preTwistPointProy struct {
+ preTwistPointAffine
+ z2 fp.Elt
+}
+
+func (P *twistPoint) String() string {
+ return fmt.Sprintf("x: %v\ny: %v\nz: %v\nta: %v\ntb: %v", P.x, P.y, P.z, P.ta, P.tb)
+}
+
+// cneg conditionally negates the point if b=1.
+func (P *twistPoint) cneg(b uint) {
+ t := &fp.Elt{}
+ fp.Neg(t, &P.x)
+ fp.Cmov(&P.x, t, b)
+ fp.Neg(t, &P.ta)
+ fp.Cmov(&P.ta, t, b)
+}
+
+// Double updates P with 2P.
+func (P *twistPoint) Double() {
+ // This is formula (7) from "Twisted Edwards Curves Revisited" by
+ // Hisil H., Wong K.KH., Carter G., Dawson E. (2008)
+ // https://doi.org/10.1007/978-3-540-89255-7_20
+ Px, Py, Pz, Pta, Ptb := &P.x, &P.y, &P.z, &P.ta, &P.tb
+ a, b, c, e, f, g, h := Px, Py, Pz, Pta, Px, Py, Ptb
+ fp.Add(e, Px, Py) // x+y
+ fp.Sqr(a, Px) // A = x^2
+ fp.Sqr(b, Py) // B = y^2
+ fp.Sqr(c, Pz) // z^2
+ fp.Add(c, c, c) // C = 2*z^2
+ fp.Add(h, a, b) // H = A+B
+ fp.Sqr(e, e) // (x+y)^2
+ fp.Sub(e, e, h) // E = (x+y)^2-A-B
+ fp.Sub(g, b, a) // G = B-A
+ fp.Sub(f, c, g) // F = C-G
+ fp.Mul(Pz, f, g) // Z = F * G
+ fp.Mul(Px, e, f) // X = E * F
+ fp.Mul(Py, g, h) // Y = G * H, T = E * H
+}
+
+// mixAdd calculates P= P+Q, where Q is a precomputed point with Z_Q = 1.
+func (P *twistPoint) mixAddZ1(Q *preTwistPointAffine) {
+ fp.Add(&P.z, &P.z, &P.z) // D = 2*z1 (z2=1)
+ P.coreAddition(Q)
+}
+
+// coreAddition calculates P=P+Q for curves with A=-1.
+func (P *twistPoint) coreAddition(Q *preTwistPointAffine) {
+ // This is the formula following (5) from "Twisted Edwards Curves Revisited" by
+ // Hisil H., Wong K.KH., Carter G., Dawson E. (2008)
+ // https://doi.org/10.1007/978-3-540-89255-7_20
+ Px, Py, Pz, Pta, Ptb := &P.x, &P.y, &P.z, &P.ta, &P.tb
+ addYX2, subYX2, dt2 := &Q.addYX, &Q.subYX, &Q.dt2
+ a, b, c, d, e, f, g, h := Px, Py, &fp.Elt{}, Pz, Pta, Px, Py, Ptb
+ fp.Mul(c, Pta, Ptb) // t1 = ta*tb
+ fp.Sub(h, Py, Px) // y1-x1
+ fp.Add(b, Py, Px) // y1+x1
+ fp.Mul(a, h, subYX2) // A = (y1-x1)*(y2-x2)
+ fp.Mul(b, b, addYX2) // B = (y1+x1)*(y2+x2)
+ fp.Mul(c, c, dt2) // C = 2*D*t1*t2
+ fp.Sub(e, b, a) // E = B-A
+ fp.Add(h, b, a) // H = B+A
+ fp.Sub(f, d, c) // F = D-C
+ fp.Add(g, d, c) // G = D+C
+ fp.Mul(Pz, f, g) // Z = F * G
+ fp.Mul(Px, e, f) // X = E * F
+ fp.Mul(Py, g, h) // Y = G * H, T = E * H
+}
+
+func (P *preTwistPointAffine) neg() {
+ P.addYX, P.subYX = P.subYX, P.addYX
+ fp.Neg(&P.dt2, &P.dt2)
+}
+
+func (P *preTwistPointAffine) cneg(b int) {
+ t := &fp.Elt{}
+ fp.Cswap(&P.addYX, &P.subYX, uint(b))
+ fp.Neg(t, &P.dt2)
+ fp.Cmov(&P.dt2, t, uint(b))
+}
+
+func (P *preTwistPointAffine) cmov(Q *preTwistPointAffine, b uint) {
+ fp.Cmov(&P.addYX, &Q.addYX, b)
+ fp.Cmov(&P.subYX, &Q.subYX, b)
+ fp.Cmov(&P.dt2, &Q.dt2, b)
+}
+
+// mixAdd calculates P= P+Q, where Q is a precomputed point with Z_Q != 1.
+func (P *twistPoint) mixAdd(Q *preTwistPointProy) {
+ fp.Mul(&P.z, &P.z, &Q.z2) // D = 2*z1*z2
+ P.coreAddition(&Q.preTwistPointAffine)
+}
+
+// oddMultiples calculates T[i] = (2*i-1)P for 0 < i < len(T).
+func (P *twistPoint) oddMultiples(T []preTwistPointProy) {
+ if n := len(T); n > 0 {
+ T[0].FromTwistPoint(P)
+ _2P := *P
+ _2P.Double()
+ R := &preTwistPointProy{}
+ R.FromTwistPoint(&_2P)
+ for i := 1; i < n; i++ {
+ P.mixAdd(R)
+ T[i].FromTwistPoint(P)
+ }
+ }
+}
+
+// cmov conditionally moves Q into P if b=1.
+func (P *preTwistPointProy) cmov(Q *preTwistPointProy, b uint) {
+ P.preTwistPointAffine.cmov(&Q.preTwistPointAffine, b)
+ fp.Cmov(&P.z2, &Q.z2, b)
+}
+
+// FromTwistPoint precomputes some coordinates of Q for missed addition.
+func (P *preTwistPointProy) FromTwistPoint(Q *twistPoint) {
+ fp.Add(&P.addYX, &Q.y, &Q.x) // addYX = X + Y
+ fp.Sub(&P.subYX, &Q.y, &Q.x) // subYX = Y - X
+ fp.Mul(&P.dt2, &Q.ta, &Q.tb) // T = ta*tb
+ fp.Mul(&P.dt2, &P.dt2, ¶mDTwist) // D*T
+ fp.Add(&P.dt2, &P.dt2, &P.dt2) // dt2 = 2*D*T
+ fp.Add(&P.z2, &Q.z, &Q.z) // z2 = 2*Z
+}
diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twistTables.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twistTables.go
new file mode 100644
index 0000000000000000000000000000000000000000..ed432e02c78b12f2453b9e40d0656e0a68788df9
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twistTables.go
@@ -0,0 +1,216 @@
+package goldilocks
+
+import fp "github.com/cloudflare/circl/math/fp448"
+
+var tabFixMult = [fxV][fx2w1]preTwistPointAffine{
+ {
+ {
+ addYX: fp.Elt{0x65, 0x4a, 0xdd, 0xdf, 0xb4, 0x79, 0x60, 0xc8, 0xa1, 0x70, 0xb4, 0x3a, 0x1e, 0x0c, 0x9b, 0x19, 0xe5, 0x48, 0x3f, 0xd7, 0x44, 0x18, 0x18, 0x14, 0x14, 0x27, 0x45, 0xd0, 0x2b, 0x24, 0xd5, 0x93, 0xc3, 0x74, 0x4c, 0x50, 0x70, 0x43, 0x26, 0x05, 0x08, 0x24, 0xca, 0x78, 0x30, 0xc1, 0x06, 0x8d, 0xd4, 0x86, 0x42, 0xf0, 0x14, 0xde, 0x08, 0x05},
+ subYX: fp.Elt{0x64, 0x4a, 0xdd, 0xdf, 0xb4, 0x79, 0x60, 0xc8, 0xa1, 0x70, 0xb4, 0x3a, 0x1e, 0x0c, 0x9b, 0x19, 0xe5, 0x48, 0x3f, 0xd7, 0x44, 0x18, 0x18, 0x14, 0x14, 0x27, 0x45, 0xd0, 0x2d, 0x24, 0xd5, 0x93, 0xc3, 0x74, 0x4c, 0x50, 0x70, 0x43, 0x26, 0x05, 0x08, 0x24, 0xca, 0x78, 0x30, 0xc1, 0x06, 0x8d, 0xd4, 0x86, 0x42, 0xf0, 0x14, 0xde, 0x08, 0x05},
+ dt2: fp.Elt{0x1a, 0x33, 0xea, 0x64, 0x45, 0x1c, 0xdf, 0x17, 0x1d, 0x16, 0x34, 0x28, 0xd6, 0x61, 0x19, 0x67, 0x79, 0xb4, 0x13, 0xcf, 0x3e, 0x7c, 0x0e, 0x72, 0xda, 0xf1, 0x5f, 0xda, 0xe6, 0xcf, 0x42, 0xd3, 0xb6, 0x17, 0xc2, 0x68, 0x13, 0x2d, 0xd9, 0x60, 0x3e, 0xae, 0xf0, 0x5b, 0x96, 0xf0, 0xcd, 0xaf, 0xea, 0xb7, 0x0d, 0x59, 0x16, 0xa7, 0xff, 0x55},
+ },
+ {
+ addYX: fp.Elt{0xca, 0xd8, 0x7d, 0x86, 0x1a, 0xef, 0xad, 0x11, 0xe3, 0x27, 0x41, 0x7e, 0x7f, 0x3e, 0xa9, 0xd2, 0xb5, 0x4e, 0x50, 0xe0, 0x77, 0x91, 0xc2, 0x13, 0x52, 0x73, 0x41, 0x09, 0xa6, 0x57, 0x9a, 0xc8, 0xa8, 0x90, 0x9d, 0x26, 0x14, 0xbb, 0xa1, 0x2a, 0xf7, 0x45, 0x43, 0x4e, 0xea, 0x35, 0x62, 0xe1, 0x08, 0x85, 0x46, 0xb8, 0x24, 0x05, 0x2d, 0xab},
+ subYX: fp.Elt{0x9b, 0xe6, 0xd3, 0xe5, 0xfe, 0x50, 0x36, 0x3c, 0x3c, 0x6d, 0x74, 0x1d, 0x74, 0xc0, 0xde, 0x5b, 0x45, 0x27, 0xe5, 0x12, 0xee, 0x63, 0x35, 0x6b, 0x13, 0xe2, 0x41, 0x6b, 0x3a, 0x05, 0x2b, 0xb1, 0x89, 0x26, 0xb6, 0xc6, 0xd1, 0x84, 0xff, 0x0e, 0x9b, 0xa3, 0xfb, 0x21, 0x36, 0x6b, 0x01, 0xf7, 0x9f, 0x7c, 0xeb, 0xf5, 0x18, 0x7a, 0x2a, 0x70},
+ dt2: fp.Elt{0x09, 0xad, 0x99, 0x1a, 0x38, 0xd3, 0xdf, 0x22, 0x37, 0x32, 0x61, 0x8b, 0xf3, 0x19, 0x48, 0x08, 0xe8, 0x49, 0xb6, 0x4a, 0xa7, 0xed, 0xa4, 0xa2, 0xee, 0x86, 0xd7, 0x31, 0x5e, 0xce, 0x95, 0x76, 0x86, 0x42, 0x1c, 0x9d, 0x07, 0x14, 0x8c, 0x34, 0x18, 0x9c, 0x6d, 0x3a, 0xdf, 0xa9, 0xe8, 0x36, 0x7e, 0xe4, 0x95, 0xbe, 0xb5, 0x09, 0xf8, 0x9c},
+ },
+ {
+ addYX: fp.Elt{0x51, 0xdb, 0x49, 0xa8, 0x9f, 0xe3, 0xd7, 0xec, 0x0d, 0x0f, 0x49, 0xe8, 0xb6, 0xc5, 0x0f, 0x5a, 0x1c, 0xce, 0x54, 0x0d, 0xb1, 0x8d, 0x5b, 0xbf, 0xf4, 0xaa, 0x34, 0x77, 0xc4, 0x5d, 0x59, 0xb6, 0xc5, 0x0e, 0x5a, 0xd8, 0x5b, 0x30, 0xc2, 0x1d, 0xec, 0x85, 0x1c, 0x42, 0xbe, 0x24, 0x2e, 0x50, 0x55, 0x44, 0xb2, 0x3a, 0x01, 0xaa, 0x98, 0xfb},
+ subYX: fp.Elt{0xe7, 0x29, 0xb7, 0xd0, 0xaa, 0x4f, 0x32, 0x53, 0x56, 0xde, 0xbc, 0xd1, 0x92, 0x5d, 0x19, 0xbe, 0xa3, 0xe3, 0x75, 0x48, 0xe0, 0x7a, 0x1b, 0x54, 0x7a, 0xb7, 0x41, 0x77, 0x84, 0x38, 0xdd, 0x14, 0x9f, 0xca, 0x3f, 0xa3, 0xc8, 0xa7, 0x04, 0x70, 0xf1, 0x4d, 0x3d, 0xb3, 0x84, 0x79, 0xcb, 0xdb, 0xe4, 0xc5, 0x42, 0x9b, 0x57, 0x19, 0xf1, 0x2d},
+ dt2: fp.Elt{0x20, 0xb4, 0x94, 0x9e, 0xdf, 0x31, 0x44, 0x0b, 0xc9, 0x7b, 0x75, 0x40, 0x9d, 0xd1, 0x96, 0x39, 0x70, 0x71, 0x15, 0xc8, 0x93, 0xd5, 0xc5, 0xe5, 0xba, 0xfe, 0xee, 0x08, 0x6a, 0x98, 0x0a, 0x1b, 0xb2, 0xaa, 0x3a, 0xf4, 0xa4, 0x79, 0xf9, 0x8e, 0x4d, 0x65, 0x10, 0x9b, 0x3a, 0x6e, 0x7c, 0x87, 0x94, 0x92, 0x11, 0x65, 0xbf, 0x1a, 0x09, 0xde},
+ },
+ {
+ addYX: fp.Elt{0xf3, 0x84, 0x76, 0x77, 0xa5, 0x6b, 0x27, 0x3b, 0x83, 0x3d, 0xdf, 0xa0, 0xeb, 0x32, 0x6d, 0x58, 0x81, 0x57, 0x64, 0xc2, 0x21, 0x7c, 0x9b, 0xea, 0xe6, 0xb0, 0x93, 0xf9, 0xe7, 0xc3, 0xed, 0x5a, 0x8e, 0xe2, 0xb4, 0x72, 0x76, 0x66, 0x0f, 0x22, 0x29, 0x94, 0x3e, 0x63, 0x48, 0x5e, 0x80, 0xcb, 0xac, 0xfa, 0x95, 0xb6, 0x4b, 0xc4, 0x95, 0x33},
+ subYX: fp.Elt{0x0c, 0x55, 0xd1, 0x5e, 0x5f, 0xbf, 0xbf, 0xe2, 0x4c, 0xfc, 0x37, 0x4a, 0xc4, 0xb1, 0xf4, 0x83, 0x61, 0x93, 0x60, 0x8e, 0x9f, 0x31, 0xf0, 0xa0, 0x41, 0xff, 0x1d, 0xe2, 0x7f, 0xca, 0x40, 0xd6, 0x88, 0xe8, 0x91, 0x61, 0xe2, 0x11, 0x18, 0x83, 0xf3, 0x25, 0x2f, 0x3f, 0x49, 0x40, 0xd4, 0x83, 0xe2, 0xd7, 0x74, 0x6a, 0x16, 0x86, 0x4e, 0xab},
+ dt2: fp.Elt{0xdd, 0x58, 0x65, 0xd8, 0x9f, 0xdd, 0x70, 0x7f, 0x0f, 0xec, 0xbd, 0x5c, 0x5c, 0x9b, 0x7e, 0x1b, 0x9f, 0x79, 0x36, 0x1f, 0xfd, 0x79, 0x10, 0x1c, 0x52, 0xf3, 0x22, 0xa4, 0x1f, 0x71, 0x6e, 0x63, 0x14, 0xf4, 0xa7, 0x3e, 0xbe, 0xad, 0x43, 0x30, 0x38, 0x8c, 0x29, 0xc6, 0xcf, 0x50, 0x75, 0x21, 0xe5, 0x78, 0xfd, 0xb0, 0x9a, 0xc4, 0x6d, 0xd4},
+ },
+ },
+ {
+ {
+ addYX: fp.Elt{0x7a, 0xa1, 0x38, 0xa6, 0xfd, 0x0e, 0x96, 0xd5, 0x26, 0x76, 0x86, 0x70, 0x80, 0x30, 0xa6, 0x67, 0xeb, 0xf4, 0x39, 0xdb, 0x22, 0xf5, 0x9f, 0x98, 0xe4, 0xb5, 0x3a, 0x0c, 0x59, 0xbf, 0x85, 0xc6, 0xf0, 0x0b, 0x1c, 0x41, 0x38, 0x09, 0x01, 0xdb, 0xd6, 0x3c, 0xb7, 0xf1, 0x08, 0x6b, 0x4b, 0x9e, 0x63, 0x53, 0x83, 0xd3, 0xab, 0xa3, 0x72, 0x0d},
+ subYX: fp.Elt{0x84, 0x68, 0x25, 0xe8, 0xe9, 0x8f, 0x91, 0xbf, 0xf7, 0xa4, 0x30, 0xae, 0xea, 0x9f, 0xdd, 0x56, 0x64, 0x09, 0xc9, 0x54, 0x68, 0x4e, 0x33, 0xc5, 0x6f, 0x7b, 0x2d, 0x52, 0x2e, 0x42, 0xbe, 0xbe, 0xf5, 0x64, 0xbf, 0x77, 0x54, 0xdf, 0xb0, 0x10, 0xd2, 0x16, 0x5d, 0xce, 0xaf, 0x9f, 0xfb, 0xa3, 0x63, 0x50, 0xcb, 0xc0, 0xd0, 0x88, 0x44, 0xa3},
+ dt2: fp.Elt{0xc3, 0x8b, 0xa5, 0xf1, 0x44, 0xe4, 0x41, 0xcd, 0x75, 0xe3, 0x17, 0x69, 0x5b, 0xb9, 0xbb, 0xee, 0x82, 0xbb, 0xce, 0x57, 0xdf, 0x2a, 0x9c, 0x12, 0xab, 0x66, 0x08, 0x68, 0x05, 0x1b, 0x87, 0xee, 0x5d, 0x1e, 0x18, 0x14, 0x22, 0x4b, 0x99, 0x61, 0x75, 0x28, 0xe7, 0x65, 0x1c, 0x36, 0xb6, 0x18, 0x09, 0xa8, 0xdf, 0xef, 0x30, 0x35, 0xbc, 0x58},
+ },
+ {
+ addYX: fp.Elt{0xc5, 0xd3, 0x0e, 0x6f, 0xaf, 0x06, 0x69, 0xc4, 0x07, 0x9e, 0x58, 0x6e, 0x3f, 0x49, 0xd9, 0x0a, 0x3c, 0x2c, 0x37, 0xcd, 0x27, 0x4d, 0x87, 0x91, 0x7a, 0xb0, 0x28, 0xad, 0x2f, 0x68, 0x92, 0x05, 0x97, 0xf1, 0x30, 0x5f, 0x4c, 0x10, 0x20, 0x30, 0xd3, 0x08, 0x3f, 0xc1, 0xc6, 0xb7, 0xb5, 0xd1, 0x71, 0x7b, 0xa8, 0x0a, 0xd8, 0xf5, 0x17, 0xcf},
+ subYX: fp.Elt{0x64, 0xd4, 0x8f, 0x91, 0x40, 0xab, 0x6e, 0x1a, 0x62, 0x83, 0xdc, 0xd7, 0x30, 0x1a, 0x4a, 0x2a, 0x4c, 0x54, 0x86, 0x19, 0x81, 0x5d, 0x04, 0x52, 0xa3, 0xca, 0x82, 0x38, 0xdc, 0x1e, 0xf0, 0x7a, 0x78, 0x76, 0x49, 0x4f, 0x71, 0xc4, 0x74, 0x2f, 0xf0, 0x5b, 0x2e, 0x5e, 0xac, 0xef, 0x17, 0xe4, 0x8e, 0x6e, 0xed, 0x43, 0x23, 0x61, 0x99, 0x49},
+ dt2: fp.Elt{0x64, 0x90, 0x72, 0x76, 0xf8, 0x2c, 0x7d, 0x57, 0xf9, 0x30, 0x5e, 0x7a, 0x10, 0x74, 0x19, 0x39, 0xd9, 0xaf, 0x0a, 0xf1, 0x43, 0xed, 0x88, 0x9c, 0x8b, 0xdc, 0x9b, 0x1c, 0x90, 0xe7, 0xf7, 0xa3, 0xa5, 0x0d, 0xc6, 0xbc, 0x30, 0xfb, 0x91, 0x1a, 0x51, 0xba, 0x2d, 0xbe, 0x89, 0xdf, 0x1d, 0xdc, 0x53, 0xa8, 0x82, 0x8a, 0xd3, 0x8d, 0x16, 0x68},
+ },
+ {
+ addYX: fp.Elt{0xef, 0x5c, 0xe3, 0x74, 0xbf, 0x13, 0x4a, 0xbf, 0x66, 0x73, 0x64, 0xb7, 0xd4, 0xce, 0x98, 0x82, 0x05, 0xfa, 0x98, 0x0c, 0x0a, 0xae, 0xe5, 0x6b, 0x9f, 0xac, 0xbb, 0x6e, 0x1f, 0xcf, 0xff, 0xa6, 0x71, 0x9a, 0xa8, 0x7a, 0x9e, 0x64, 0x1f, 0x20, 0x4a, 0x61, 0xa2, 0xd6, 0x50, 0xe3, 0xba, 0x81, 0x0c, 0x50, 0x59, 0x69, 0x59, 0x15, 0x55, 0xdb},
+ subYX: fp.Elt{0xe8, 0x77, 0x4d, 0xe8, 0x66, 0x3d, 0xc1, 0x00, 0x3c, 0xf2, 0x25, 0x00, 0xdc, 0xb2, 0xe5, 0x9b, 0x12, 0x89, 0xf3, 0xd6, 0xea, 0x85, 0x60, 0xfe, 0x67, 0x91, 0xfd, 0x04, 0x7c, 0xe0, 0xf1, 0x86, 0x06, 0x11, 0x66, 0xee, 0xd4, 0xd5, 0xbe, 0x3b, 0x0f, 0xe3, 0x59, 0xb3, 0x4f, 0x00, 0xb6, 0xce, 0x80, 0xc1, 0x61, 0xf7, 0xaf, 0x04, 0x6a, 0x3c},
+ dt2: fp.Elt{0x00, 0xd7, 0x32, 0x93, 0x67, 0x70, 0x6f, 0xd7, 0x69, 0xab, 0xb1, 0xd3, 0xdc, 0xd6, 0xa8, 0xdd, 0x35, 0x25, 0xca, 0xd3, 0x8a, 0x6d, 0xce, 0xfb, 0xfd, 0x2b, 0x83, 0xf0, 0xd4, 0xac, 0x66, 0xfb, 0x72, 0x87, 0x7e, 0x55, 0xb7, 0x91, 0x58, 0x10, 0xc3, 0x11, 0x7e, 0x15, 0xfe, 0x7c, 0x55, 0x90, 0xa3, 0x9e, 0xed, 0x9a, 0x7f, 0xa7, 0xb7, 0xeb},
+ },
+ {
+ addYX: fp.Elt{0x25, 0x0f, 0xc2, 0x09, 0x9c, 0x10, 0xc8, 0x7c, 0x93, 0xa7, 0xbe, 0xe9, 0x26, 0x25, 0x7c, 0x21, 0xfe, 0xe7, 0x5f, 0x3c, 0x02, 0x83, 0xa7, 0x9e, 0xdf, 0xc0, 0x94, 0x2b, 0x7d, 0x1a, 0xd0, 0x1d, 0xcc, 0x2e, 0x7d, 0xd4, 0x85, 0xe7, 0xc1, 0x15, 0x66, 0xd6, 0xd6, 0x32, 0xb8, 0xf7, 0x63, 0xaa, 0x3b, 0xa5, 0xea, 0x49, 0xad, 0x88, 0x9b, 0x66},
+ subYX: fp.Elt{0x09, 0x97, 0x79, 0x36, 0x41, 0x56, 0x9b, 0xdf, 0x15, 0xd8, 0x43, 0x28, 0x17, 0x5b, 0x96, 0xc9, 0xcf, 0x39, 0x1f, 0x13, 0xf7, 0x4d, 0x1d, 0x1f, 0xda, 0x51, 0x56, 0xe7, 0x0a, 0x5a, 0x65, 0xb6, 0x2a, 0x87, 0x49, 0x86, 0xc2, 0x2b, 0xcd, 0xfe, 0x07, 0xf6, 0x4c, 0xe2, 0x1d, 0x9b, 0xd8, 0x82, 0x09, 0x5b, 0x11, 0x10, 0x62, 0x56, 0x89, 0xbd},
+ dt2: fp.Elt{0xd9, 0x15, 0x73, 0xf2, 0x96, 0x35, 0x53, 0xb0, 0xe7, 0xa8, 0x0b, 0x93, 0x35, 0x0b, 0x3a, 0x00, 0xf5, 0x18, 0xb1, 0xc3, 0x12, 0x3f, 0x91, 0x17, 0xc1, 0x4c, 0x15, 0x5a, 0x86, 0x92, 0x11, 0xbd, 0x44, 0x40, 0x5a, 0x7b, 0x15, 0x89, 0xba, 0xc1, 0xc1, 0xbc, 0x43, 0x45, 0xe6, 0x52, 0x02, 0x73, 0x0a, 0xd0, 0x2a, 0x19, 0xda, 0x47, 0xa8, 0xff},
+ },
+ },
+}
+
+// tabVerif contains the odd multiples of P. The entry T[i] = (2i+1)P, where
+// P = phi(G) and G is the generator of the Goldilocks curve, and phi is a
+// 4-degree isogeny.
+var tabVerif = [1 << (omegaFix - 2)]preTwistPointAffine{
+ { /* 1P*/
+ addYX: fp.Elt{0x65, 0x4a, 0xdd, 0xdf, 0xb4, 0x79, 0x60, 0xc8, 0xa1, 0x70, 0xb4, 0x3a, 0x1e, 0x0c, 0x9b, 0x19, 0xe5, 0x48, 0x3f, 0xd7, 0x44, 0x18, 0x18, 0x14, 0x14, 0x27, 0x45, 0xd0, 0x2b, 0x24, 0xd5, 0x93, 0xc3, 0x74, 0x4c, 0x50, 0x70, 0x43, 0x26, 0x05, 0x08, 0x24, 0xca, 0x78, 0x30, 0xc1, 0x06, 0x8d, 0xd4, 0x86, 0x42, 0xf0, 0x14, 0xde, 0x08, 0x05},
+ subYX: fp.Elt{0x64, 0x4a, 0xdd, 0xdf, 0xb4, 0x79, 0x60, 0xc8, 0xa1, 0x70, 0xb4, 0x3a, 0x1e, 0x0c, 0x9b, 0x19, 0xe5, 0x48, 0x3f, 0xd7, 0x44, 0x18, 0x18, 0x14, 0x14, 0x27, 0x45, 0xd0, 0x2d, 0x24, 0xd5, 0x93, 0xc3, 0x74, 0x4c, 0x50, 0x70, 0x43, 0x26, 0x05, 0x08, 0x24, 0xca, 0x78, 0x30, 0xc1, 0x06, 0x8d, 0xd4, 0x86, 0x42, 0xf0, 0x14, 0xde, 0x08, 0x05},
+ dt2: fp.Elt{0x1a, 0x33, 0xea, 0x64, 0x45, 0x1c, 0xdf, 0x17, 0x1d, 0x16, 0x34, 0x28, 0xd6, 0x61, 0x19, 0x67, 0x79, 0xb4, 0x13, 0xcf, 0x3e, 0x7c, 0x0e, 0x72, 0xda, 0xf1, 0x5f, 0xda, 0xe6, 0xcf, 0x42, 0xd3, 0xb6, 0x17, 0xc2, 0x68, 0x13, 0x2d, 0xd9, 0x60, 0x3e, 0xae, 0xf0, 0x5b, 0x96, 0xf0, 0xcd, 0xaf, 0xea, 0xb7, 0x0d, 0x59, 0x16, 0xa7, 0xff, 0x55},
+ },
+ { /* 3P*/
+ addYX: fp.Elt{0xd1, 0xe9, 0xa8, 0x33, 0x20, 0x76, 0x18, 0x08, 0x45, 0x2a, 0xc9, 0x67, 0x2a, 0xc3, 0x15, 0x24, 0xf9, 0x74, 0x21, 0x30, 0x99, 0x59, 0x8b, 0xb2, 0xf0, 0xa4, 0x07, 0xe2, 0x6a, 0x36, 0x8d, 0xd9, 0xd2, 0x4a, 0x7f, 0x73, 0x50, 0x39, 0x3d, 0xaa, 0xa7, 0x51, 0x73, 0x0d, 0x2b, 0x8b, 0x96, 0x47, 0xac, 0x3c, 0x5d, 0xaa, 0x39, 0x9c, 0xcf, 0xd5},
+ subYX: fp.Elt{0x6b, 0x11, 0x5d, 0x1a, 0xf9, 0x41, 0x9d, 0xc5, 0x30, 0x3e, 0xad, 0x25, 0x2c, 0x04, 0x45, 0xea, 0xcc, 0x67, 0x07, 0x85, 0xe9, 0xda, 0x0e, 0xb5, 0x40, 0xb7, 0x32, 0xb4, 0x49, 0xdd, 0xff, 0xaa, 0xfc, 0xbb, 0x19, 0xca, 0x8b, 0x79, 0x2b, 0x8f, 0x8d, 0x00, 0x33, 0xc2, 0xad, 0xe9, 0xd3, 0x12, 0xa8, 0xaa, 0x87, 0x62, 0xad, 0x2d, 0xff, 0xa4},
+ dt2: fp.Elt{0xb0, 0xaf, 0x3b, 0xea, 0xf0, 0x42, 0x0b, 0x5e, 0x88, 0xd3, 0x98, 0x08, 0x87, 0x59, 0x72, 0x0a, 0xc2, 0xdf, 0xcb, 0x7f, 0x59, 0xb5, 0x4c, 0x63, 0x68, 0xe8, 0x41, 0x38, 0x67, 0x4f, 0xe9, 0xc6, 0xb2, 0x6b, 0x08, 0xa7, 0xf7, 0x0e, 0xcd, 0xea, 0xca, 0x3d, 0xaf, 0x8e, 0xda, 0x4b, 0x2e, 0xd2, 0x88, 0x64, 0x8d, 0xc5, 0x5f, 0x76, 0x0f, 0x3d},
+ },
+ { /* 5P*/
+ addYX: fp.Elt{0xe5, 0x65, 0xc9, 0xe2, 0x75, 0xf0, 0x7d, 0x1a, 0xba, 0xa4, 0x40, 0x4b, 0x93, 0x12, 0xa2, 0x80, 0x95, 0x0d, 0x03, 0x93, 0xe8, 0xa5, 0x4d, 0xe2, 0x3d, 0x81, 0xf5, 0xce, 0xd4, 0x2d, 0x25, 0x59, 0x16, 0x5c, 0xe7, 0xda, 0xc7, 0x45, 0xd2, 0x7e, 0x2c, 0x38, 0xd4, 0x37, 0x64, 0xb2, 0xc2, 0x28, 0xc5, 0x72, 0x16, 0x32, 0x45, 0x36, 0x6f, 0x9f},
+ subYX: fp.Elt{0x09, 0xf4, 0x7e, 0xbd, 0x89, 0xdb, 0x19, 0x58, 0xe1, 0x08, 0x00, 0x8a, 0xf4, 0x5f, 0x2a, 0x32, 0x40, 0xf0, 0x2c, 0x3f, 0x5d, 0xe4, 0xfc, 0x89, 0x11, 0x24, 0xb4, 0x2f, 0x97, 0xad, 0xac, 0x8f, 0x19, 0xab, 0xfa, 0x12, 0xe5, 0xf9, 0x50, 0x4e, 0x50, 0x6f, 0x32, 0x30, 0x88, 0xa6, 0xe5, 0x48, 0x28, 0xa2, 0x1b, 0x9f, 0xcd, 0xe2, 0x43, 0x38},
+ dt2: fp.Elt{0xa9, 0xcc, 0x53, 0x39, 0x86, 0x02, 0x60, 0x75, 0x34, 0x99, 0x57, 0xbd, 0xfc, 0x5a, 0x8e, 0xce, 0x5e, 0x98, 0x22, 0xd0, 0xa5, 0x24, 0xff, 0x90, 0x28, 0x9f, 0x58, 0xf3, 0x39, 0xe9, 0xba, 0x36, 0x23, 0xfb, 0x7f, 0x41, 0xcc, 0x2b, 0x5a, 0x25, 0x3f, 0x4c, 0x2a, 0xf1, 0x52, 0x6f, 0x2f, 0x07, 0xe3, 0x88, 0x81, 0x77, 0xdd, 0x7c, 0x88, 0x82},
+ },
+ { /* 7P*/
+ addYX: fp.Elt{0xf7, 0xee, 0x88, 0xfd, 0x3a, 0xbf, 0x7e, 0x28, 0x39, 0x23, 0x79, 0xe6, 0x5c, 0x56, 0xcb, 0xb5, 0x48, 0x6a, 0x80, 0x6d, 0x37, 0x60, 0x6c, 0x10, 0x35, 0x49, 0x4b, 0x46, 0x60, 0xd4, 0x79, 0xd4, 0x53, 0xd3, 0x67, 0x88, 0xd0, 0x41, 0xd5, 0x43, 0x85, 0xc8, 0x71, 0xe3, 0x1c, 0xb6, 0xda, 0x22, 0x64, 0x8f, 0x80, 0xac, 0xad, 0x7d, 0xd5, 0x82},
+ subYX: fp.Elt{0x92, 0x40, 0xc1, 0x83, 0x21, 0x9b, 0xd5, 0x7d, 0x3f, 0x29, 0xb6, 0x26, 0xef, 0x12, 0xb9, 0x27, 0x39, 0x42, 0x37, 0x97, 0x09, 0x9a, 0x08, 0xe1, 0x68, 0xb6, 0x7a, 0x3f, 0x9f, 0x45, 0xf8, 0x37, 0x19, 0x83, 0x97, 0xe6, 0x73, 0x30, 0x32, 0x35, 0xcf, 0xae, 0x5c, 0x12, 0x68, 0xdf, 0x6e, 0x2b, 0xde, 0x83, 0xa0, 0x44, 0x74, 0x2e, 0x4a, 0xe9},
+ dt2: fp.Elt{0xcb, 0x22, 0x0a, 0xda, 0x6b, 0xc1, 0x8a, 0x29, 0xa1, 0xac, 0x8b, 0x5b, 0x8b, 0x32, 0x20, 0xf2, 0x21, 0xae, 0x0c, 0x43, 0xc4, 0xd7, 0x19, 0x37, 0x3d, 0x79, 0x25, 0x98, 0x6c, 0x9c, 0x22, 0x31, 0x2a, 0x55, 0x9f, 0xda, 0x5e, 0xa8, 0x13, 0xdb, 0x8e, 0x2e, 0x16, 0x39, 0xf4, 0x91, 0x6f, 0xec, 0x71, 0x71, 0xc9, 0x10, 0xf2, 0xa4, 0x8f, 0x11},
+ },
+ { /* 9P*/
+ addYX: fp.Elt{0x85, 0xdd, 0x37, 0x62, 0x74, 0x8e, 0x33, 0x5b, 0x25, 0x12, 0x1b, 0xe7, 0xdf, 0x47, 0xe5, 0x12, 0xfd, 0x3a, 0x3a, 0xf5, 0x5d, 0x4c, 0xa2, 0x29, 0x3c, 0x5c, 0x2f, 0xee, 0x18, 0x19, 0x0a, 0x2b, 0xef, 0x67, 0x50, 0x7a, 0x0d, 0x29, 0xae, 0x55, 0x82, 0xcd, 0xd6, 0x41, 0x90, 0xb4, 0x13, 0x31, 0x5d, 0x11, 0xb8, 0xaa, 0x12, 0x86, 0x08, 0xac},
+ subYX: fp.Elt{0xcc, 0x37, 0x8d, 0x83, 0x5f, 0xfd, 0xde, 0xd5, 0xf7, 0xf1, 0xae, 0x0a, 0xa7, 0x0b, 0xeb, 0x6d, 0x19, 0x8a, 0xb6, 0x1a, 0x59, 0xd8, 0xff, 0x3c, 0xbc, 0xbc, 0xef, 0x9c, 0xda, 0x7b, 0x75, 0x12, 0xaf, 0x80, 0x8f, 0x2c, 0x3c, 0xaa, 0x0b, 0x17, 0x86, 0x36, 0x78, 0x18, 0xc8, 0x8a, 0xf6, 0xb8, 0x2c, 0x2f, 0x57, 0x2c, 0x62, 0x57, 0xf6, 0x90},
+ dt2: fp.Elt{0x83, 0xbc, 0xa2, 0x07, 0xa5, 0x38, 0x96, 0xea, 0xfe, 0x11, 0x46, 0x1d, 0x3b, 0xcd, 0x42, 0xc5, 0xee, 0x67, 0x04, 0x72, 0x08, 0xd8, 0xd9, 0x96, 0x07, 0xf7, 0xac, 0xc3, 0x64, 0xf1, 0x98, 0x2c, 0x55, 0xd7, 0x7d, 0xc8, 0x6c, 0xbd, 0x2c, 0xff, 0x15, 0xd6, 0x6e, 0xb8, 0x17, 0x8e, 0xa8, 0x27, 0x66, 0xb1, 0x73, 0x79, 0x96, 0xff, 0x29, 0x10},
+ },
+ { /* 11P*/
+ addYX: fp.Elt{0x76, 0xcb, 0x9b, 0x0c, 0x5b, 0xfe, 0xe1, 0x2a, 0xdd, 0x6f, 0x6c, 0xdd, 0x6f, 0xb4, 0xc0, 0xc2, 0x1b, 0x4b, 0x38, 0xe8, 0x66, 0x8c, 0x1e, 0x31, 0x63, 0xb9, 0x94, 0xcd, 0xc3, 0x8c, 0x44, 0x25, 0x7b, 0xd5, 0x39, 0x80, 0xfc, 0x01, 0xaa, 0xf7, 0x2a, 0x61, 0x8a, 0x25, 0xd2, 0x5f, 0xc5, 0x66, 0x38, 0xa4, 0x17, 0xcf, 0x3e, 0x11, 0x0f, 0xa3},
+ subYX: fp.Elt{0xe0, 0xb6, 0xd1, 0x9c, 0x71, 0x49, 0x2e, 0x7b, 0xde, 0x00, 0xda, 0x6b, 0xf1, 0xec, 0xe6, 0x7a, 0x15, 0x38, 0x71, 0xe9, 0x7b, 0xdb, 0xf8, 0x98, 0xc0, 0x91, 0x2e, 0x53, 0xee, 0x92, 0x87, 0x25, 0xc9, 0xb0, 0xbb, 0x33, 0x15, 0x46, 0x7f, 0xfd, 0x4f, 0x8b, 0x77, 0x05, 0x96, 0xb6, 0xe2, 0x08, 0xdb, 0x0d, 0x09, 0xee, 0x5b, 0xd1, 0x2a, 0x63},
+ dt2: fp.Elt{0x8f, 0x7b, 0x57, 0x8c, 0xbf, 0x06, 0x0d, 0x43, 0x21, 0x92, 0x94, 0x2d, 0x6a, 0x38, 0x07, 0x0f, 0xa0, 0xf1, 0xe3, 0xd8, 0x2a, 0xbf, 0x46, 0xc6, 0x9e, 0x1f, 0x8f, 0x2b, 0x46, 0x84, 0x0b, 0x74, 0xed, 0xff, 0xf8, 0xa5, 0x94, 0xae, 0xf1, 0x67, 0xb1, 0x9b, 0xdd, 0x4a, 0xd0, 0xdb, 0xc2, 0xb5, 0x58, 0x49, 0x0c, 0xa9, 0x1d, 0x7d, 0xa9, 0xd3},
+ },
+ { /* 13P*/
+ addYX: fp.Elt{0x73, 0x84, 0x2e, 0x31, 0x1f, 0xdc, 0xed, 0x9f, 0x74, 0xfa, 0xe0, 0x35, 0xb1, 0x85, 0x6a, 0x8d, 0x86, 0xd0, 0xff, 0xd6, 0x08, 0x43, 0x73, 0x1a, 0xd5, 0xf8, 0x43, 0xd4, 0xb3, 0xe5, 0x3f, 0xa8, 0x84, 0x17, 0x59, 0x65, 0x4e, 0xe6, 0xee, 0x54, 0x9c, 0xda, 0x5e, 0x7e, 0x98, 0x29, 0x6d, 0x73, 0x34, 0x1f, 0x99, 0x80, 0x54, 0x54, 0x81, 0x0b},
+ subYX: fp.Elt{0xb1, 0xe5, 0xbb, 0x80, 0x22, 0x9c, 0x81, 0x6d, 0xaf, 0x27, 0x65, 0x6f, 0x7e, 0x9c, 0xb6, 0x8d, 0x35, 0x5c, 0x2e, 0x20, 0x48, 0x7a, 0x28, 0xf0, 0x97, 0xfe, 0xb7, 0x71, 0xce, 0xd6, 0xad, 0x3a, 0x81, 0xf6, 0x74, 0x5e, 0xf3, 0xfd, 0x1b, 0xd4, 0x1e, 0x7c, 0xc2, 0xb7, 0xc8, 0xa6, 0xc9, 0x89, 0x03, 0x47, 0xec, 0x24, 0xd6, 0x0e, 0xec, 0x9c},
+ dt2: fp.Elt{0x91, 0x0a, 0x43, 0x34, 0x20, 0xc2, 0x64, 0xf7, 0x4e, 0x48, 0xc8, 0xd2, 0x95, 0x83, 0xd1, 0xa4, 0xfb, 0x4e, 0x41, 0x3b, 0x0d, 0xd5, 0x07, 0xd9, 0xf1, 0x13, 0x16, 0x78, 0x54, 0x57, 0xd0, 0xf1, 0x4f, 0x20, 0xac, 0xcf, 0x9c, 0x3b, 0x33, 0x0b, 0x99, 0x54, 0xc3, 0x7f, 0x3e, 0x57, 0x26, 0x86, 0xd5, 0xa5, 0x2b, 0x8d, 0xe3, 0x19, 0x36, 0xf7},
+ },
+ { /* 15P*/
+ addYX: fp.Elt{0x23, 0x69, 0x47, 0x14, 0xf9, 0x9a, 0x50, 0xff, 0x64, 0xd1, 0x50, 0x35, 0xc3, 0x11, 0xd3, 0x19, 0xcf, 0x87, 0xda, 0x30, 0x0b, 0x50, 0xda, 0xc0, 0xe0, 0x25, 0x00, 0xe5, 0x68, 0x93, 0x04, 0xc2, 0xaf, 0xbd, 0x2f, 0x36, 0x5f, 0x47, 0x96, 0x10, 0xa8, 0xbd, 0xe4, 0x88, 0xac, 0x80, 0x52, 0x61, 0x73, 0xe9, 0x63, 0xdd, 0x99, 0xad, 0x20, 0x5b},
+ subYX: fp.Elt{0x1b, 0x5e, 0xa2, 0x2a, 0x25, 0x0f, 0x86, 0xc0, 0xb1, 0x2e, 0x0c, 0x13, 0x40, 0x8d, 0xf0, 0xe6, 0x00, 0x55, 0x08, 0xc5, 0x7d, 0xf4, 0xc9, 0x31, 0x25, 0x3a, 0x99, 0x69, 0xdd, 0x67, 0x63, 0x9a, 0xd6, 0x89, 0x2e, 0xa1, 0x19, 0xca, 0x2c, 0xd9, 0x59, 0x5f, 0x5d, 0xc3, 0x6e, 0x62, 0x36, 0x12, 0x59, 0x15, 0xe1, 0xdc, 0xa4, 0xad, 0xc9, 0xd0},
+ dt2: fp.Elt{0xbc, 0xea, 0xfc, 0xaf, 0x66, 0x23, 0xb7, 0x39, 0x6b, 0x2a, 0x96, 0xa8, 0x54, 0x43, 0xe9, 0xaa, 0x32, 0x40, 0x63, 0x92, 0x5e, 0xdf, 0x35, 0xc2, 0x9f, 0x24, 0x0c, 0xed, 0xfc, 0xde, 0x73, 0x8f, 0xa7, 0xd5, 0xa3, 0x2b, 0x18, 0x1f, 0xb0, 0xf8, 0xeb, 0x55, 0xd9, 0xc3, 0xfd, 0x28, 0x7c, 0x4f, 0xce, 0x0d, 0xf7, 0xae, 0xc2, 0x83, 0xc3, 0x78},
+ },
+ { /* 17P*/
+ addYX: fp.Elt{0x71, 0xe6, 0x60, 0x93, 0x37, 0xdb, 0x01, 0xa5, 0x4c, 0xba, 0xe8, 0x8e, 0xd5, 0xf9, 0xd3, 0x98, 0xe5, 0xeb, 0xab, 0x3a, 0x15, 0x8b, 0x35, 0x60, 0xbe, 0xe5, 0x9c, 0x2d, 0x10, 0x9b, 0x2e, 0xcf, 0x65, 0x64, 0xea, 0x8f, 0x72, 0xce, 0xf5, 0x18, 0xe5, 0xe2, 0xf0, 0x0e, 0xae, 0x04, 0xec, 0xa0, 0x20, 0x65, 0x63, 0x07, 0xb1, 0x9f, 0x03, 0x97},
+ subYX: fp.Elt{0x9e, 0x41, 0x64, 0x30, 0x95, 0x7f, 0x3a, 0x89, 0x7b, 0x0a, 0x79, 0x59, 0x23, 0x9a, 0x3b, 0xfe, 0xa4, 0x13, 0x08, 0xb2, 0x2e, 0x04, 0x50, 0x10, 0x30, 0xcd, 0x2e, 0xa4, 0x91, 0x71, 0x50, 0x36, 0x4a, 0x02, 0xf4, 0x8d, 0xa3, 0x36, 0x1b, 0xf4, 0x52, 0xba, 0x15, 0x04, 0x8b, 0x80, 0x25, 0xd9, 0xae, 0x67, 0x20, 0xd9, 0x88, 0x8f, 0x97, 0xa6},
+ dt2: fp.Elt{0xb5, 0xe7, 0x46, 0xbd, 0x55, 0x23, 0xa0, 0x68, 0xc0, 0x12, 0xd9, 0xf1, 0x0a, 0x75, 0xe2, 0xda, 0xf4, 0x6b, 0xca, 0x14, 0xe4, 0x9f, 0x0f, 0xb5, 0x3c, 0xa6, 0xa5, 0xa2, 0x63, 0x94, 0xd1, 0x1c, 0x39, 0x58, 0x57, 0x02, 0x27, 0x98, 0xb6, 0x47, 0xc6, 0x61, 0x4b, 0x5c, 0xab, 0x6f, 0x2d, 0xab, 0xe3, 0xc1, 0x69, 0xf9, 0x12, 0xb0, 0xc8, 0xd5},
+ },
+ { /* 19P*/
+ addYX: fp.Elt{0x19, 0x7d, 0xd5, 0xac, 0x79, 0xa2, 0x82, 0x9b, 0x28, 0x31, 0x22, 0xc0, 0x73, 0x02, 0x76, 0x17, 0x10, 0x70, 0x79, 0x57, 0xc9, 0x84, 0x62, 0x8e, 0x04, 0x04, 0x61, 0x67, 0x08, 0x48, 0xb4, 0x4b, 0xde, 0x53, 0x8c, 0xff, 0x36, 0x1b, 0x62, 0x86, 0x5d, 0xe1, 0x9b, 0xb1, 0xe5, 0xe8, 0x44, 0x64, 0xa1, 0x68, 0x3f, 0xa8, 0x45, 0x52, 0x91, 0xed},
+ subYX: fp.Elt{0x42, 0x1a, 0x36, 0x1f, 0x90, 0x15, 0x24, 0x8d, 0x24, 0x80, 0xe6, 0xfe, 0x1e, 0xf0, 0xad, 0xaf, 0x6a, 0x93, 0xf0, 0xa6, 0x0d, 0x5d, 0xea, 0xf6, 0x62, 0x96, 0x7a, 0x05, 0x76, 0x85, 0x74, 0x32, 0xc7, 0xc8, 0x64, 0x53, 0x62, 0xe7, 0x54, 0x84, 0xe0, 0x40, 0x66, 0x19, 0x70, 0x40, 0x95, 0x35, 0x68, 0x64, 0x43, 0xcd, 0xba, 0x29, 0x32, 0xa8},
+ dt2: fp.Elt{0x3e, 0xf6, 0xd6, 0xe4, 0x99, 0xeb, 0x20, 0x66, 0x08, 0x2e, 0x26, 0x64, 0xd7, 0x76, 0xf3, 0xb4, 0xc5, 0xa4, 0x35, 0x92, 0xd2, 0x99, 0x70, 0x5a, 0x1a, 0xe9, 0xe9, 0x3d, 0x3b, 0xe1, 0xcd, 0x0e, 0xee, 0x24, 0x13, 0x03, 0x22, 0xd6, 0xd6, 0x72, 0x08, 0x2b, 0xde, 0xfd, 0x93, 0xed, 0x0c, 0x7f, 0x5e, 0x31, 0x22, 0x4d, 0x80, 0x78, 0xc0, 0x48},
+ },
+ { /* 21P*/
+ addYX: fp.Elt{0x8f, 0x72, 0xd2, 0x9e, 0xc4, 0xcd, 0x2c, 0xbf, 0xa8, 0xd3, 0x24, 0x62, 0x28, 0xee, 0x39, 0x0a, 0x19, 0x3a, 0x58, 0xff, 0x21, 0x2e, 0x69, 0x6c, 0x6e, 0x18, 0xd0, 0xcd, 0x61, 0xc1, 0x18, 0x02, 0x5a, 0xe9, 0xe3, 0xef, 0x1f, 0x8e, 0x10, 0xe8, 0x90, 0x2b, 0x48, 0xcd, 0xee, 0x38, 0xbd, 0x3a, 0xca, 0xbc, 0x2d, 0xe2, 0x3a, 0x03, 0x71, 0x02},
+ subYX: fp.Elt{0xf8, 0xa4, 0x32, 0x26, 0x66, 0xaf, 0x3b, 0x53, 0xe7, 0xb0, 0x91, 0x92, 0xf5, 0x3c, 0x74, 0xce, 0xf2, 0xdd, 0x68, 0xa9, 0xf4, 0xcd, 0x5f, 0x60, 0xab, 0x71, 0xdf, 0xcd, 0x5c, 0x5d, 0x51, 0x72, 0x3a, 0x96, 0xea, 0xd6, 0xde, 0x54, 0x8e, 0x55, 0x4c, 0x08, 0x4c, 0x60, 0xdd, 0x34, 0xa9, 0x6f, 0xf3, 0x04, 0x02, 0xa8, 0xa6, 0x4e, 0x4d, 0x62},
+ dt2: fp.Elt{0x76, 0x4a, 0xae, 0x38, 0x62, 0x69, 0x72, 0xdc, 0xe8, 0x43, 0xbe, 0x1d, 0x61, 0xde, 0x31, 0xc3, 0x42, 0x8f, 0x33, 0x9d, 0xca, 0xc7, 0x9c, 0xec, 0x6a, 0xe2, 0xaa, 0x01, 0x49, 0x78, 0x8d, 0x72, 0x4f, 0x38, 0xea, 0x52, 0xc2, 0xd3, 0xc9, 0x39, 0x71, 0xba, 0xb9, 0x09, 0x9b, 0xa3, 0x7f, 0x45, 0x43, 0x65, 0x36, 0x29, 0xca, 0xe7, 0x5c, 0x5f},
+ },
+ { /* 23P*/
+ addYX: fp.Elt{0x89, 0x42, 0x35, 0x48, 0x6d, 0x74, 0xe5, 0x1f, 0xc3, 0xdd, 0x28, 0x5b, 0x84, 0x41, 0x33, 0x9f, 0x42, 0xf3, 0x1d, 0x5d, 0x15, 0x6d, 0x76, 0x33, 0x36, 0xaf, 0xe9, 0xdd, 0xfa, 0x63, 0x4f, 0x7a, 0x9c, 0xeb, 0x1c, 0x4f, 0x34, 0x65, 0x07, 0x54, 0xbb, 0x4c, 0x8b, 0x62, 0x9d, 0xd0, 0x06, 0x99, 0xb3, 0xe9, 0xda, 0x85, 0x19, 0xb0, 0x3d, 0x3c},
+ subYX: fp.Elt{0xbb, 0x99, 0xf6, 0xbf, 0xaf, 0x2c, 0x22, 0x0d, 0x7a, 0xaa, 0x98, 0x6f, 0x01, 0x82, 0x99, 0xcf, 0x88, 0xbd, 0x0e, 0x3a, 0x89, 0xe0, 0x9c, 0x8c, 0x17, 0x20, 0xc4, 0xe0, 0xcf, 0x43, 0x7a, 0xef, 0x0d, 0x9f, 0x87, 0xd4, 0xfb, 0xf2, 0x96, 0xb8, 0x03, 0xe8, 0xcb, 0x5c, 0xec, 0x65, 0x5f, 0x49, 0xa4, 0x7c, 0x85, 0xb4, 0xf6, 0xc7, 0xdb, 0xa3},
+ dt2: fp.Elt{0x11, 0xf3, 0x32, 0xa3, 0xa7, 0xb2, 0x7d, 0x51, 0x82, 0x44, 0xeb, 0xa2, 0x7d, 0x72, 0xcb, 0xc6, 0xf6, 0xc7, 0xb2, 0x38, 0x0e, 0x0f, 0x4f, 0x29, 0x00, 0xe4, 0x5b, 0x94, 0x46, 0x86, 0x66, 0xa1, 0x83, 0xb3, 0xeb, 0x15, 0xb6, 0x31, 0x50, 0x28, 0xeb, 0xed, 0x0d, 0x32, 0x39, 0xe9, 0x23, 0x81, 0x99, 0x3e, 0xff, 0x17, 0x4c, 0x11, 0x43, 0xd1},
+ },
+ { /* 25P*/
+ addYX: fp.Elt{0xce, 0xe7, 0xf8, 0x94, 0x8f, 0x96, 0xf8, 0x96, 0xe6, 0x72, 0x20, 0x44, 0x2c, 0xa7, 0xfc, 0xba, 0xc8, 0xe1, 0xbb, 0xc9, 0x16, 0x85, 0xcd, 0x0b, 0xe5, 0xb5, 0x5a, 0x7f, 0x51, 0x43, 0x63, 0x8b, 0x23, 0x8e, 0x1d, 0x31, 0xff, 0x46, 0x02, 0x66, 0xcc, 0x9e, 0x4d, 0xa2, 0xca, 0xe2, 0xc7, 0xfd, 0x22, 0xb1, 0xdb, 0xdf, 0x6f, 0xe6, 0xa5, 0x82},
+ subYX: fp.Elt{0xd0, 0xf5, 0x65, 0x40, 0xec, 0x8e, 0x65, 0x42, 0x78, 0xc1, 0x65, 0xe4, 0x10, 0xc8, 0x0b, 0x1b, 0xdd, 0x96, 0x68, 0xce, 0xee, 0x45, 0x55, 0xd8, 0x6e, 0xd3, 0xe6, 0x77, 0x19, 0xae, 0xc2, 0x8d, 0x8d, 0x3e, 0x14, 0x3f, 0x6d, 0x00, 0x2f, 0x9b, 0xd1, 0x26, 0x60, 0x28, 0x0f, 0x3a, 0x47, 0xb3, 0xe6, 0x68, 0x28, 0x24, 0x25, 0xca, 0xc8, 0x06},
+ dt2: fp.Elt{0x54, 0xbb, 0x60, 0x92, 0xdb, 0x8f, 0x0f, 0x38, 0xe0, 0xe6, 0xe4, 0xc9, 0xcc, 0x14, 0x62, 0x01, 0xc4, 0x2b, 0x0f, 0xcf, 0xed, 0x7d, 0x8e, 0xa4, 0xd9, 0x73, 0x0b, 0xba, 0x0c, 0xaf, 0x0c, 0xf9, 0xe2, 0xeb, 0x29, 0x2a, 0x53, 0xdf, 0x2c, 0x5a, 0xfa, 0x8f, 0xc1, 0x01, 0xd7, 0xb1, 0x45, 0x73, 0x92, 0x32, 0x83, 0x85, 0x12, 0x74, 0x89, 0x44},
+ },
+ { /* 27P*/
+ addYX: fp.Elt{0x0b, 0x73, 0x3c, 0xc2, 0xb1, 0x2e, 0xe1, 0xa7, 0xf5, 0xc9, 0x7a, 0xfb, 0x3d, 0x2d, 0xac, 0x59, 0xdb, 0xfa, 0x36, 0x11, 0xd1, 0x13, 0x04, 0x51, 0x1d, 0xab, 0x9b, 0x6b, 0x93, 0xfe, 0xda, 0xb0, 0x8e, 0xb4, 0x79, 0x11, 0x21, 0x0f, 0x65, 0xb9, 0xbb, 0x79, 0x96, 0x2a, 0xfd, 0x30, 0xe0, 0xb4, 0x2d, 0x9a, 0x55, 0x25, 0x5d, 0xd4, 0xad, 0x2a},
+ subYX: fp.Elt{0x9e, 0xc5, 0x04, 0xfe, 0xec, 0x3c, 0x64, 0x1c, 0xed, 0x95, 0xed, 0xae, 0xaf, 0x5c, 0x6e, 0x08, 0x9e, 0x02, 0x29, 0x59, 0x7e, 0x5f, 0xc4, 0x9a, 0xd5, 0x32, 0x72, 0x86, 0xe1, 0x4e, 0x3c, 0xce, 0x99, 0x69, 0x3b, 0xc4, 0xdd, 0x4d, 0xb7, 0xbb, 0xda, 0x3b, 0x1a, 0x99, 0xaa, 0x62, 0x15, 0xc1, 0xf0, 0xb6, 0x6c, 0xec, 0x56, 0xc1, 0xff, 0x0c},
+ dt2: fp.Elt{0x2f, 0xf1, 0x3f, 0x7a, 0x2d, 0x56, 0x19, 0x7f, 0xea, 0xbe, 0x59, 0x2e, 0x13, 0x67, 0x81, 0xfb, 0xdb, 0xc8, 0xa3, 0x1d, 0xd5, 0xe9, 0x13, 0x8b, 0x29, 0xdf, 0xcf, 0x9f, 0xe7, 0xd9, 0x0b, 0x70, 0xd3, 0x15, 0x57, 0x4a, 0xe9, 0x50, 0x12, 0x1b, 0x81, 0x4b, 0x98, 0x98, 0xa8, 0x31, 0x1d, 0x27, 0x47, 0x38, 0xed, 0x57, 0x99, 0x26, 0xb2, 0xee},
+ },
+ { /* 29P*/
+ addYX: fp.Elt{0x1c, 0xb2, 0xb2, 0x67, 0x3b, 0x8b, 0x3d, 0x5a, 0x30, 0x7e, 0x38, 0x7e, 0x3c, 0x3d, 0x28, 0x56, 0x59, 0xd8, 0x87, 0x53, 0x8b, 0xe6, 0x6c, 0x5d, 0xe5, 0x0a, 0x33, 0x10, 0xce, 0xa2, 0x17, 0x0d, 0xe8, 0x76, 0xee, 0x68, 0xa8, 0x72, 0x54, 0xbd, 0xa6, 0x24, 0x94, 0x6e, 0x77, 0xc7, 0x53, 0xb7, 0x89, 0x1c, 0x7a, 0xe9, 0x78, 0x9a, 0x74, 0x5f},
+ subYX: fp.Elt{0x76, 0x96, 0x1c, 0xcf, 0x08, 0x55, 0xd8, 0x1e, 0x0d, 0xa3, 0x59, 0x95, 0x32, 0xf4, 0xc2, 0x8e, 0x84, 0x5e, 0x4b, 0x04, 0xda, 0x71, 0xc9, 0x78, 0x52, 0xde, 0x14, 0xb4, 0x31, 0xf4, 0xd4, 0xb8, 0x58, 0xc5, 0x20, 0xe8, 0xdd, 0x15, 0xb5, 0xee, 0xea, 0x61, 0xe0, 0xf5, 0xd6, 0xae, 0x55, 0x59, 0x05, 0x3e, 0xaf, 0x74, 0xac, 0x1f, 0x17, 0x82},
+ dt2: fp.Elt{0x59, 0x24, 0xcd, 0xfc, 0x11, 0x7e, 0x85, 0x18, 0x3d, 0x69, 0xf7, 0x71, 0x31, 0x66, 0x98, 0x42, 0x95, 0x00, 0x8c, 0xb2, 0xae, 0x39, 0x7e, 0x85, 0xd6, 0xb0, 0x02, 0xec, 0xce, 0xfc, 0x25, 0xb2, 0xe3, 0x99, 0x8e, 0x5b, 0x61, 0x96, 0x2e, 0x6d, 0x96, 0x57, 0x71, 0xa5, 0x93, 0x41, 0x0e, 0x6f, 0xfd, 0x0a, 0xbf, 0xa9, 0xf7, 0x56, 0xa9, 0x3e},
+ },
+ { /* 31P*/
+ addYX: fp.Elt{0xa2, 0x2e, 0x0c, 0x17, 0x4d, 0xcc, 0x85, 0x2c, 0x18, 0xa0, 0xd2, 0x08, 0xba, 0x11, 0xfa, 0x47, 0x71, 0x86, 0xaf, 0x36, 0x6a, 0xd7, 0xfe, 0xb9, 0xb0, 0x2f, 0x89, 0x98, 0x49, 0x69, 0xf8, 0x6a, 0xad, 0x27, 0x5e, 0x0a, 0x22, 0x60, 0x5e, 0x5d, 0xca, 0x06, 0x51, 0x27, 0x99, 0x29, 0x85, 0x68, 0x98, 0xe1, 0xc4, 0x21, 0x50, 0xa0, 0xe9, 0xc1},
+ subYX: fp.Elt{0x4d, 0x70, 0xee, 0x91, 0x92, 0x3f, 0xb7, 0xd3, 0x1d, 0xdb, 0x8d, 0x6e, 0x16, 0xf5, 0x65, 0x7d, 0x5f, 0xb5, 0x6c, 0x59, 0x26, 0x70, 0x4b, 0xf2, 0xfc, 0xe7, 0xdf, 0x86, 0xfe, 0xa5, 0xa7, 0xa6, 0x5d, 0xfb, 0x06, 0xe9, 0xf9, 0xcc, 0xc0, 0x37, 0xcc, 0xd8, 0x09, 0x04, 0xd2, 0xa5, 0x1d, 0xd7, 0xb7, 0xce, 0x92, 0xac, 0x3c, 0xad, 0xfb, 0xae},
+ dt2: fp.Elt{0x17, 0xa3, 0x9a, 0xc7, 0x86, 0x2a, 0x51, 0xf7, 0x96, 0x79, 0x49, 0x22, 0x2e, 0x5a, 0x01, 0x5c, 0xb5, 0x95, 0xd4, 0xe8, 0xcb, 0x00, 0xca, 0x2d, 0x55, 0xb6, 0x34, 0x36, 0x0b, 0x65, 0x46, 0xf0, 0x49, 0xfc, 0x87, 0x86, 0xe5, 0xc3, 0x15, 0xdb, 0x32, 0xcd, 0xf2, 0xd3, 0x82, 0x4c, 0xe6, 0x61, 0x8a, 0xaf, 0xd4, 0x9e, 0x0f, 0x5a, 0xf2, 0x81},
+ },
+ { /* 33P*/
+ addYX: fp.Elt{0x88, 0x10, 0xc0, 0xcb, 0xf5, 0x77, 0xae, 0xa5, 0xbe, 0xf6, 0xcd, 0x2e, 0x8b, 0x7e, 0xbd, 0x79, 0x62, 0x4a, 0xeb, 0x69, 0xc3, 0x28, 0xaa, 0x72, 0x87, 0xa9, 0x25, 0x87, 0x46, 0xea, 0x0e, 0x62, 0xa3, 0x6a, 0x1a, 0xe2, 0xba, 0xdc, 0x81, 0x10, 0x33, 0x01, 0xf6, 0x16, 0x89, 0x80, 0xc6, 0xcd, 0xdb, 0xdc, 0xba, 0x0e, 0x09, 0x4a, 0x35, 0x4a},
+ subYX: fp.Elt{0x86, 0xb2, 0x2b, 0xd0, 0xb8, 0x4a, 0x6d, 0x66, 0x7b, 0x32, 0xdf, 0x3b, 0x1a, 0x19, 0x1f, 0x63, 0xee, 0x1f, 0x3d, 0x1c, 0x5c, 0x14, 0x60, 0x5b, 0x72, 0x49, 0x07, 0xb1, 0x0d, 0x72, 0xc6, 0x35, 0xf0, 0xbc, 0x5e, 0xda, 0x80, 0x6b, 0x64, 0x5b, 0xe5, 0x34, 0x54, 0x39, 0xdd, 0xe6, 0x3c, 0xcb, 0xe5, 0x29, 0x32, 0x06, 0xc6, 0xb1, 0x96, 0x34},
+ dt2: fp.Elt{0x85, 0x86, 0xf5, 0x84, 0x86, 0xe6, 0x77, 0x8a, 0x71, 0x85, 0x0c, 0x4f, 0x81, 0x5b, 0x29, 0x06, 0xb5, 0x2e, 0x26, 0x71, 0x07, 0x78, 0x07, 0xae, 0xbc, 0x95, 0x46, 0xc3, 0x65, 0xac, 0xe3, 0x76, 0x51, 0x7d, 0xd4, 0x85, 0x31, 0xe3, 0x43, 0xf3, 0x1b, 0x7c, 0xf7, 0x6b, 0x2c, 0xf8, 0x1c, 0xbb, 0x8d, 0xca, 0xab, 0x4b, 0xba, 0x7f, 0xa4, 0xe2},
+ },
+ { /* 35P*/
+ addYX: fp.Elt{0x1a, 0xee, 0xe7, 0xa4, 0x8a, 0x9d, 0x53, 0x80, 0xc6, 0xb8, 0x4e, 0xdc, 0x89, 0xe0, 0xc4, 0x2b, 0x60, 0x52, 0x6f, 0xec, 0x81, 0xd2, 0x55, 0x6b, 0x1b, 0x6f, 0x17, 0x67, 0x8e, 0x42, 0x26, 0x4c, 0x65, 0x23, 0x29, 0xc6, 0x7b, 0xcd, 0x9f, 0xad, 0x4b, 0x42, 0xd3, 0x0c, 0x75, 0xc3, 0x8a, 0xf5, 0xbe, 0x9e, 0x55, 0xf7, 0x47, 0x5d, 0xbd, 0x3a},
+ subYX: fp.Elt{0x0d, 0xa8, 0x3b, 0xf9, 0xc7, 0x7e, 0xc6, 0x86, 0x94, 0xc0, 0x01, 0xff, 0x27, 0xce, 0x43, 0xac, 0xe5, 0xe1, 0xd2, 0x8d, 0xc1, 0x22, 0x31, 0xbe, 0xe1, 0xaf, 0xf9, 0x4a, 0x78, 0xa1, 0x0c, 0xaa, 0xd4, 0x80, 0xe4, 0x09, 0x8d, 0xfb, 0x1d, 0x52, 0xc8, 0x60, 0x2d, 0xf2, 0xa2, 0x89, 0x02, 0x56, 0x3d, 0x56, 0x27, 0x85, 0xc7, 0xf0, 0x2b, 0x9a},
+ dt2: fp.Elt{0x62, 0x7c, 0xc7, 0x6b, 0x2c, 0x9d, 0x0a, 0x7c, 0xe5, 0x50, 0x3c, 0xe6, 0x87, 0x1c, 0x82, 0x30, 0x67, 0x3c, 0x39, 0xb6, 0xa0, 0x31, 0xfb, 0x03, 0x7b, 0xa1, 0x58, 0xdf, 0x12, 0x76, 0x5d, 0x5d, 0x0a, 0x8f, 0x9b, 0x37, 0x32, 0xc3, 0x60, 0x33, 0xea, 0x9f, 0x0a, 0x99, 0xfa, 0x20, 0xd0, 0x33, 0x21, 0xc3, 0x94, 0xd4, 0x86, 0x49, 0x7c, 0x4e},
+ },
+ { /* 37P*/
+ addYX: fp.Elt{0xc7, 0x0c, 0x71, 0xfe, 0x55, 0xd1, 0x95, 0x8f, 0x43, 0xbb, 0x6b, 0x74, 0x30, 0xbd, 0xe8, 0x6f, 0x1c, 0x1b, 0x06, 0x62, 0xf5, 0xfc, 0x65, 0xa0, 0xeb, 0x81, 0x12, 0xc9, 0x64, 0x66, 0x61, 0xde, 0xf3, 0x6d, 0xd4, 0xae, 0x8e, 0xb1, 0x72, 0xe0, 0xcd, 0x37, 0x01, 0x28, 0x52, 0xd7, 0x39, 0x46, 0x0c, 0x55, 0xcf, 0x47, 0x70, 0xef, 0xa1, 0x17},
+ subYX: fp.Elt{0x8d, 0x58, 0xde, 0x83, 0x88, 0x16, 0x0e, 0x12, 0x42, 0x03, 0x50, 0x60, 0x4b, 0xdf, 0xbf, 0x95, 0xcc, 0x7d, 0x18, 0x17, 0x7e, 0x31, 0x5d, 0x8a, 0x66, 0xc1, 0xcf, 0x14, 0xea, 0xf4, 0xf4, 0xe5, 0x63, 0x2d, 0x32, 0x86, 0x9b, 0xed, 0x1f, 0x4f, 0x03, 0xaf, 0x33, 0x92, 0xcb, 0xaf, 0x9c, 0x05, 0x0d, 0x47, 0x1b, 0x42, 0xba, 0x13, 0x22, 0x98},
+ dt2: fp.Elt{0xb5, 0x48, 0xeb, 0x7d, 0x3d, 0x10, 0x9f, 0x59, 0xde, 0xf8, 0x1c, 0x4f, 0x7d, 0x9d, 0x40, 0x4d, 0x9e, 0x13, 0x24, 0xb5, 0x21, 0x09, 0xb7, 0xee, 0x98, 0x5c, 0x56, 0xbc, 0x5e, 0x2b, 0x78, 0x38, 0x06, 0xac, 0xe3, 0xe0, 0xfa, 0x2e, 0xde, 0x4f, 0xd2, 0xb3, 0xfb, 0x2d, 0x71, 0x84, 0xd1, 0x9d, 0x12, 0x5b, 0x35, 0xc8, 0x03, 0x68, 0x67, 0xc7},
+ },
+ { /* 39P*/
+ addYX: fp.Elt{0xb6, 0x65, 0xfb, 0xa7, 0x06, 0x35, 0xbb, 0xe0, 0x31, 0x8d, 0x91, 0x40, 0x98, 0xab, 0x30, 0xe4, 0xca, 0x12, 0x59, 0x89, 0xed, 0x65, 0x5d, 0x7f, 0xae, 0x69, 0xa0, 0xa4, 0xfa, 0x78, 0xb4, 0xf7, 0xed, 0xae, 0x86, 0x78, 0x79, 0x64, 0x24, 0xa6, 0xd4, 0xe1, 0xf6, 0xd3, 0xa0, 0x89, 0xba, 0x20, 0xf4, 0x54, 0x0d, 0x8f, 0xdb, 0x1a, 0x79, 0xdb},
+ subYX: fp.Elt{0xe1, 0x82, 0x0c, 0x4d, 0xde, 0x9f, 0x40, 0xf0, 0xc1, 0xbd, 0x8b, 0xd3, 0x24, 0x03, 0xcd, 0xf2, 0x92, 0x7d, 0xe2, 0x68, 0x7f, 0xf1, 0xbe, 0x69, 0xde, 0x34, 0x67, 0x4c, 0x85, 0x3b, 0xec, 0x98, 0xcc, 0x4d, 0x3e, 0xc0, 0x96, 0x27, 0xe6, 0x75, 0xfc, 0xdf, 0x37, 0xc0, 0x1e, 0x27, 0xe0, 0xf6, 0xc2, 0xbd, 0xbc, 0x3d, 0x9b, 0x39, 0xdc, 0xe2},
+ dt2: fp.Elt{0xd8, 0x29, 0xa7, 0x39, 0xe3, 0x9f, 0x2f, 0x0e, 0x4b, 0x24, 0x21, 0x70, 0xef, 0xfd, 0x91, 0xea, 0xbf, 0xe1, 0x72, 0x90, 0xcc, 0xc9, 0x84, 0x0e, 0xad, 0xd5, 0xe6, 0xbb, 0xc5, 0x99, 0x7f, 0xa4, 0xf0, 0x2e, 0xcc, 0x95, 0x64, 0x27, 0x19, 0xd8, 0x4c, 0x27, 0x0d, 0xff, 0xb6, 0x29, 0xe2, 0x6c, 0xfa, 0xbb, 0x4d, 0x9c, 0xbb, 0xaf, 0xa5, 0xec},
+ },
+ { /* 41P*/
+ addYX: fp.Elt{0xd6, 0x33, 0x3f, 0x9f, 0xcf, 0xfd, 0x4c, 0xd1, 0xfe, 0xe5, 0xeb, 0x64, 0x27, 0xae, 0x7a, 0xa2, 0x82, 0x50, 0x6d, 0xaa, 0xe3, 0x5d, 0xe2, 0x48, 0x60, 0xb3, 0x76, 0x04, 0xd9, 0x19, 0xa7, 0xa1, 0x73, 0x8d, 0x38, 0xa9, 0xaf, 0x45, 0xb5, 0xb2, 0x62, 0x9b, 0xf1, 0x35, 0x7b, 0x84, 0x66, 0xeb, 0x06, 0xef, 0xf1, 0xb2, 0x2d, 0x6a, 0x61, 0x15},
+ subYX: fp.Elt{0x86, 0x50, 0x42, 0xf7, 0xda, 0x59, 0xb2, 0xcf, 0x0d, 0x3d, 0xee, 0x8e, 0x53, 0x5d, 0xf7, 0x9e, 0x6a, 0x26, 0x2d, 0xc7, 0x8c, 0x8e, 0x18, 0x50, 0x6d, 0xb7, 0x51, 0x4c, 0xa7, 0x52, 0x6e, 0x0e, 0x0a, 0x16, 0x74, 0xb2, 0x81, 0x8b, 0x56, 0x27, 0x22, 0x84, 0xf4, 0x56, 0xc5, 0x06, 0xe1, 0x8b, 0xca, 0x2d, 0xdb, 0x9a, 0xf6, 0x10, 0x9c, 0x51},
+ dt2: fp.Elt{0x1f, 0x16, 0xa2, 0x78, 0x96, 0x1b, 0x85, 0x9c, 0x76, 0x49, 0xd4, 0x0f, 0xac, 0xb0, 0xf4, 0xd0, 0x06, 0x2c, 0x7e, 0x6d, 0x6e, 0x8e, 0xc7, 0x9f, 0x18, 0xad, 0xfc, 0x88, 0x0c, 0x0c, 0x09, 0x05, 0x05, 0xa0, 0x79, 0x72, 0x32, 0x72, 0x87, 0x0f, 0x49, 0x87, 0x0c, 0xb4, 0x12, 0xc2, 0x09, 0xf8, 0x9f, 0x30, 0x72, 0xa9, 0x47, 0x13, 0x93, 0x49},
+ },
+ { /* 43P*/
+ addYX: fp.Elt{0xcc, 0xb1, 0x4c, 0xd3, 0xc0, 0x9e, 0x9e, 0x4d, 0x6d, 0x28, 0x0b, 0xa5, 0x94, 0xa7, 0x2e, 0xc2, 0xc7, 0xaf, 0x29, 0x73, 0xc9, 0x68, 0xea, 0x0f, 0x34, 0x37, 0x8d, 0x96, 0x8f, 0x3a, 0x3d, 0x73, 0x1e, 0x6d, 0x9f, 0xcf, 0x8d, 0x83, 0xb5, 0x71, 0xb9, 0xe1, 0x4b, 0x67, 0x71, 0xea, 0xcf, 0x56, 0xe5, 0xeb, 0x72, 0x15, 0x2f, 0x9e, 0xa8, 0xaa},
+ subYX: fp.Elt{0xf4, 0x3e, 0x85, 0x1c, 0x1a, 0xef, 0x50, 0xd1, 0xb4, 0x20, 0xb2, 0x60, 0x05, 0x98, 0xfe, 0x47, 0x3b, 0xc1, 0x76, 0xca, 0x2c, 0x4e, 0x5a, 0x42, 0xa3, 0xf7, 0x20, 0xaa, 0x57, 0x39, 0xee, 0x34, 0x1f, 0xe1, 0x68, 0xd3, 0x7e, 0x06, 0xc4, 0x6c, 0xc7, 0x76, 0x2b, 0xe4, 0x1c, 0x48, 0x44, 0xe6, 0xe5, 0x44, 0x24, 0x8d, 0xb3, 0xb6, 0x88, 0x32},
+ dt2: fp.Elt{0x18, 0xa7, 0xba, 0xd0, 0x44, 0x6f, 0x33, 0x31, 0x00, 0xf8, 0xf6, 0x12, 0xe3, 0xc5, 0xc7, 0xb5, 0x91, 0x9c, 0x91, 0xb5, 0x75, 0x18, 0x18, 0x8a, 0xab, 0xed, 0x24, 0x11, 0x2e, 0xce, 0x5a, 0x0f, 0x94, 0x5f, 0x2e, 0xca, 0xd3, 0x80, 0xea, 0xe5, 0x34, 0x96, 0x67, 0x8b, 0x6a, 0x26, 0x5e, 0xc8, 0x9d, 0x2c, 0x5e, 0x6c, 0xa2, 0x0c, 0xbf, 0xf0},
+ },
+ { /* 45P*/
+ addYX: fp.Elt{0xb3, 0xbf, 0xa3, 0x85, 0xee, 0xf6, 0x58, 0x02, 0x78, 0xc4, 0x30, 0xd6, 0x57, 0x59, 0x8c, 0x88, 0x08, 0x7c, 0xbc, 0xbe, 0x0a, 0x74, 0xa9, 0xde, 0x69, 0xe7, 0x41, 0xd8, 0xbf, 0x66, 0x8d, 0x3d, 0x28, 0x00, 0x8c, 0x47, 0x65, 0x34, 0xfe, 0x86, 0x9e, 0x6a, 0xf2, 0x41, 0x6a, 0x94, 0xc4, 0x88, 0x75, 0x23, 0x0d, 0x52, 0x69, 0xee, 0x07, 0x89},
+ subYX: fp.Elt{0x22, 0x3c, 0xa1, 0x70, 0x58, 0x97, 0x93, 0xbe, 0x59, 0xa8, 0x0b, 0x8a, 0x46, 0x2a, 0x38, 0x1e, 0x08, 0x6b, 0x61, 0x9f, 0xf2, 0x4a, 0x8b, 0x80, 0x68, 0x6e, 0xc8, 0x92, 0x60, 0xf3, 0xc9, 0x89, 0xb2, 0x6d, 0x63, 0xb0, 0xeb, 0x83, 0x15, 0x63, 0x0e, 0x64, 0xbb, 0xb8, 0xfe, 0xb4, 0x81, 0x90, 0x01, 0x28, 0x10, 0xb9, 0x74, 0x6e, 0xde, 0xa4},
+ dt2: fp.Elt{0x1a, 0x23, 0x45, 0xa8, 0x6f, 0x4e, 0xa7, 0x4a, 0x0c, 0xeb, 0xb0, 0x43, 0xf9, 0xef, 0x99, 0x60, 0x5b, 0xdb, 0x66, 0xc0, 0x86, 0x71, 0x43, 0xb1, 0x22, 0x7b, 0x1c, 0xe7, 0x8d, 0x09, 0x1d, 0x83, 0x76, 0x9c, 0xd3, 0x5a, 0xdd, 0x42, 0xd9, 0x2f, 0x2d, 0xba, 0x7a, 0xc2, 0xd9, 0x6b, 0xd4, 0x7a, 0xf1, 0xd5, 0x5f, 0x6b, 0x85, 0xbf, 0x0b, 0xf1},
+ },
+ { /* 47P*/
+ addYX: fp.Elt{0xb2, 0x83, 0xfa, 0x1f, 0xd2, 0xce, 0xb6, 0xf2, 0x2d, 0xea, 0x1b, 0xe5, 0x29, 0xa5, 0x72, 0xf9, 0x25, 0x48, 0x4e, 0xf2, 0x50, 0x1b, 0x39, 0xda, 0x34, 0xc5, 0x16, 0x13, 0xb4, 0x0c, 0xa1, 0x00, 0x79, 0x7a, 0xf5, 0x8b, 0xf3, 0x70, 0x14, 0xb6, 0xfc, 0x9a, 0x47, 0x68, 0x1e, 0x42, 0x70, 0x64, 0x2a, 0x84, 0x3e, 0x3d, 0x20, 0x58, 0xf9, 0x6a},
+ subYX: fp.Elt{0xd9, 0xee, 0xc0, 0xc4, 0xf5, 0xc2, 0x86, 0xaf, 0x45, 0xd2, 0xd2, 0x87, 0x1b, 0x64, 0xd5, 0xe0, 0x8c, 0x44, 0x00, 0x4f, 0x43, 0x89, 0x04, 0x48, 0x4a, 0x0b, 0xca, 0x94, 0x06, 0x2f, 0x23, 0x5b, 0x6c, 0x8d, 0x44, 0x66, 0x53, 0xf5, 0x5a, 0x20, 0x72, 0x28, 0x58, 0x84, 0xcc, 0x73, 0x22, 0x5e, 0xd1, 0x0b, 0x56, 0x5e, 0x6a, 0xa3, 0x11, 0x91},
+ dt2: fp.Elt{0x6e, 0x9f, 0x88, 0xa8, 0x68, 0x2f, 0x12, 0x37, 0x88, 0xfc, 0x92, 0x8f, 0x24, 0xeb, 0x5b, 0x2a, 0x2a, 0xd0, 0x14, 0x40, 0x4c, 0xa9, 0xa4, 0x03, 0x0c, 0x45, 0x48, 0x13, 0xe8, 0xa6, 0x37, 0xab, 0xc0, 0x06, 0x38, 0x6c, 0x96, 0x73, 0x40, 0x6c, 0xc6, 0xea, 0x56, 0xc6, 0xe9, 0x1a, 0x69, 0xeb, 0x7a, 0xd1, 0x33, 0x69, 0x58, 0x2b, 0xea, 0x2f},
+ },
+ { /* 49P*/
+ addYX: fp.Elt{0x58, 0xa8, 0x05, 0x41, 0x00, 0x9d, 0xaa, 0xd9, 0x98, 0xcf, 0xb9, 0x41, 0xb5, 0x4a, 0x8d, 0xe2, 0xe7, 0xc0, 0x72, 0xef, 0xc8, 0x28, 0x6b, 0x68, 0x9d, 0xc9, 0xdf, 0x05, 0x8b, 0xd0, 0x04, 0x74, 0x79, 0x45, 0x52, 0x05, 0xa3, 0x6e, 0x35, 0x3a, 0xe3, 0xef, 0xb2, 0xdc, 0x08, 0x6f, 0x4e, 0x76, 0x85, 0x67, 0xba, 0x23, 0x8f, 0xdd, 0xaf, 0x09},
+ subYX: fp.Elt{0xb4, 0x38, 0xc8, 0xff, 0x4f, 0x65, 0x2a, 0x7e, 0xad, 0xb1, 0xc6, 0xb9, 0x3d, 0xd6, 0xf7, 0x14, 0xcf, 0xf6, 0x98, 0x75, 0xbb, 0x47, 0x83, 0x90, 0xe7, 0xe1, 0xf6, 0x14, 0x99, 0x7e, 0xfa, 0xe4, 0x77, 0x24, 0xe3, 0xe7, 0xf0, 0x1e, 0xdb, 0x27, 0x4e, 0x16, 0x04, 0xf2, 0x08, 0x52, 0xfc, 0xec, 0x55, 0xdb, 0x2e, 0x67, 0xe1, 0x94, 0x32, 0x89},
+ dt2: fp.Elt{0x00, 0xad, 0x03, 0x35, 0x1a, 0xb1, 0x88, 0xf0, 0xc9, 0x11, 0xe4, 0x12, 0x52, 0x61, 0xfd, 0x8a, 0x1b, 0x6a, 0x0a, 0x4c, 0x42, 0x46, 0x22, 0x0e, 0xa5, 0xf9, 0xe2, 0x50, 0xf2, 0xb2, 0x1f, 0x20, 0x78, 0x10, 0xf6, 0xbf, 0x7f, 0x0c, 0x9c, 0xad, 0x40, 0x8b, 0x82, 0xd4, 0xba, 0x69, 0x09, 0xac, 0x4b, 0x6d, 0xc4, 0x49, 0x17, 0x81, 0x57, 0x3b},
+ },
+ { /* 51P*/
+ addYX: fp.Elt{0x0d, 0xfe, 0xb4, 0x35, 0x11, 0xbd, 0x1d, 0x6b, 0xc2, 0xc5, 0x3b, 0xd2, 0x23, 0x2c, 0x72, 0xe3, 0x48, 0xb1, 0x48, 0x73, 0xfb, 0xa3, 0x21, 0x6e, 0xc0, 0x09, 0x69, 0xac, 0xe1, 0x60, 0xbc, 0x24, 0x03, 0x99, 0x63, 0x0a, 0x00, 0xf0, 0x75, 0xf6, 0x92, 0xc5, 0xd6, 0xdb, 0x51, 0xd4, 0x7d, 0xe6, 0xf4, 0x11, 0x79, 0xd7, 0xc3, 0xaf, 0x48, 0xd0},
+ subYX: fp.Elt{0xf4, 0x4f, 0xaf, 0x31, 0xe3, 0x10, 0x89, 0x95, 0xf0, 0x8a, 0xf6, 0x31, 0x9f, 0x48, 0x02, 0xba, 0x42, 0x2b, 0x3c, 0x22, 0x8b, 0xcc, 0x12, 0x98, 0x6e, 0x7a, 0x64, 0x3a, 0xc4, 0xca, 0x32, 0x2a, 0x72, 0xf8, 0x2c, 0xcf, 0x78, 0x5e, 0x7a, 0x75, 0x6e, 0x72, 0x46, 0x48, 0x62, 0x28, 0xac, 0x58, 0x1a, 0xc6, 0x59, 0x88, 0x2a, 0x44, 0x9e, 0x83},
+ dt2: fp.Elt{0xb3, 0xde, 0x36, 0xfd, 0xeb, 0x1b, 0xd4, 0x24, 0x1b, 0x08, 0x8c, 0xfe, 0xa9, 0x41, 0xa1, 0x64, 0xf2, 0x6d, 0xdb, 0xf9, 0x94, 0xae, 0x86, 0x71, 0xab, 0x10, 0xbf, 0xa3, 0xb2, 0xa0, 0xdf, 0x10, 0x8c, 0x74, 0xce, 0xb3, 0xfc, 0xdb, 0xba, 0x15, 0xf6, 0x91, 0x7a, 0x9c, 0x36, 0x1e, 0x45, 0x07, 0x3c, 0xec, 0x1a, 0x61, 0x26, 0x93, 0xe3, 0x50},
+ },
+ { /* 53P*/
+ addYX: fp.Elt{0xc5, 0x50, 0xc5, 0x83, 0xb0, 0xbd, 0xd9, 0xf6, 0x6d, 0x15, 0x5e, 0xc1, 0x1a, 0x33, 0xa0, 0xce, 0x13, 0x70, 0x3b, 0xe1, 0x31, 0xc6, 0xc4, 0x02, 0xec, 0x8c, 0xd5, 0x9c, 0x97, 0xd3, 0x12, 0xc4, 0xa2, 0xf9, 0xd5, 0xfb, 0x22, 0x69, 0x94, 0x09, 0x2f, 0x59, 0xce, 0xdb, 0xf2, 0xf2, 0x00, 0xe0, 0xa9, 0x08, 0x44, 0x2e, 0x8b, 0x6b, 0xf5, 0xb3},
+ subYX: fp.Elt{0x90, 0xdd, 0xec, 0xa2, 0x65, 0xb7, 0x61, 0xbc, 0xaa, 0x70, 0xa2, 0x15, 0xd8, 0xb0, 0xf8, 0x8e, 0x23, 0x3d, 0x9f, 0x46, 0xa3, 0x29, 0x20, 0xd1, 0xa1, 0x15, 0x81, 0xc6, 0xb6, 0xde, 0xbe, 0x60, 0x63, 0x24, 0xac, 0x15, 0xfb, 0xeb, 0xd3, 0xea, 0x57, 0x13, 0x86, 0x38, 0x1e, 0x22, 0xf4, 0x8c, 0x5d, 0xaf, 0x1b, 0x27, 0x21, 0x4f, 0xa3, 0x63},
+ dt2: fp.Elt{0x07, 0x15, 0x87, 0xc4, 0xfd, 0xa1, 0x97, 0x7a, 0x07, 0x1f, 0x56, 0xcc, 0xe3, 0x6a, 0x01, 0x90, 0xce, 0xf9, 0xfa, 0x50, 0xb2, 0xe0, 0x87, 0x8b, 0x6c, 0x63, 0x6c, 0xf6, 0x2a, 0x09, 0xef, 0xef, 0xd2, 0x31, 0x40, 0x25, 0xf6, 0x84, 0xcb, 0xe0, 0xc4, 0x23, 0xc1, 0xcb, 0xe2, 0x02, 0x83, 0x2d, 0xed, 0x74, 0x74, 0x8b, 0xf8, 0x7c, 0x81, 0x18},
+ },
+ { /* 55P*/
+ addYX: fp.Elt{0x9e, 0xe5, 0x59, 0x95, 0x63, 0x2e, 0xac, 0x8b, 0x03, 0x3c, 0xc1, 0x8e, 0xe1, 0x5b, 0x56, 0x3c, 0x16, 0x41, 0xe4, 0xc2, 0x60, 0x0c, 0x6d, 0x65, 0x9f, 0xfc, 0x27, 0x68, 0x43, 0x44, 0x05, 0x12, 0x6c, 0xda, 0x04, 0xef, 0xcf, 0xcf, 0xdc, 0x0a, 0x1a, 0x7f, 0x12, 0xd3, 0xeb, 0x02, 0xb6, 0x04, 0xca, 0xd6, 0xcb, 0xf0, 0x22, 0xba, 0x35, 0x6d},
+ subYX: fp.Elt{0x09, 0x6d, 0xf9, 0x64, 0x4c, 0xe6, 0x41, 0xff, 0x01, 0x4d, 0xce, 0x1e, 0xfa, 0x38, 0xa2, 0x25, 0x62, 0xff, 0x03, 0x39, 0x18, 0x91, 0xbb, 0x9d, 0xce, 0x02, 0xf0, 0xf1, 0x3c, 0x55, 0x18, 0xa9, 0xab, 0x4d, 0xd2, 0x35, 0xfd, 0x8d, 0xa9, 0xb2, 0xad, 0xb7, 0x06, 0x6e, 0xc6, 0x69, 0x49, 0xd6, 0x98, 0x98, 0x0b, 0x22, 0x81, 0x6b, 0xbd, 0xa0},
+ dt2: fp.Elt{0x22, 0xf4, 0x85, 0x5d, 0x2b, 0xf1, 0x55, 0xa5, 0xd6, 0x27, 0x86, 0x57, 0x12, 0x1f, 0x16, 0x0a, 0x5a, 0x9b, 0xf2, 0x38, 0xb6, 0x28, 0xd8, 0x99, 0x0c, 0x89, 0x1d, 0x7f, 0xca, 0x21, 0x17, 0x1a, 0x0b, 0x02, 0x5f, 0x77, 0x2f, 0x73, 0x30, 0x7c, 0xc8, 0xd7, 0x2b, 0xcc, 0xe7, 0xf3, 0x21, 0xac, 0x53, 0xa7, 0x11, 0x5d, 0xd8, 0x1d, 0x9b, 0xf5},
+ },
+ { /* 57P*/
+ addYX: fp.Elt{0x94, 0x63, 0x5d, 0xef, 0xfd, 0x6d, 0x25, 0x4e, 0x6d, 0x29, 0x03, 0xed, 0x24, 0x28, 0x27, 0x57, 0x47, 0x3e, 0x6a, 0x1a, 0xfe, 0x37, 0xee, 0x5f, 0x83, 0x29, 0x14, 0xfd, 0x78, 0x25, 0x8a, 0xe1, 0x02, 0x38, 0xd8, 0xca, 0x65, 0x55, 0x40, 0x7d, 0x48, 0x2c, 0x7c, 0x7e, 0x60, 0xb6, 0x0c, 0x6d, 0xf7, 0xe8, 0xb3, 0x62, 0x53, 0xd6, 0x9c, 0x2b},
+ subYX: fp.Elt{0x47, 0x25, 0x70, 0x62, 0xf5, 0x65, 0x93, 0x62, 0x08, 0xac, 0x59, 0x66, 0xdb, 0x08, 0xd9, 0x1a, 0x19, 0xaf, 0xf4, 0xef, 0x02, 0xa2, 0x78, 0xa9, 0x55, 0x1c, 0xfa, 0x08, 0x11, 0xcb, 0xa3, 0x71, 0x74, 0xb1, 0x62, 0xe7, 0xc7, 0xf3, 0x5a, 0xb5, 0x8b, 0xd4, 0xf6, 0x10, 0x57, 0x79, 0x72, 0x2f, 0x13, 0x86, 0x7b, 0x44, 0x5f, 0x48, 0xfd, 0x88},
+ dt2: fp.Elt{0x10, 0x02, 0xcd, 0x05, 0x9a, 0xc3, 0x32, 0x6d, 0x10, 0x3a, 0x74, 0xba, 0x06, 0xc4, 0x3b, 0x34, 0xbc, 0x36, 0xed, 0xa3, 0xba, 0x9a, 0xdb, 0x6d, 0xd4, 0x69, 0x99, 0x97, 0xd0, 0xe4, 0xdd, 0xf5, 0xd4, 0x7c, 0xd3, 0x4e, 0xab, 0xd1, 0x3b, 0xbb, 0xe9, 0xc7, 0x6a, 0x94, 0x25, 0x61, 0xf0, 0x06, 0xc5, 0x12, 0xa8, 0x86, 0xe5, 0x35, 0x46, 0xeb},
+ },
+ { /* 59P*/
+ addYX: fp.Elt{0x9e, 0x95, 0x11, 0xc6, 0xc7, 0xe8, 0xee, 0x5a, 0x26, 0xa0, 0x72, 0x72, 0x59, 0x91, 0x59, 0x16, 0x49, 0x99, 0x7e, 0xbb, 0xd7, 0x15, 0xb4, 0xf2, 0x40, 0xf9, 0x5a, 0x4d, 0xc8, 0xa0, 0xe2, 0x34, 0x7b, 0x34, 0xf3, 0x99, 0xbf, 0xa9, 0xf3, 0x79, 0xc1, 0x1a, 0x0c, 0xf4, 0x86, 0x74, 0x4e, 0xcb, 0xbc, 0x90, 0xad, 0xb6, 0x51, 0x6d, 0xaa, 0x33},
+ subYX: fp.Elt{0x9f, 0xd1, 0xc5, 0xa2, 0x6c, 0x24, 0x88, 0x15, 0x71, 0x68, 0xf6, 0x07, 0x45, 0x02, 0xc4, 0x73, 0x7e, 0x75, 0x87, 0xca, 0x7c, 0xf0, 0x92, 0x00, 0x75, 0xd6, 0x5a, 0xdd, 0xe0, 0x64, 0x16, 0x9d, 0x62, 0x80, 0x33, 0x9f, 0xf4, 0x8e, 0x1a, 0x15, 0x1c, 0xd3, 0x0f, 0x4d, 0x4f, 0x62, 0x2d, 0xd7, 0xa5, 0x77, 0xe3, 0xea, 0xf0, 0xfb, 0x1a, 0xdb},
+ dt2: fp.Elt{0x6a, 0xa2, 0xb1, 0xaa, 0xfb, 0x5a, 0x32, 0x4e, 0xff, 0x47, 0x06, 0xd5, 0x9a, 0x4f, 0xce, 0x83, 0x5b, 0x82, 0x34, 0x3e, 0x47, 0xb8, 0xf8, 0xe9, 0x7c, 0x67, 0x69, 0x8d, 0x9c, 0xb7, 0xde, 0x57, 0xf4, 0x88, 0x41, 0x56, 0x0c, 0x87, 0x1e, 0xc9, 0x2f, 0x54, 0xbf, 0x5c, 0x68, 0x2c, 0xd9, 0xc4, 0xef, 0x53, 0x73, 0x1e, 0xa6, 0x38, 0x02, 0x10},
+ },
+ { /* 61P*/
+ addYX: fp.Elt{0x08, 0x80, 0x4a, 0xc9, 0xb7, 0xa8, 0x88, 0xd9, 0xfc, 0x6a, 0xc0, 0x3e, 0xc2, 0x33, 0x4d, 0x2b, 0x2a, 0xa3, 0x6d, 0x72, 0x3e, 0xdc, 0x34, 0x68, 0x08, 0xbf, 0x27, 0xef, 0xf4, 0xff, 0xe2, 0x0c, 0x31, 0x0c, 0xa2, 0x0a, 0x1f, 0x65, 0xc1, 0x4c, 0x61, 0xd3, 0x1b, 0xbc, 0x25, 0xb1, 0xd0, 0xd4, 0x89, 0xb2, 0x53, 0xfb, 0x43, 0xa5, 0xaf, 0x04},
+ subYX: fp.Elt{0xe3, 0xe1, 0x37, 0xad, 0x58, 0xa9, 0x55, 0x81, 0xee, 0x64, 0x21, 0xb9, 0xf5, 0x4c, 0x35, 0xea, 0x4a, 0xd3, 0x26, 0xaa, 0x90, 0xd4, 0x60, 0x46, 0x09, 0x4b, 0x4a, 0x62, 0xf9, 0xcd, 0xe1, 0xee, 0xbb, 0xc2, 0x09, 0x0b, 0xb0, 0x96, 0x8e, 0x43, 0x77, 0xaf, 0x25, 0x20, 0x5e, 0x47, 0xe4, 0x1d, 0x50, 0x69, 0x74, 0x08, 0xd7, 0xb9, 0x90, 0x13},
+ dt2: fp.Elt{0x51, 0x91, 0x95, 0x64, 0x03, 0x16, 0xfd, 0x6e, 0x26, 0x94, 0x6b, 0x61, 0xe7, 0xd9, 0xe0, 0x4a, 0x6d, 0x7c, 0xfa, 0xc0, 0xe2, 0x43, 0x23, 0x53, 0x70, 0xf5, 0x6f, 0x73, 0x8b, 0x81, 0xb0, 0x0c, 0xee, 0x2e, 0x46, 0xf2, 0x8d, 0xa6, 0xfb, 0xb5, 0x1c, 0x33, 0xbf, 0x90, 0x59, 0xc9, 0x7c, 0xb8, 0x6f, 0xad, 0x75, 0x02, 0x90, 0x8e, 0x59, 0x75},
+ },
+ { /* 63P*/
+ addYX: fp.Elt{0x36, 0x4d, 0x77, 0x04, 0xb8, 0x7d, 0x4a, 0xd1, 0xc5, 0xbb, 0x7b, 0x50, 0x5f, 0x8d, 0x9d, 0x62, 0x0f, 0x66, 0x71, 0xec, 0x87, 0xc5, 0x80, 0x82, 0xc8, 0xf4, 0x6a, 0x94, 0x92, 0x5b, 0xb0, 0x16, 0x9b, 0xb2, 0xc9, 0x6f, 0x2b, 0x2d, 0xee, 0x95, 0x73, 0x2e, 0xc2, 0x1b, 0xc5, 0x55, 0x36, 0x86, 0x24, 0xf8, 0x20, 0x05, 0x0d, 0x93, 0xd7, 0x76},
+ subYX: fp.Elt{0x7f, 0x01, 0xeb, 0x2e, 0x48, 0x4d, 0x1d, 0xf1, 0x06, 0x7e, 0x7c, 0x2a, 0x43, 0xbf, 0x28, 0xac, 0xe9, 0x58, 0x13, 0xc8, 0xbf, 0x8e, 0xc0, 0xef, 0xe8, 0x4f, 0x46, 0x8a, 0xe7, 0xc0, 0xf6, 0x0f, 0x0a, 0x03, 0x48, 0x91, 0x55, 0x39, 0x2a, 0xe3, 0xdc, 0xf6, 0x22, 0x9d, 0x4d, 0x71, 0x55, 0x68, 0x25, 0x6e, 0x95, 0x52, 0xee, 0x4c, 0xd9, 0x01},
+ dt2: fp.Elt{0xac, 0x33, 0x3f, 0x7c, 0x27, 0x35, 0x15, 0x91, 0x33, 0x8d, 0xf9, 0xc4, 0xf4, 0xf3, 0x90, 0x09, 0x75, 0x69, 0x62, 0x9f, 0x61, 0x35, 0x83, 0x92, 0x04, 0xef, 0x96, 0x38, 0x80, 0x9e, 0x88, 0xb3, 0x67, 0x95, 0xbe, 0x79, 0x3c, 0x35, 0xd8, 0xdc, 0xb2, 0x3e, 0x2d, 0xe6, 0x46, 0xbe, 0x81, 0xf3, 0x32, 0x0e, 0x37, 0x23, 0x75, 0x2a, 0x3d, 0xa0},
+ },
+}
diff --git a/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist_basemult.go b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist_basemult.go
new file mode 100644
index 0000000000000000000000000000000000000000..f6ac5edbbbccc08fbb45a4e4d8b9b3c92eaf78b0
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/ecc/goldilocks/twist_basemult.go
@@ -0,0 +1,62 @@
+package goldilocks
+
+import (
+ "crypto/subtle"
+
+ mlsb "github.com/cloudflare/circl/math/mlsbset"
+)
+
+const (
+ // MLSBRecoding parameters
+ fxT = 448
+ fxV = 2
+ fxW = 3
+ fx2w1 = 1 << (uint(fxW) - 1)
+)
+
+// ScalarBaseMult returns kG where G is the generator point.
+func (e twistCurve) ScalarBaseMult(k *Scalar) *twistPoint {
+ m, err := mlsb.New(fxT, fxV, fxW)
+ if err != nil {
+ panic(err)
+ }
+ if m.IsExtended() {
+ panic("not extended")
+ }
+
+ var isZero int
+ if k.IsZero() {
+ isZero = 1
+ }
+ subtle.ConstantTimeCopy(isZero, k[:], order[:])
+
+ minusK := *k
+ isEven := 1 - int(k[0]&0x1)
+ minusK.Neg()
+ subtle.ConstantTimeCopy(isEven, k[:], minusK[:])
+ c, err := m.Encode(k[:])
+ if err != nil {
+ panic(err)
+ }
+
+ gP := c.Exp(groupMLSB{})
+ P := gP.(*twistPoint)
+ P.cneg(uint(isEven))
+ return P
+}
+
+type groupMLSB struct{}
+
+func (e groupMLSB) ExtendedEltP() mlsb.EltP { return nil }
+func (e groupMLSB) Sqr(x mlsb.EltG) { x.(*twistPoint).Double() }
+func (e groupMLSB) Mul(x mlsb.EltG, y mlsb.EltP) { x.(*twistPoint).mixAddZ1(y.(*preTwistPointAffine)) }
+func (e groupMLSB) Identity() mlsb.EltG { return twistCurve{}.Identity() }
+func (e groupMLSB) NewEltP() mlsb.EltP { return &preTwistPointAffine{} }
+func (e groupMLSB) Lookup(a mlsb.EltP, v uint, s, u int32) {
+ Tabj := &tabFixMult[v]
+ P := a.(*preTwistPointAffine)
+ for k := range Tabj {
+ P.cmov(&Tabj[k], uint(subtle.ConstantTimeEq(int32(k), u)))
+ }
+ P.cneg(int(s >> 31))
+}
diff --git a/vendor/github.com/cloudflare/circl/internal/conv/conv.go b/vendor/github.com/cloudflare/circl/internal/conv/conv.go
new file mode 100644
index 0000000000000000000000000000000000000000..649a8e931d6fcdc32e4538763d7b2cefc1c171da
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/internal/conv/conv.go
@@ -0,0 +1,140 @@
+package conv
+
+import (
+ "encoding/binary"
+ "fmt"
+ "math/big"
+ "strings"
+)
+
+// BytesLe2Hex returns an hexadecimal string of a number stored in a
+// little-endian order slice x.
+func BytesLe2Hex(x []byte) string {
+ b := &strings.Builder{}
+ b.Grow(2*len(x) + 2)
+ fmt.Fprint(b, "0x")
+ if len(x) == 0 {
+ fmt.Fprint(b, "00")
+ }
+ for i := len(x) - 1; i >= 0; i-- {
+ fmt.Fprintf(b, "%02x", x[i])
+ }
+ return b.String()
+}
+
+// BytesLe2BigInt converts a little-endian slice x into a big-endian
+// math/big.Int.
+func BytesLe2BigInt(x []byte) *big.Int {
+ n := len(x)
+ b := new(big.Int)
+ if len(x) > 0 {
+ y := make([]byte, n)
+ for i := 0; i < n; i++ {
+ y[n-1-i] = x[i]
+ }
+ b.SetBytes(y)
+ }
+ return b
+}
+
+// BytesBe2Uint64Le converts a big-endian slice x to a little-endian slice of uint64.
+func BytesBe2Uint64Le(x []byte) []uint64 {
+ l := len(x)
+ z := make([]uint64, (l+7)/8)
+ blocks := l / 8
+ for i := 0; i < blocks; i++ {
+ z[i] = binary.BigEndian.Uint64(x[l-8*(i+1):])
+ }
+ remBytes := l % 8
+ for i := 0; i < remBytes; i++ {
+ z[blocks] |= uint64(x[l-1-8*blocks-i]) << uint(8*i)
+ }
+ return z
+}
+
+// BigInt2BytesLe stores a positive big.Int number x into a little-endian slice z.
+// The slice is modified if the bitlength of x <= 8*len(z) (padding with zeros).
+// If x does not fit in the slice or is negative, z is not modified.
+func BigInt2BytesLe(z []byte, x *big.Int) {
+ xLen := (x.BitLen() + 7) >> 3
+ zLen := len(z)
+ if zLen >= xLen && x.Sign() >= 0 {
+ y := x.Bytes()
+ for i := 0; i < xLen; i++ {
+ z[i] = y[xLen-1-i]
+ }
+ for i := xLen; i < zLen; i++ {
+ z[i] = 0
+ }
+ }
+}
+
+// Uint64Le2BigInt converts a little-endian slice x into a big number.
+func Uint64Le2BigInt(x []uint64) *big.Int {
+ n := len(x)
+ b := new(big.Int)
+ var bi big.Int
+ for i := n - 1; i >= 0; i-- {
+ bi.SetUint64(x[i])
+ b.Lsh(b, 64)
+ b.Add(b, &bi)
+ }
+ return b
+}
+
+// Uint64Le2BytesLe converts a little-endian slice x to a little-endian slice of bytes.
+func Uint64Le2BytesLe(x []uint64) []byte {
+ b := make([]byte, 8*len(x))
+ n := len(x)
+ for i := 0; i < n; i++ {
+ binary.LittleEndian.PutUint64(b[i*8:], x[i])
+ }
+ return b
+}
+
+// Uint64Le2BytesBe converts a little-endian slice x to a big-endian slice of bytes.
+func Uint64Le2BytesBe(x []uint64) []byte {
+ b := make([]byte, 8*len(x))
+ n := len(x)
+ for i := 0; i < n; i++ {
+ binary.BigEndian.PutUint64(b[i*8:], x[n-1-i])
+ }
+ return b
+}
+
+// Uint64Le2Hex returns an hexadecimal string of a number stored in a
+// little-endian order slice x.
+func Uint64Le2Hex(x []uint64) string {
+ b := new(strings.Builder)
+ b.Grow(16*len(x) + 2)
+ fmt.Fprint(b, "0x")
+ if len(x) == 0 {
+ fmt.Fprint(b, "00")
+ }
+ for i := len(x) - 1; i >= 0; i-- {
+ fmt.Fprintf(b, "%016x", x[i])
+ }
+ return b.String()
+}
+
+// BigInt2Uint64Le stores a positive big.Int number x into a little-endian slice z.
+// The slice is modified if the bitlength of x <= 8*len(z) (padding with zeros).
+// If x does not fit in the slice or is negative, z is not modified.
+func BigInt2Uint64Le(z []uint64, x *big.Int) {
+ xLen := (x.BitLen() + 63) >> 6 // number of 64-bit words
+ zLen := len(z)
+ if zLen >= xLen && x.Sign() > 0 {
+ var y, yi big.Int
+ y.Set(x)
+ two64 := big.NewInt(1)
+ two64.Lsh(two64, 64).Sub(two64, big.NewInt(1))
+ for i := 0; i < xLen; i++ {
+ yi.And(&y, two64)
+ z[i] = yi.Uint64()
+ y.Rsh(&y, 64)
+ }
+ }
+ for i := xLen; i < zLen; i++ {
+ z[i] = 0
+ }
+}
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/doc.go b/vendor/github.com/cloudflare/circl/internal/sha3/doc.go
new file mode 100644
index 0000000000000000000000000000000000000000..7e023090707b8a5f6e7c9c6cf7db398889cf7099
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/doc.go
@@ -0,0 +1,62 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package sha3 implements the SHA-3 fixed-output-length hash functions and
+// the SHAKE variable-output-length hash functions defined by FIPS-202.
+//
+// Both types of hash function use the "sponge" construction and the Keccak
+// permutation. For a detailed specification see http://keccak.noekeon.org/
+//
+// # Guidance
+//
+// If you aren't sure what function you need, use SHAKE256 with at least 64
+// bytes of output. The SHAKE instances are faster than the SHA3 instances;
+// the latter have to allocate memory to conform to the hash.Hash interface.
+//
+// If you need a secret-key MAC (message authentication code), prepend the
+// secret key to the input, hash with SHAKE256 and read at least 32 bytes of
+// output.
+//
+// # Security strengths
+//
+// The SHA3-x (x equals 224, 256, 384, or 512) functions have a security
+// strength against preimage attacks of x bits. Since they only produce "x"
+// bits of output, their collision-resistance is only "x/2" bits.
+//
+// The SHAKE-256 and -128 functions have a generic security strength of 256 and
+// 128 bits against all attacks, provided that at least 2x bits of their output
+// is used. Requesting more than 64 or 32 bytes of output, respectively, does
+// not increase the collision-resistance of the SHAKE functions.
+//
+// # The sponge construction
+//
+// A sponge builds a pseudo-random function from a public pseudo-random
+// permutation, by applying the permutation to a state of "rate + capacity"
+// bytes, but hiding "capacity" of the bytes.
+//
+// A sponge starts out with a zero state. To hash an input using a sponge, up
+// to "rate" bytes of the input are XORed into the sponge's state. The sponge
+// is then "full" and the permutation is applied to "empty" it. This process is
+// repeated until all the input has been "absorbed". The input is then padded.
+// The digest is "squeezed" from the sponge in the same way, except that output
+// is copied out instead of input being XORed in.
+//
+// A sponge is parameterized by its generic security strength, which is equal
+// to half its capacity; capacity + rate is equal to the permutation's width.
+// Since the KeccakF-1600 permutation is 1600 bits (200 bytes) wide, this means
+// that the security strength of a sponge instance is equal to (1600 - bitrate) / 2.
+//
+// # Recommendations
+//
+// The SHAKE functions are recommended for most new uses. They can produce
+// output of arbitrary length. SHAKE256, with an output length of at least
+// 64 bytes, provides 256-bit security against all attacks. The Keccak team
+// recommends it for most applications upgrading from SHA2-512. (NIST chose a
+// much stronger, but much slower, sponge instance for SHA3-512.)
+//
+// The SHA-3 functions are "drop-in" replacements for the SHA-2 functions.
+// They produce output of the same length, with the same security strengths
+// against all attacks. This means, in particular, that SHA3-256 only has
+// 128-bit collision resistance, because its output length is 32 bytes.
+package sha3
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/hashes.go b/vendor/github.com/cloudflare/circl/internal/sha3/hashes.go
new file mode 100644
index 0000000000000000000000000000000000000000..7d2365a76ed809674eb9f0db7b74ab93838a8354
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/hashes.go
@@ -0,0 +1,69 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package sha3
+
+// This file provides functions for creating instances of the SHA-3
+// and SHAKE hash functions, as well as utility functions for hashing
+// bytes.
+
+// New224 creates a new SHA3-224 hash.
+// Its generic security strength is 224 bits against preimage attacks,
+// and 112 bits against collision attacks.
+func New224() State {
+ return State{rate: 144, outputLen: 28, dsbyte: 0x06}
+}
+
+// New256 creates a new SHA3-256 hash.
+// Its generic security strength is 256 bits against preimage attacks,
+// and 128 bits against collision attacks.
+func New256() State {
+ return State{rate: 136, outputLen: 32, dsbyte: 0x06}
+}
+
+// New384 creates a new SHA3-384 hash.
+// Its generic security strength is 384 bits against preimage attacks,
+// and 192 bits against collision attacks.
+func New384() State {
+ return State{rate: 104, outputLen: 48, dsbyte: 0x06}
+}
+
+// New512 creates a new SHA3-512 hash.
+// Its generic security strength is 512 bits against preimage attacks,
+// and 256 bits against collision attacks.
+func New512() State {
+ return State{rate: 72, outputLen: 64, dsbyte: 0x06}
+}
+
+// Sum224 returns the SHA3-224 digest of the data.
+func Sum224(data []byte) (digest [28]byte) {
+ h := New224()
+ _, _ = h.Write(data)
+ h.Sum(digest[:0])
+ return
+}
+
+// Sum256 returns the SHA3-256 digest of the data.
+func Sum256(data []byte) (digest [32]byte) {
+ h := New256()
+ _, _ = h.Write(data)
+ h.Sum(digest[:0])
+ return
+}
+
+// Sum384 returns the SHA3-384 digest of the data.
+func Sum384(data []byte) (digest [48]byte) {
+ h := New384()
+ _, _ = h.Write(data)
+ h.Sum(digest[:0])
+ return
+}
+
+// Sum512 returns the SHA3-512 digest of the data.
+func Sum512(data []byte) (digest [64]byte) {
+ h := New512()
+ _, _ = h.Write(data)
+ h.Sum(digest[:0])
+ return
+}
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go b/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go
new file mode 100644
index 0000000000000000000000000000000000000000..1755fd1e6dc12c47a56f63c8d6e69797eebf0e0a
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/keccakf.go
@@ -0,0 +1,391 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package sha3
+
+// KeccakF1600 applies the Keccak permutation to a 1600b-wide
+// state represented as a slice of 25 uint64s.
+// If turbo is true, applies the 12-round variant instead of the
+// regular 24-round variant.
+// nolint:funlen
+func KeccakF1600(a *[25]uint64, turbo bool) {
+ // Implementation translated from Keccak-inplace.c
+ // in the keccak reference code.
+ var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64
+
+ i := 0
+
+ if turbo {
+ i = 12
+ }
+
+ for ; i < 24; i += 4 {
+ // Combines the 5 steps in each round into 2 steps.
+ // Unrolls 4 rounds per loop and spreads some steps across rounds.
+
+ // Round 1
+ bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
+ bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
+ bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
+ bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
+ bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
+ d0 = bc4 ^ (bc1<<1 | bc1>>63)
+ d1 = bc0 ^ (bc2<<1 | bc2>>63)
+ d2 = bc1 ^ (bc3<<1 | bc3>>63)
+ d3 = bc2 ^ (bc4<<1 | bc4>>63)
+ d4 = bc3 ^ (bc0<<1 | bc0>>63)
+
+ bc0 = a[0] ^ d0
+ t = a[6] ^ d1
+ bc1 = t<<44 | t>>(64-44)
+ t = a[12] ^ d2
+ bc2 = t<<43 | t>>(64-43)
+ t = a[18] ^ d3
+ bc3 = t<<21 | t>>(64-21)
+ t = a[24] ^ d4
+ bc4 = t<<14 | t>>(64-14)
+ a[0] = bc0 ^ (bc2 &^ bc1) ^ RC[i]
+ a[6] = bc1 ^ (bc3 &^ bc2)
+ a[12] = bc2 ^ (bc4 &^ bc3)
+ a[18] = bc3 ^ (bc0 &^ bc4)
+ a[24] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[10] ^ d0
+ bc2 = t<<3 | t>>(64-3)
+ t = a[16] ^ d1
+ bc3 = t<<45 | t>>(64-45)
+ t = a[22] ^ d2
+ bc4 = t<<61 | t>>(64-61)
+ t = a[3] ^ d3
+ bc0 = t<<28 | t>>(64-28)
+ t = a[9] ^ d4
+ bc1 = t<<20 | t>>(64-20)
+ a[10] = bc0 ^ (bc2 &^ bc1)
+ a[16] = bc1 ^ (bc3 &^ bc2)
+ a[22] = bc2 ^ (bc4 &^ bc3)
+ a[3] = bc3 ^ (bc0 &^ bc4)
+ a[9] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[20] ^ d0
+ bc4 = t<<18 | t>>(64-18)
+ t = a[1] ^ d1
+ bc0 = t<<1 | t>>(64-1)
+ t = a[7] ^ d2
+ bc1 = t<<6 | t>>(64-6)
+ t = a[13] ^ d3
+ bc2 = t<<25 | t>>(64-25)
+ t = a[19] ^ d4
+ bc3 = t<<8 | t>>(64-8)
+ a[20] = bc0 ^ (bc2 &^ bc1)
+ a[1] = bc1 ^ (bc3 &^ bc2)
+ a[7] = bc2 ^ (bc4 &^ bc3)
+ a[13] = bc3 ^ (bc0 &^ bc4)
+ a[19] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[5] ^ d0
+ bc1 = t<<36 | t>>(64-36)
+ t = a[11] ^ d1
+ bc2 = t<<10 | t>>(64-10)
+ t = a[17] ^ d2
+ bc3 = t<<15 | t>>(64-15)
+ t = a[23] ^ d3
+ bc4 = t<<56 | t>>(64-56)
+ t = a[4] ^ d4
+ bc0 = t<<27 | t>>(64-27)
+ a[5] = bc0 ^ (bc2 &^ bc1)
+ a[11] = bc1 ^ (bc3 &^ bc2)
+ a[17] = bc2 ^ (bc4 &^ bc3)
+ a[23] = bc3 ^ (bc0 &^ bc4)
+ a[4] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[15] ^ d0
+ bc3 = t<<41 | t>>(64-41)
+ t = a[21] ^ d1
+ bc4 = t<<2 | t>>(64-2)
+ t = a[2] ^ d2
+ bc0 = t<<62 | t>>(64-62)
+ t = a[8] ^ d3
+ bc1 = t<<55 | t>>(64-55)
+ t = a[14] ^ d4
+ bc2 = t<<39 | t>>(64-39)
+ a[15] = bc0 ^ (bc2 &^ bc1)
+ a[21] = bc1 ^ (bc3 &^ bc2)
+ a[2] = bc2 ^ (bc4 &^ bc3)
+ a[8] = bc3 ^ (bc0 &^ bc4)
+ a[14] = bc4 ^ (bc1 &^ bc0)
+
+ // Round 2
+ bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
+ bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
+ bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
+ bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
+ bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
+ d0 = bc4 ^ (bc1<<1 | bc1>>63)
+ d1 = bc0 ^ (bc2<<1 | bc2>>63)
+ d2 = bc1 ^ (bc3<<1 | bc3>>63)
+ d3 = bc2 ^ (bc4<<1 | bc4>>63)
+ d4 = bc3 ^ (bc0<<1 | bc0>>63)
+
+ bc0 = a[0] ^ d0
+ t = a[16] ^ d1
+ bc1 = t<<44 | t>>(64-44)
+ t = a[7] ^ d2
+ bc2 = t<<43 | t>>(64-43)
+ t = a[23] ^ d3
+ bc3 = t<<21 | t>>(64-21)
+ t = a[14] ^ d4
+ bc4 = t<<14 | t>>(64-14)
+ a[0] = bc0 ^ (bc2 &^ bc1) ^ RC[i+1]
+ a[16] = bc1 ^ (bc3 &^ bc2)
+ a[7] = bc2 ^ (bc4 &^ bc3)
+ a[23] = bc3 ^ (bc0 &^ bc4)
+ a[14] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[20] ^ d0
+ bc2 = t<<3 | t>>(64-3)
+ t = a[11] ^ d1
+ bc3 = t<<45 | t>>(64-45)
+ t = a[2] ^ d2
+ bc4 = t<<61 | t>>(64-61)
+ t = a[18] ^ d3
+ bc0 = t<<28 | t>>(64-28)
+ t = a[9] ^ d4
+ bc1 = t<<20 | t>>(64-20)
+ a[20] = bc0 ^ (bc2 &^ bc1)
+ a[11] = bc1 ^ (bc3 &^ bc2)
+ a[2] = bc2 ^ (bc4 &^ bc3)
+ a[18] = bc3 ^ (bc0 &^ bc4)
+ a[9] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[15] ^ d0
+ bc4 = t<<18 | t>>(64-18)
+ t = a[6] ^ d1
+ bc0 = t<<1 | t>>(64-1)
+ t = a[22] ^ d2
+ bc1 = t<<6 | t>>(64-6)
+ t = a[13] ^ d3
+ bc2 = t<<25 | t>>(64-25)
+ t = a[4] ^ d4
+ bc3 = t<<8 | t>>(64-8)
+ a[15] = bc0 ^ (bc2 &^ bc1)
+ a[6] = bc1 ^ (bc3 &^ bc2)
+ a[22] = bc2 ^ (bc4 &^ bc3)
+ a[13] = bc3 ^ (bc0 &^ bc4)
+ a[4] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[10] ^ d0
+ bc1 = t<<36 | t>>(64-36)
+ t = a[1] ^ d1
+ bc2 = t<<10 | t>>(64-10)
+ t = a[17] ^ d2
+ bc3 = t<<15 | t>>(64-15)
+ t = a[8] ^ d3
+ bc4 = t<<56 | t>>(64-56)
+ t = a[24] ^ d4
+ bc0 = t<<27 | t>>(64-27)
+ a[10] = bc0 ^ (bc2 &^ bc1)
+ a[1] = bc1 ^ (bc3 &^ bc2)
+ a[17] = bc2 ^ (bc4 &^ bc3)
+ a[8] = bc3 ^ (bc0 &^ bc4)
+ a[24] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[5] ^ d0
+ bc3 = t<<41 | t>>(64-41)
+ t = a[21] ^ d1
+ bc4 = t<<2 | t>>(64-2)
+ t = a[12] ^ d2
+ bc0 = t<<62 | t>>(64-62)
+ t = a[3] ^ d3
+ bc1 = t<<55 | t>>(64-55)
+ t = a[19] ^ d4
+ bc2 = t<<39 | t>>(64-39)
+ a[5] = bc0 ^ (bc2 &^ bc1)
+ a[21] = bc1 ^ (bc3 &^ bc2)
+ a[12] = bc2 ^ (bc4 &^ bc3)
+ a[3] = bc3 ^ (bc0 &^ bc4)
+ a[19] = bc4 ^ (bc1 &^ bc0)
+
+ // Round 3
+ bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
+ bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
+ bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
+ bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
+ bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
+ d0 = bc4 ^ (bc1<<1 | bc1>>63)
+ d1 = bc0 ^ (bc2<<1 | bc2>>63)
+ d2 = bc1 ^ (bc3<<1 | bc3>>63)
+ d3 = bc2 ^ (bc4<<1 | bc4>>63)
+ d4 = bc3 ^ (bc0<<1 | bc0>>63)
+
+ bc0 = a[0] ^ d0
+ t = a[11] ^ d1
+ bc1 = t<<44 | t>>(64-44)
+ t = a[22] ^ d2
+ bc2 = t<<43 | t>>(64-43)
+ t = a[8] ^ d3
+ bc3 = t<<21 | t>>(64-21)
+ t = a[19] ^ d4
+ bc4 = t<<14 | t>>(64-14)
+ a[0] = bc0 ^ (bc2 &^ bc1) ^ RC[i+2]
+ a[11] = bc1 ^ (bc3 &^ bc2)
+ a[22] = bc2 ^ (bc4 &^ bc3)
+ a[8] = bc3 ^ (bc0 &^ bc4)
+ a[19] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[15] ^ d0
+ bc2 = t<<3 | t>>(64-3)
+ t = a[1] ^ d1
+ bc3 = t<<45 | t>>(64-45)
+ t = a[12] ^ d2
+ bc4 = t<<61 | t>>(64-61)
+ t = a[23] ^ d3
+ bc0 = t<<28 | t>>(64-28)
+ t = a[9] ^ d4
+ bc1 = t<<20 | t>>(64-20)
+ a[15] = bc0 ^ (bc2 &^ bc1)
+ a[1] = bc1 ^ (bc3 &^ bc2)
+ a[12] = bc2 ^ (bc4 &^ bc3)
+ a[23] = bc3 ^ (bc0 &^ bc4)
+ a[9] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[5] ^ d0
+ bc4 = t<<18 | t>>(64-18)
+ t = a[16] ^ d1
+ bc0 = t<<1 | t>>(64-1)
+ t = a[2] ^ d2
+ bc1 = t<<6 | t>>(64-6)
+ t = a[13] ^ d3
+ bc2 = t<<25 | t>>(64-25)
+ t = a[24] ^ d4
+ bc3 = t<<8 | t>>(64-8)
+ a[5] = bc0 ^ (bc2 &^ bc1)
+ a[16] = bc1 ^ (bc3 &^ bc2)
+ a[2] = bc2 ^ (bc4 &^ bc3)
+ a[13] = bc3 ^ (bc0 &^ bc4)
+ a[24] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[20] ^ d0
+ bc1 = t<<36 | t>>(64-36)
+ t = a[6] ^ d1
+ bc2 = t<<10 | t>>(64-10)
+ t = a[17] ^ d2
+ bc3 = t<<15 | t>>(64-15)
+ t = a[3] ^ d3
+ bc4 = t<<56 | t>>(64-56)
+ t = a[14] ^ d4
+ bc0 = t<<27 | t>>(64-27)
+ a[20] = bc0 ^ (bc2 &^ bc1)
+ a[6] = bc1 ^ (bc3 &^ bc2)
+ a[17] = bc2 ^ (bc4 &^ bc3)
+ a[3] = bc3 ^ (bc0 &^ bc4)
+ a[14] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[10] ^ d0
+ bc3 = t<<41 | t>>(64-41)
+ t = a[21] ^ d1
+ bc4 = t<<2 | t>>(64-2)
+ t = a[7] ^ d2
+ bc0 = t<<62 | t>>(64-62)
+ t = a[18] ^ d3
+ bc1 = t<<55 | t>>(64-55)
+ t = a[4] ^ d4
+ bc2 = t<<39 | t>>(64-39)
+ a[10] = bc0 ^ (bc2 &^ bc1)
+ a[21] = bc1 ^ (bc3 &^ bc2)
+ a[7] = bc2 ^ (bc4 &^ bc3)
+ a[18] = bc3 ^ (bc0 &^ bc4)
+ a[4] = bc4 ^ (bc1 &^ bc0)
+
+ // Round 4
+ bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
+ bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
+ bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
+ bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
+ bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
+ d0 = bc4 ^ (bc1<<1 | bc1>>63)
+ d1 = bc0 ^ (bc2<<1 | bc2>>63)
+ d2 = bc1 ^ (bc3<<1 | bc3>>63)
+ d3 = bc2 ^ (bc4<<1 | bc4>>63)
+ d4 = bc3 ^ (bc0<<1 | bc0>>63)
+
+ bc0 = a[0] ^ d0
+ t = a[1] ^ d1
+ bc1 = t<<44 | t>>(64-44)
+ t = a[2] ^ d2
+ bc2 = t<<43 | t>>(64-43)
+ t = a[3] ^ d3
+ bc3 = t<<21 | t>>(64-21)
+ t = a[4] ^ d4
+ bc4 = t<<14 | t>>(64-14)
+ a[0] = bc0 ^ (bc2 &^ bc1) ^ RC[i+3]
+ a[1] = bc1 ^ (bc3 &^ bc2)
+ a[2] = bc2 ^ (bc4 &^ bc3)
+ a[3] = bc3 ^ (bc0 &^ bc4)
+ a[4] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[5] ^ d0
+ bc2 = t<<3 | t>>(64-3)
+ t = a[6] ^ d1
+ bc3 = t<<45 | t>>(64-45)
+ t = a[7] ^ d2
+ bc4 = t<<61 | t>>(64-61)
+ t = a[8] ^ d3
+ bc0 = t<<28 | t>>(64-28)
+ t = a[9] ^ d4
+ bc1 = t<<20 | t>>(64-20)
+ a[5] = bc0 ^ (bc2 &^ bc1)
+ a[6] = bc1 ^ (bc3 &^ bc2)
+ a[7] = bc2 ^ (bc4 &^ bc3)
+ a[8] = bc3 ^ (bc0 &^ bc4)
+ a[9] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[10] ^ d0
+ bc4 = t<<18 | t>>(64-18)
+ t = a[11] ^ d1
+ bc0 = t<<1 | t>>(64-1)
+ t = a[12] ^ d2
+ bc1 = t<<6 | t>>(64-6)
+ t = a[13] ^ d3
+ bc2 = t<<25 | t>>(64-25)
+ t = a[14] ^ d4
+ bc3 = t<<8 | t>>(64-8)
+ a[10] = bc0 ^ (bc2 &^ bc1)
+ a[11] = bc1 ^ (bc3 &^ bc2)
+ a[12] = bc2 ^ (bc4 &^ bc3)
+ a[13] = bc3 ^ (bc0 &^ bc4)
+ a[14] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[15] ^ d0
+ bc1 = t<<36 | t>>(64-36)
+ t = a[16] ^ d1
+ bc2 = t<<10 | t>>(64-10)
+ t = a[17] ^ d2
+ bc3 = t<<15 | t>>(64-15)
+ t = a[18] ^ d3
+ bc4 = t<<56 | t>>(64-56)
+ t = a[19] ^ d4
+ bc0 = t<<27 | t>>(64-27)
+ a[15] = bc0 ^ (bc2 &^ bc1)
+ a[16] = bc1 ^ (bc3 &^ bc2)
+ a[17] = bc2 ^ (bc4 &^ bc3)
+ a[18] = bc3 ^ (bc0 &^ bc4)
+ a[19] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[20] ^ d0
+ bc3 = t<<41 | t>>(64-41)
+ t = a[21] ^ d1
+ bc4 = t<<2 | t>>(64-2)
+ t = a[22] ^ d2
+ bc0 = t<<62 | t>>(64-62)
+ t = a[23] ^ d3
+ bc1 = t<<55 | t>>(64-55)
+ t = a[24] ^ d4
+ bc2 = t<<39 | t>>(64-39)
+ a[20] = bc0 ^ (bc2 &^ bc1)
+ a[21] = bc1 ^ (bc3 &^ bc2)
+ a[22] = bc2 ^ (bc4 &^ bc3)
+ a[23] = bc3 ^ (bc0 &^ bc4)
+ a[24] = bc4 ^ (bc1 &^ bc0)
+ }
+}
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/rc.go b/vendor/github.com/cloudflare/circl/internal/sha3/rc.go
new file mode 100644
index 0000000000000000000000000000000000000000..6a3df42f305f30ff75a661b4019847b785478342
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/rc.go
@@ -0,0 +1,29 @@
+package sha3
+
+// RC stores the round constants for use in the ι step.
+var RC = [24]uint64{
+ 0x0000000000000001,
+ 0x0000000000008082,
+ 0x800000000000808A,
+ 0x8000000080008000,
+ 0x000000000000808B,
+ 0x0000000080000001,
+ 0x8000000080008081,
+ 0x8000000000008009,
+ 0x000000000000008A,
+ 0x0000000000000088,
+ 0x0000000080008009,
+ 0x000000008000000A,
+ 0x000000008000808B,
+ 0x800000000000008B,
+ 0x8000000000008089,
+ 0x8000000000008003,
+ 0x8000000000008002,
+ 0x8000000000000080,
+ 0x000000000000800A,
+ 0x800000008000000A,
+ 0x8000000080008081,
+ 0x8000000000008080,
+ 0x0000000080000001,
+ 0x8000000080008008,
+}
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go b/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go
new file mode 100644
index 0000000000000000000000000000000000000000..a0df5aa6c59d64ad40013178a608ad3586f08424
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/sha3.go
@@ -0,0 +1,200 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package sha3
+
+// spongeDirection indicates the direction bytes are flowing through the sponge.
+type spongeDirection int
+
+const (
+ // spongeAbsorbing indicates that the sponge is absorbing input.
+ spongeAbsorbing spongeDirection = iota
+ // spongeSqueezing indicates that the sponge is being squeezed.
+ spongeSqueezing
+)
+
+const (
+ // maxRate is the maximum size of the internal buffer. SHAKE-256
+ // currently needs the largest buffer.
+ maxRate = 168
+)
+
+func (d *State) buf() []byte {
+ return d.storage.asBytes()[d.bufo:d.bufe]
+}
+
+type State struct {
+ // Generic sponge components.
+ a [25]uint64 // main state of the hash
+ rate int // the number of bytes of state to use
+
+ bufo int // offset of buffer in storage
+ bufe int // end of buffer in storage
+
+ // dsbyte contains the "domain separation" bits and the first bit of
+ // the padding. Sections 6.1 and 6.2 of [1] separate the outputs of the
+ // SHA-3 and SHAKE functions by appending bitstrings to the message.
+ // Using a little-endian bit-ordering convention, these are "01" for SHA-3
+ // and "1111" for SHAKE, or 00000010b and 00001111b, respectively. Then the
+ // padding rule from section 5.1 is applied to pad the message to a multiple
+ // of the rate, which involves adding a "1" bit, zero or more "0" bits, and
+ // a final "1" bit. We merge the first "1" bit from the padding into dsbyte,
+ // giving 00000110b (0x06) and 00011111b (0x1f).
+ // [1] http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf
+ // "Draft FIPS 202: SHA-3 Standard: Permutation-Based Hash and
+ // Extendable-Output Functions (May 2014)"
+ dsbyte byte
+
+ storage storageBuf
+
+ // Specific to SHA-3 and SHAKE.
+ outputLen int // the default output size in bytes
+ state spongeDirection // whether the sponge is absorbing or squeezing
+ turbo bool // Whether we're using 12 rounds instead of 24
+}
+
+// BlockSize returns the rate of sponge underlying this hash function.
+func (d *State) BlockSize() int { return d.rate }
+
+// Size returns the output size of the hash function in bytes.
+func (d *State) Size() int { return d.outputLen }
+
+// Reset clears the internal state by zeroing the sponge state and
+// the byte buffer, and setting Sponge.state to absorbing.
+func (d *State) Reset() {
+ // Zero the permutation's state.
+ for i := range d.a {
+ d.a[i] = 0
+ }
+ d.state = spongeAbsorbing
+ d.bufo = 0
+ d.bufe = 0
+}
+
+func (d *State) clone() *State {
+ ret := *d
+ return &ret
+}
+
+// permute applies the KeccakF-1600 permutation. It handles
+// any input-output buffering.
+func (d *State) permute() {
+ switch d.state {
+ case spongeAbsorbing:
+ // If we're absorbing, we need to xor the input into the state
+ // before applying the permutation.
+ xorIn(d, d.buf())
+ d.bufe = 0
+ d.bufo = 0
+ KeccakF1600(&d.a, d.turbo)
+ case spongeSqueezing:
+ // If we're squeezing, we need to apply the permutation before
+ // copying more output.
+ KeccakF1600(&d.a, d.turbo)
+ d.bufe = d.rate
+ d.bufo = 0
+ copyOut(d, d.buf())
+ }
+}
+
+// pads appends the domain separation bits in dsbyte, applies
+// the multi-bitrate 10..1 padding rule, and permutes the state.
+func (d *State) padAndPermute(dsbyte byte) {
+ // Pad with this instance's domain-separator bits. We know that there's
+ // at least one byte of space in d.buf() because, if it were full,
+ // permute would have been called to empty it. dsbyte also contains the
+ // first one bit for the padding. See the comment in the state struct.
+ zerosStart := d.bufe + 1
+ d.bufe = d.rate
+ buf := d.buf()
+ buf[zerosStart-1] = dsbyte
+ for i := zerosStart; i < d.rate; i++ {
+ buf[i] = 0
+ }
+ // This adds the final one bit for the padding. Because of the way that
+ // bits are numbered from the LSB upwards, the final bit is the MSB of
+ // the last byte.
+ buf[d.rate-1] ^= 0x80
+ // Apply the permutation
+ d.permute()
+ d.state = spongeSqueezing
+ d.bufe = d.rate
+ copyOut(d, buf)
+}
+
+// Write absorbs more data into the hash's state. It produces an error
+// if more data is written to the ShakeHash after writing
+func (d *State) Write(p []byte) (written int, err error) {
+ if d.state != spongeAbsorbing {
+ panic("sha3: write to sponge after read")
+ }
+ written = len(p)
+
+ for len(p) > 0 {
+ bufl := d.bufe - d.bufo
+ if bufl == 0 && len(p) >= d.rate {
+ // The fast path; absorb a full "rate" bytes of input and apply the permutation.
+ xorIn(d, p[:d.rate])
+ p = p[d.rate:]
+ KeccakF1600(&d.a, d.turbo)
+ } else {
+ // The slow path; buffer the input until we can fill the sponge, and then xor it in.
+ todo := d.rate - bufl
+ if todo > len(p) {
+ todo = len(p)
+ }
+ d.bufe += todo
+ buf := d.buf()
+ copy(buf[bufl:], p[:todo])
+ p = p[todo:]
+
+ // If the sponge is full, apply the permutation.
+ if d.bufe == d.rate {
+ d.permute()
+ }
+ }
+ }
+
+ return written, nil
+}
+
+// Read squeezes an arbitrary number of bytes from the sponge.
+func (d *State) Read(out []byte) (n int, err error) {
+ // If we're still absorbing, pad and apply the permutation.
+ if d.state == spongeAbsorbing {
+ d.padAndPermute(d.dsbyte)
+ }
+
+ n = len(out)
+
+ // Now, do the squeezing.
+ for len(out) > 0 {
+ buf := d.buf()
+ n := copy(out, buf)
+ d.bufo += n
+ out = out[n:]
+
+ // Apply the permutation if we've squeezed the sponge dry.
+ if d.bufo == d.bufe {
+ d.permute()
+ }
+ }
+
+ return
+}
+
+// Sum applies padding to the hash state and then squeezes out the desired
+// number of output bytes.
+func (d *State) Sum(in []byte) []byte {
+ // Make a copy of the original hash so that caller can keep writing
+ // and summing.
+ dup := d.clone()
+ hash := make([]byte, dup.outputLen)
+ _, _ = dup.Read(hash)
+ return append(in, hash...)
+}
+
+func (d *State) IsAbsorbing() bool {
+ return d.state == spongeAbsorbing
+}
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/sha3_s390x.s b/vendor/github.com/cloudflare/circl/internal/sha3/sha3_s390x.s
new file mode 100644
index 0000000000000000000000000000000000000000..8a4458f63f992446fd5ece2711552fa9af53f464
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/sha3_s390x.s
@@ -0,0 +1,33 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !gccgo,!appengine
+
+#include "textflag.h"
+
+// func kimd(function code, chain *[200]byte, src []byte)
+TEXT ·kimd(SB), NOFRAME|NOSPLIT, $0-40
+ MOVD function+0(FP), R0
+ MOVD chain+8(FP), R1
+ LMG src+16(FP), R2, R3 // R2=base, R3=len
+
+continue:
+ WORD $0xB93E0002 // KIMD --, R2
+ BVS continue // continue if interrupted
+ MOVD $0, R0 // reset R0 for pre-go1.8 compilers
+ RET
+
+// func klmd(function code, chain *[200]byte, dst, src []byte)
+TEXT ·klmd(SB), NOFRAME|NOSPLIT, $0-64
+ // TODO: SHAKE support
+ MOVD function+0(FP), R0
+ MOVD chain+8(FP), R1
+ LMG dst+16(FP), R2, R3 // R2=base, R3=len
+ LMG src+40(FP), R4, R5 // R4=base, R5=len
+
+continue:
+ WORD $0xB93F0024 // KLMD R2, R4
+ BVS continue // continue if interrupted
+ MOVD $0, R0 // reset R0 for pre-go1.8 compilers
+ RET
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/shake.go b/vendor/github.com/cloudflare/circl/internal/sha3/shake.go
new file mode 100644
index 0000000000000000000000000000000000000000..77817f758cbba14ca811ba23a327d738a692d709
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/shake.go
@@ -0,0 +1,119 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package sha3
+
+// This file defines the ShakeHash interface, and provides
+// functions for creating SHAKE and cSHAKE instances, as well as utility
+// functions for hashing bytes to arbitrary-length output.
+//
+//
+// SHAKE implementation is based on FIPS PUB 202 [1]
+// cSHAKE implementations is based on NIST SP 800-185 [2]
+//
+// [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
+// [2] https://doi.org/10.6028/NIST.SP.800-185
+
+import (
+ "io"
+)
+
+// ShakeHash defines the interface to hash functions that
+// support arbitrary-length output.
+type ShakeHash interface {
+ // Write absorbs more data into the hash's state. It panics if input is
+ // written to it after output has been read from it.
+ io.Writer
+
+ // Read reads more output from the hash; reading affects the hash's
+ // state. (ShakeHash.Read is thus very different from Hash.Sum)
+ // It never returns an error.
+ io.Reader
+
+ // Clone returns a copy of the ShakeHash in its current state.
+ Clone() ShakeHash
+
+ // Reset resets the ShakeHash to its initial state.
+ Reset()
+}
+
+// Consts for configuring initial SHA-3 state
+const (
+ dsbyteShake = 0x1f
+ rate128 = 168
+ rate256 = 136
+)
+
+// Clone returns copy of SHAKE context within its current state.
+func (d *State) Clone() ShakeHash {
+ return d.clone()
+}
+
+// NewShake128 creates a new SHAKE128 variable-output-length ShakeHash.
+// Its generic security strength is 128 bits against all attacks if at
+// least 32 bytes of its output are used.
+func NewShake128() State {
+ return State{rate: rate128, dsbyte: dsbyteShake}
+}
+
+// NewTurboShake128 creates a new TurboSHAKE128 variable-output-length ShakeHash.
+// Its generic security strength is 128 bits against all attacks if at
+// least 32 bytes of its output are used.
+// D is the domain separation byte and must be between 0x01 and 0x7f inclusive.
+func NewTurboShake128(D byte) State {
+ if D == 0 || D > 0x7f {
+ panic("turboshake: D out of range")
+ }
+ return State{rate: rate128, dsbyte: D, turbo: true}
+}
+
+// NewShake256 creates a new SHAKE256 variable-output-length ShakeHash.
+// Its generic security strength is 256 bits against all attacks if
+// at least 64 bytes of its output are used.
+func NewShake256() State {
+ return State{rate: rate256, dsbyte: dsbyteShake}
+}
+
+// NewTurboShake256 creates a new TurboSHAKE256 variable-output-length ShakeHash.
+// Its generic security strength is 256 bits against all attacks if
+// at least 64 bytes of its output are used.
+// D is the domain separation byte and must be between 0x01 and 0x7f inclusive.
+func NewTurboShake256(D byte) State {
+ if D == 0 || D > 0x7f {
+ panic("turboshake: D out of range")
+ }
+ return State{rate: rate256, dsbyte: D, turbo: true}
+}
+
+// ShakeSum128 writes an arbitrary-length digest of data into hash.
+func ShakeSum128(hash, data []byte) {
+ h := NewShake128()
+ _, _ = h.Write(data)
+ _, _ = h.Read(hash)
+}
+
+// ShakeSum256 writes an arbitrary-length digest of data into hash.
+func ShakeSum256(hash, data []byte) {
+ h := NewShake256()
+ _, _ = h.Write(data)
+ _, _ = h.Read(hash)
+}
+
+// TurboShakeSum128 writes an arbitrary-length digest of data into hash.
+func TurboShakeSum128(hash, data []byte, D byte) {
+ h := NewTurboShake128(D)
+ _, _ = h.Write(data)
+ _, _ = h.Read(hash)
+}
+
+// TurboShakeSum256 writes an arbitrary-length digest of data into hash.
+func TurboShakeSum256(hash, data []byte, D byte) {
+ h := NewTurboShake256(D)
+ _, _ = h.Write(data)
+ _, _ = h.Read(hash)
+}
+
+func (d *State) SwitchDS(D byte) {
+ d.dsbyte = D
+}
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/xor.go b/vendor/github.com/cloudflare/circl/internal/sha3/xor.go
new file mode 100644
index 0000000000000000000000000000000000000000..1e21337454f0a9aa0b8298acc78a5aaa9f861151
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/xor.go
@@ -0,0 +1,15 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (!amd64 && !386 && !ppc64le) || appengine
+// +build !amd64,!386,!ppc64le appengine
+
+package sha3
+
+// A storageBuf is an aligned array of maxRate bytes.
+type storageBuf [maxRate]byte
+
+func (b *storageBuf) asBytes() *[maxRate]byte {
+ return (*[maxRate]byte)(b)
+}
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/xor_generic.go b/vendor/github.com/cloudflare/circl/internal/sha3/xor_generic.go
new file mode 100644
index 0000000000000000000000000000000000000000..2b0c661790605a27a5c92ec438d2a1f116538fc4
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/xor_generic.go
@@ -0,0 +1,33 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (!amd64 || appengine) && (!386 || appengine) && (!ppc64le || appengine)
+// +build !amd64 appengine
+// +build !386 appengine
+// +build !ppc64le appengine
+
+package sha3
+
+import "encoding/binary"
+
+// xorIn xors the bytes in buf into the state; it
+// makes no non-portable assumptions about memory layout
+// or alignment.
+func xorIn(d *State, buf []byte) {
+ n := len(buf) / 8
+
+ for i := 0; i < n; i++ {
+ a := binary.LittleEndian.Uint64(buf)
+ d.a[i] ^= a
+ buf = buf[8:]
+ }
+}
+
+// copyOut copies ulint64s to a byte buffer.
+func copyOut(d *State, b []byte) {
+ for i := 0; len(b) >= 8; i++ {
+ binary.LittleEndian.PutUint64(b, d.a[i])
+ b = b[8:]
+ }
+}
diff --git a/vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go b/vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go
new file mode 100644
index 0000000000000000000000000000000000000000..052fc8d32d2cd7729da82ed767948fb84de0debd
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/internal/sha3/xor_unaligned.go
@@ -0,0 +1,61 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (amd64 || 386 || ppc64le) && !appengine
+// +build amd64 386 ppc64le
+// +build !appengine
+
+package sha3
+
+import "unsafe"
+
+// A storageBuf is an aligned array of maxRate bytes.
+type storageBuf [maxRate / 8]uint64
+
+func (b *storageBuf) asBytes() *[maxRate]byte {
+ return (*[maxRate]byte)(unsafe.Pointer(b))
+}
+
+// xorInuses unaligned reads and writes to update d.a to contain d.a
+// XOR buf.
+func xorIn(d *State, buf []byte) {
+ n := len(buf)
+ bw := (*[maxRate / 8]uint64)(unsafe.Pointer(&buf[0]))[: n/8 : n/8]
+ if n >= 72 {
+ d.a[0] ^= bw[0]
+ d.a[1] ^= bw[1]
+ d.a[2] ^= bw[2]
+ d.a[3] ^= bw[3]
+ d.a[4] ^= bw[4]
+ d.a[5] ^= bw[5]
+ d.a[6] ^= bw[6]
+ d.a[7] ^= bw[7]
+ d.a[8] ^= bw[8]
+ }
+ if n >= 104 {
+ d.a[9] ^= bw[9]
+ d.a[10] ^= bw[10]
+ d.a[11] ^= bw[11]
+ d.a[12] ^= bw[12]
+ }
+ if n >= 136 {
+ d.a[13] ^= bw[13]
+ d.a[14] ^= bw[14]
+ d.a[15] ^= bw[15]
+ d.a[16] ^= bw[16]
+ }
+ if n >= 144 {
+ d.a[17] ^= bw[17]
+ }
+ if n >= 168 {
+ d.a[18] ^= bw[18]
+ d.a[19] ^= bw[19]
+ d.a[20] ^= bw[20]
+ }
+}
+
+func copyOut(d *State, buf []byte) {
+ ab := (*[maxRate]uint8)(unsafe.Pointer(&d.a[0]))
+ copy(buf, ab[:])
+}
diff --git a/vendor/github.com/cloudflare/circl/math/fp25519/fp.go b/vendor/github.com/cloudflare/circl/math/fp25519/fp.go
new file mode 100644
index 0000000000000000000000000000000000000000..57a50ff5e9bd4f4783be523b17e4c21f5b689b2c
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/fp25519/fp.go
@@ -0,0 +1,205 @@
+// Package fp25519 provides prime field arithmetic over GF(2^255-19).
+package fp25519
+
+import (
+ "errors"
+
+ "github.com/cloudflare/circl/internal/conv"
+)
+
+// Size in bytes of an element.
+const Size = 32
+
+// Elt is a prime field element.
+type Elt [Size]byte
+
+func (e Elt) String() string { return conv.BytesLe2Hex(e[:]) }
+
+// p is the prime modulus 2^255-19.
+var p = Elt{
+ 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f,
+}
+
+// P returns the prime modulus 2^255-19.
+func P() Elt { return p }
+
+// ToBytes stores in b the little-endian byte representation of x.
+func ToBytes(b []byte, x *Elt) error {
+ if len(b) != Size {
+ return errors.New("wrong size")
+ }
+ Modp(x)
+ copy(b, x[:])
+ return nil
+}
+
+// IsZero returns true if x is equal to 0.
+func IsZero(x *Elt) bool { Modp(x); return *x == Elt{} }
+
+// SetOne assigns x=1.
+func SetOne(x *Elt) { *x = Elt{}; x[0] = 1 }
+
+// Neg calculates z = -x.
+func Neg(z, x *Elt) { Sub(z, &p, x) }
+
+// InvSqrt calculates z = sqrt(x/y) iff x/y is a quadratic-residue, which is
+// indicated by returning isQR = true. Otherwise, when x/y is a quadratic
+// non-residue, z will have an undetermined value and isQR = false.
+func InvSqrt(z, x, y *Elt) (isQR bool) {
+ sqrtMinusOne := &Elt{
+ 0xb0, 0xa0, 0x0e, 0x4a, 0x27, 0x1b, 0xee, 0xc4,
+ 0x78, 0xe4, 0x2f, 0xad, 0x06, 0x18, 0x43, 0x2f,
+ 0xa7, 0xd7, 0xfb, 0x3d, 0x99, 0x00, 0x4d, 0x2b,
+ 0x0b, 0xdf, 0xc1, 0x4f, 0x80, 0x24, 0x83, 0x2b,
+ }
+ t0, t1, t2, t3 := &Elt{}, &Elt{}, &Elt{}, &Elt{}
+
+ Mul(t0, x, y) // t0 = u*v
+ Sqr(t1, y) // t1 = v^2
+ Mul(t2, t0, t1) // t2 = u*v^3
+ Sqr(t0, t1) // t0 = v^4
+ Mul(t1, t0, t2) // t1 = u*v^7
+
+ var Tab [4]*Elt
+ Tab[0] = &Elt{}
+ Tab[1] = &Elt{}
+ Tab[2] = t3
+ Tab[3] = t1
+
+ *Tab[0] = *t1
+ Sqr(Tab[0], Tab[0])
+ Sqr(Tab[1], Tab[0])
+ Sqr(Tab[1], Tab[1])
+ Mul(Tab[1], Tab[1], Tab[3])
+ Mul(Tab[0], Tab[0], Tab[1])
+ Sqr(Tab[0], Tab[0])
+ Mul(Tab[0], Tab[0], Tab[1])
+ Sqr(Tab[1], Tab[0])
+ for i := 0; i < 4; i++ {
+ Sqr(Tab[1], Tab[1])
+ }
+ Mul(Tab[1], Tab[1], Tab[0])
+ Sqr(Tab[2], Tab[1])
+ for i := 0; i < 4; i++ {
+ Sqr(Tab[2], Tab[2])
+ }
+ Mul(Tab[2], Tab[2], Tab[0])
+ Sqr(Tab[1], Tab[2])
+ for i := 0; i < 14; i++ {
+ Sqr(Tab[1], Tab[1])
+ }
+ Mul(Tab[1], Tab[1], Tab[2])
+ Sqr(Tab[2], Tab[1])
+ for i := 0; i < 29; i++ {
+ Sqr(Tab[2], Tab[2])
+ }
+ Mul(Tab[2], Tab[2], Tab[1])
+ Sqr(Tab[1], Tab[2])
+ for i := 0; i < 59; i++ {
+ Sqr(Tab[1], Tab[1])
+ }
+ Mul(Tab[1], Tab[1], Tab[2])
+ for i := 0; i < 5; i++ {
+ Sqr(Tab[1], Tab[1])
+ }
+ Mul(Tab[1], Tab[1], Tab[0])
+ Sqr(Tab[2], Tab[1])
+ for i := 0; i < 124; i++ {
+ Sqr(Tab[2], Tab[2])
+ }
+ Mul(Tab[2], Tab[2], Tab[1])
+ Sqr(Tab[2], Tab[2])
+ Sqr(Tab[2], Tab[2])
+ Mul(Tab[2], Tab[2], Tab[3])
+
+ Mul(z, t3, t2) // z = xy^(p+3)/8 = xy^3*(xy^7)^(p-5)/8
+ // Checking whether y z^2 == x
+ Sqr(t0, z) // t0 = z^2
+ Mul(t0, t0, y) // t0 = yz^2
+ Sub(t1, t0, x) // t1 = t0-u
+ Add(t2, t0, x) // t2 = t0+u
+ if IsZero(t1) {
+ return true
+ } else if IsZero(t2) {
+ Mul(z, z, sqrtMinusOne) // z = z*sqrt(-1)
+ return true
+ } else {
+ return false
+ }
+}
+
+// Inv calculates z = 1/x mod p.
+func Inv(z, x *Elt) {
+ x0, x1, x2 := &Elt{}, &Elt{}, &Elt{}
+ Sqr(x1, x)
+ Sqr(x0, x1)
+ Sqr(x0, x0)
+ Mul(x0, x0, x)
+ Mul(z, x0, x1)
+ Sqr(x1, z)
+ Mul(x0, x0, x1)
+ Sqr(x1, x0)
+ for i := 0; i < 4; i++ {
+ Sqr(x1, x1)
+ }
+ Mul(x0, x0, x1)
+ Sqr(x1, x0)
+ for i := 0; i < 9; i++ {
+ Sqr(x1, x1)
+ }
+ Mul(x1, x1, x0)
+ Sqr(x2, x1)
+ for i := 0; i < 19; i++ {
+ Sqr(x2, x2)
+ }
+ Mul(x2, x2, x1)
+ for i := 0; i < 10; i++ {
+ Sqr(x2, x2)
+ }
+ Mul(x2, x2, x0)
+ Sqr(x0, x2)
+ for i := 0; i < 49; i++ {
+ Sqr(x0, x0)
+ }
+ Mul(x0, x0, x2)
+ Sqr(x1, x0)
+ for i := 0; i < 99; i++ {
+ Sqr(x1, x1)
+ }
+ Mul(x1, x1, x0)
+ for i := 0; i < 50; i++ {
+ Sqr(x1, x1)
+ }
+ Mul(x1, x1, x2)
+ for i := 0; i < 5; i++ {
+ Sqr(x1, x1)
+ }
+ Mul(z, z, x1)
+}
+
+// Cmov assigns y to x if n is 1.
+func Cmov(x, y *Elt, n uint) { cmov(x, y, n) }
+
+// Cswap interchanges x and y if n is 1.
+func Cswap(x, y *Elt, n uint) { cswap(x, y, n) }
+
+// Add calculates z = x+y mod p.
+func Add(z, x, y *Elt) { add(z, x, y) }
+
+// Sub calculates z = x-y mod p.
+func Sub(z, x, y *Elt) { sub(z, x, y) }
+
+// AddSub calculates (x,y) = (x+y mod p, x-y mod p).
+func AddSub(x, y *Elt) { addsub(x, y) }
+
+// Mul calculates z = x*y mod p.
+func Mul(z, x, y *Elt) { mul(z, x, y) }
+
+// Sqr calculates z = x^2 mod p.
+func Sqr(z, x *Elt) { sqr(z, x) }
+
+// Modp ensures that z is between [0,p-1].
+func Modp(z *Elt) { modp(z) }
diff --git a/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.go b/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.go
new file mode 100644
index 0000000000000000000000000000000000000000..057f0d2803fad6194e64ee3eba1fb9808bf92f4a
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.go
@@ -0,0 +1,45 @@
+//go:build amd64 && !purego
+// +build amd64,!purego
+
+package fp25519
+
+import (
+ "golang.org/x/sys/cpu"
+)
+
+var hasBmi2Adx = cpu.X86.HasBMI2 && cpu.X86.HasADX
+
+var _ = hasBmi2Adx
+
+func cmov(x, y *Elt, n uint) { cmovAmd64(x, y, n) }
+func cswap(x, y *Elt, n uint) { cswapAmd64(x, y, n) }
+func add(z, x, y *Elt) { addAmd64(z, x, y) }
+func sub(z, x, y *Elt) { subAmd64(z, x, y) }
+func addsub(x, y *Elt) { addsubAmd64(x, y) }
+func mul(z, x, y *Elt) { mulAmd64(z, x, y) }
+func sqr(z, x *Elt) { sqrAmd64(z, x) }
+func modp(z *Elt) { modpAmd64(z) }
+
+//go:noescape
+func cmovAmd64(x, y *Elt, n uint)
+
+//go:noescape
+func cswapAmd64(x, y *Elt, n uint)
+
+//go:noescape
+func addAmd64(z, x, y *Elt)
+
+//go:noescape
+func subAmd64(z, x, y *Elt)
+
+//go:noescape
+func addsubAmd64(x, y *Elt)
+
+//go:noescape
+func mulAmd64(z, x, y *Elt)
+
+//go:noescape
+func sqrAmd64(z, x *Elt)
+
+//go:noescape
+func modpAmd64(z *Elt)
diff --git a/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.h b/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.h
new file mode 100644
index 0000000000000000000000000000000000000000..b884b584ab36f2748671c2199f2eac686d2b2cd5
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.h
@@ -0,0 +1,351 @@
+// This code was imported from https://github.com/armfazh/rfc7748_precomputed
+
+// CHECK_BMI2ADX triggers bmi2adx if supported,
+// otherwise it fallbacks to legacy code.
+#define CHECK_BMI2ADX(label, legacy, bmi2adx) \
+ CMPB ·hasBmi2Adx(SB), $0 \
+ JE label \
+ bmi2adx \
+ RET \
+ label: \
+ legacy \
+ RET
+
+// cselect is a conditional move
+// if b=1: it copies y into x;
+// if b=0: x remains with the same value;
+// if b<> 0,1: undefined.
+// Uses: AX, DX, FLAGS
+// Instr: x86_64, cmov
+#define cselect(x,y,b) \
+ TESTQ b, b \
+ MOVQ 0+x, AX; MOVQ 0+y, DX; CMOVQNE DX, AX; MOVQ AX, 0+x; \
+ MOVQ 8+x, AX; MOVQ 8+y, DX; CMOVQNE DX, AX; MOVQ AX, 8+x; \
+ MOVQ 16+x, AX; MOVQ 16+y, DX; CMOVQNE DX, AX; MOVQ AX, 16+x; \
+ MOVQ 24+x, AX; MOVQ 24+y, DX; CMOVQNE DX, AX; MOVQ AX, 24+x;
+
+// cswap is a conditional swap
+// if b=1: x,y <- y,x;
+// if b=0: x,y remain with the same values;
+// if b<> 0,1: undefined.
+// Uses: AX, DX, R8, FLAGS
+// Instr: x86_64, cmov
+#define cswap(x,y,b) \
+ TESTQ b, b \
+ MOVQ 0+x, AX; MOVQ AX, R8; MOVQ 0+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 0+x; MOVQ DX, 0+y; \
+ MOVQ 8+x, AX; MOVQ AX, R8; MOVQ 8+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 8+x; MOVQ DX, 8+y; \
+ MOVQ 16+x, AX; MOVQ AX, R8; MOVQ 16+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 16+x; MOVQ DX, 16+y; \
+ MOVQ 24+x, AX; MOVQ AX, R8; MOVQ 24+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 24+x; MOVQ DX, 24+y;
+
+// additionLeg adds x and y and stores in z
+// Uses: AX, DX, R8-R11, FLAGS
+// Instr: x86_64, cmov
+#define additionLeg(z,x,y) \
+ MOVL $38, AX; \
+ MOVL $0, DX; \
+ MOVQ 0+x, R8; ADDQ 0+y, R8; \
+ MOVQ 8+x, R9; ADCQ 8+y, R9; \
+ MOVQ 16+x, R10; ADCQ 16+y, R10; \
+ MOVQ 24+x, R11; ADCQ 24+y, R11; \
+ CMOVQCS AX, DX; \
+ ADDQ DX, R8; \
+ ADCQ $0, R9; MOVQ R9, 8+z; \
+ ADCQ $0, R10; MOVQ R10, 16+z; \
+ ADCQ $0, R11; MOVQ R11, 24+z; \
+ MOVL $0, DX; \
+ CMOVQCS AX, DX; \
+ ADDQ DX, R8; MOVQ R8, 0+z;
+
+// additionAdx adds x and y and stores in z
+// Uses: AX, DX, R8-R11, FLAGS
+// Instr: x86_64, cmov, adx
+#define additionAdx(z,x,y) \
+ MOVL $38, AX; \
+ XORL DX, DX; \
+ MOVQ 0+x, R8; ADCXQ 0+y, R8; \
+ MOVQ 8+x, R9; ADCXQ 8+y, R9; \
+ MOVQ 16+x, R10; ADCXQ 16+y, R10; \
+ MOVQ 24+x, R11; ADCXQ 24+y, R11; \
+ CMOVQCS AX, DX ; \
+ XORL AX, AX; \
+ ADCXQ DX, R8; \
+ ADCXQ AX, R9; MOVQ R9, 8+z; \
+ ADCXQ AX, R10; MOVQ R10, 16+z; \
+ ADCXQ AX, R11; MOVQ R11, 24+z; \
+ MOVL $38, DX; \
+ CMOVQCS DX, AX; \
+ ADDQ AX, R8; MOVQ R8, 0+z;
+
+// subtraction subtracts y from x and stores in z
+// Uses: AX, DX, R8-R11, FLAGS
+// Instr: x86_64, cmov
+#define subtraction(z,x,y) \
+ MOVL $38, AX; \
+ MOVQ 0+x, R8; SUBQ 0+y, R8; \
+ MOVQ 8+x, R9; SBBQ 8+y, R9; \
+ MOVQ 16+x, R10; SBBQ 16+y, R10; \
+ MOVQ 24+x, R11; SBBQ 24+y, R11; \
+ MOVL $0, DX; \
+ CMOVQCS AX, DX; \
+ SUBQ DX, R8; \
+ SBBQ $0, R9; MOVQ R9, 8+z; \
+ SBBQ $0, R10; MOVQ R10, 16+z; \
+ SBBQ $0, R11; MOVQ R11, 24+z; \
+ MOVL $0, DX; \
+ CMOVQCS AX, DX; \
+ SUBQ DX, R8; MOVQ R8, 0+z;
+
+// integerMulAdx multiplies x and y and stores in z
+// Uses: AX, DX, R8-R15, FLAGS
+// Instr: x86_64, bmi2, adx
+#define integerMulAdx(z,x,y) \
+ MOVL $0,R15; \
+ MOVQ 0+y, DX; XORL AX, AX; \
+ MULXQ 0+x, AX, R8; MOVQ AX, 0+z; \
+ MULXQ 8+x, AX, R9; ADCXQ AX, R8; \
+ MULXQ 16+x, AX, R10; ADCXQ AX, R9; \
+ MULXQ 24+x, AX, R11; ADCXQ AX, R10; \
+ MOVL $0, AX;;;;;;;;; ADCXQ AX, R11; \
+ MOVQ 8+y, DX; XORL AX, AX; \
+ MULXQ 0+x, AX, R12; ADCXQ R8, AX; MOVQ AX, 8+z; \
+ MULXQ 8+x, AX, R13; ADCXQ R9, R12; ADOXQ AX, R12; \
+ MULXQ 16+x, AX, R14; ADCXQ R10, R13; ADOXQ AX, R13; \
+ MULXQ 24+x, AX, R15; ADCXQ R11, R14; ADOXQ AX, R14; \
+ MOVL $0, AX;;;;;;;;; ADCXQ AX, R15; ADOXQ AX, R15; \
+ MOVQ 16+y, DX; XORL AX, AX; \
+ MULXQ 0+x, AX, R8; ADCXQ R12, AX; MOVQ AX, 16+z; \
+ MULXQ 8+x, AX, R9; ADCXQ R13, R8; ADOXQ AX, R8; \
+ MULXQ 16+x, AX, R10; ADCXQ R14, R9; ADOXQ AX, R9; \
+ MULXQ 24+x, AX, R11; ADCXQ R15, R10; ADOXQ AX, R10; \
+ MOVL $0, AX;;;;;;;;; ADCXQ AX, R11; ADOXQ AX, R11; \
+ MOVQ 24+y, DX; XORL AX, AX; \
+ MULXQ 0+x, AX, R12; ADCXQ R8, AX; MOVQ AX, 24+z; \
+ MULXQ 8+x, AX, R13; ADCXQ R9, R12; ADOXQ AX, R12; MOVQ R12, 32+z; \
+ MULXQ 16+x, AX, R14; ADCXQ R10, R13; ADOXQ AX, R13; MOVQ R13, 40+z; \
+ MULXQ 24+x, AX, R15; ADCXQ R11, R14; ADOXQ AX, R14; MOVQ R14, 48+z; \
+ MOVL $0, AX;;;;;;;;; ADCXQ AX, R15; ADOXQ AX, R15; MOVQ R15, 56+z;
+
+// integerMulLeg multiplies x and y and stores in z
+// Uses: AX, DX, R8-R15, FLAGS
+// Instr: x86_64
+#define integerMulLeg(z,x,y) \
+ MOVQ 0+y, R8; \
+ MOVQ 0+x, AX; MULQ R8; MOVQ AX, 0+z; MOVQ DX, R15; \
+ MOVQ 8+x, AX; MULQ R8; MOVQ AX, R13; MOVQ DX, R10; \
+ MOVQ 16+x, AX; MULQ R8; MOVQ AX, R14; MOVQ DX, R11; \
+ MOVQ 24+x, AX; MULQ R8; \
+ ADDQ R13, R15; \
+ ADCQ R14, R10; MOVQ R10, 16+z; \
+ ADCQ AX, R11; MOVQ R11, 24+z; \
+ ADCQ $0, DX; MOVQ DX, 32+z; \
+ MOVQ 8+y, R8; \
+ MOVQ 0+x, AX; MULQ R8; MOVQ AX, R12; MOVQ DX, R9; \
+ MOVQ 8+x, AX; MULQ R8; MOVQ AX, R13; MOVQ DX, R10; \
+ MOVQ 16+x, AX; MULQ R8; MOVQ AX, R14; MOVQ DX, R11; \
+ MOVQ 24+x, AX; MULQ R8; \
+ ADDQ R12, R15; MOVQ R15, 8+z; \
+ ADCQ R13, R9; \
+ ADCQ R14, R10; \
+ ADCQ AX, R11; \
+ ADCQ $0, DX; \
+ ADCQ 16+z, R9; MOVQ R9, R15; \
+ ADCQ 24+z, R10; MOVQ R10, 24+z; \
+ ADCQ 32+z, R11; MOVQ R11, 32+z; \
+ ADCQ $0, DX; MOVQ DX, 40+z; \
+ MOVQ 16+y, R8; \
+ MOVQ 0+x, AX; MULQ R8; MOVQ AX, R12; MOVQ DX, R9; \
+ MOVQ 8+x, AX; MULQ R8; MOVQ AX, R13; MOVQ DX, R10; \
+ MOVQ 16+x, AX; MULQ R8; MOVQ AX, R14; MOVQ DX, R11; \
+ MOVQ 24+x, AX; MULQ R8; \
+ ADDQ R12, R15; MOVQ R15, 16+z; \
+ ADCQ R13, R9; \
+ ADCQ R14, R10; \
+ ADCQ AX, R11; \
+ ADCQ $0, DX; \
+ ADCQ 24+z, R9; MOVQ R9, R15; \
+ ADCQ 32+z, R10; MOVQ R10, 32+z; \
+ ADCQ 40+z, R11; MOVQ R11, 40+z; \
+ ADCQ $0, DX; MOVQ DX, 48+z; \
+ MOVQ 24+y, R8; \
+ MOVQ 0+x, AX; MULQ R8; MOVQ AX, R12; MOVQ DX, R9; \
+ MOVQ 8+x, AX; MULQ R8; MOVQ AX, R13; MOVQ DX, R10; \
+ MOVQ 16+x, AX; MULQ R8; MOVQ AX, R14; MOVQ DX, R11; \
+ MOVQ 24+x, AX; MULQ R8; \
+ ADDQ R12, R15; MOVQ R15, 24+z; \
+ ADCQ R13, R9; \
+ ADCQ R14, R10; \
+ ADCQ AX, R11; \
+ ADCQ $0, DX; \
+ ADCQ 32+z, R9; MOVQ R9, 32+z; \
+ ADCQ 40+z, R10; MOVQ R10, 40+z; \
+ ADCQ 48+z, R11; MOVQ R11, 48+z; \
+ ADCQ $0, DX; MOVQ DX, 56+z;
+
+// integerSqrLeg squares x and stores in z
+// Uses: AX, CX, DX, R8-R15, FLAGS
+// Instr: x86_64
+#define integerSqrLeg(z,x) \
+ MOVQ 0+x, R8; \
+ MOVQ 8+x, AX; MULQ R8; MOVQ AX, R9; MOVQ DX, R10; /* A[0]*A[1] */ \
+ MOVQ 16+x, AX; MULQ R8; MOVQ AX, R14; MOVQ DX, R11; /* A[0]*A[2] */ \
+ MOVQ 24+x, AX; MULQ R8; MOVQ AX, R15; MOVQ DX, R12; /* A[0]*A[3] */ \
+ MOVQ 24+x, R8; \
+ MOVQ 8+x, AX; MULQ R8; MOVQ AX, CX; MOVQ DX, R13; /* A[3]*A[1] */ \
+ MOVQ 16+x, AX; MULQ R8; /* A[3]*A[2] */ \
+ \
+ ADDQ R14, R10;\
+ ADCQ R15, R11; MOVL $0, R15;\
+ ADCQ CX, R12;\
+ ADCQ AX, R13;\
+ ADCQ $0, DX; MOVQ DX, R14;\
+ MOVQ 8+x, AX; MULQ 16+x;\
+ \
+ ADDQ AX, R11;\
+ ADCQ DX, R12;\
+ ADCQ $0, R13;\
+ ADCQ $0, R14;\
+ ADCQ $0, R15;\
+ \
+ SHLQ $1, R14, R15; MOVQ R15, 56+z;\
+ SHLQ $1, R13, R14; MOVQ R14, 48+z;\
+ SHLQ $1, R12, R13; MOVQ R13, 40+z;\
+ SHLQ $1, R11, R12; MOVQ R12, 32+z;\
+ SHLQ $1, R10, R11; MOVQ R11, 24+z;\
+ SHLQ $1, R9, R10; MOVQ R10, 16+z;\
+ SHLQ $1, R9; MOVQ R9, 8+z;\
+ \
+ MOVQ 0+x,AX; MULQ AX; MOVQ AX, 0+z; MOVQ DX, R9;\
+ MOVQ 8+x,AX; MULQ AX; MOVQ AX, R10; MOVQ DX, R11;\
+ MOVQ 16+x,AX; MULQ AX; MOVQ AX, R12; MOVQ DX, R13;\
+ MOVQ 24+x,AX; MULQ AX; MOVQ AX, R14; MOVQ DX, R15;\
+ \
+ ADDQ 8+z, R9; MOVQ R9, 8+z;\
+ ADCQ 16+z, R10; MOVQ R10, 16+z;\
+ ADCQ 24+z, R11; MOVQ R11, 24+z;\
+ ADCQ 32+z, R12; MOVQ R12, 32+z;\
+ ADCQ 40+z, R13; MOVQ R13, 40+z;\
+ ADCQ 48+z, R14; MOVQ R14, 48+z;\
+ ADCQ 56+z, R15; MOVQ R15, 56+z;
+
+// integerSqrAdx squares x and stores in z
+// Uses: AX, CX, DX, R8-R15, FLAGS
+// Instr: x86_64, bmi2, adx
+#define integerSqrAdx(z,x) \
+ MOVQ 0+x, DX; /* A[0] */ \
+ MULXQ 8+x, R8, R14; /* A[1]*A[0] */ XORL R15, R15; \
+ MULXQ 16+x, R9, R10; /* A[2]*A[0] */ ADCXQ R14, R9; \
+ MULXQ 24+x, AX, CX; /* A[3]*A[0] */ ADCXQ AX, R10; \
+ MOVQ 24+x, DX; /* A[3] */ \
+ MULXQ 8+x, R11, R12; /* A[1]*A[3] */ ADCXQ CX, R11; \
+ MULXQ 16+x, AX, R13; /* A[2]*A[3] */ ADCXQ AX, R12; \
+ MOVQ 8+x, DX; /* A[1] */ ADCXQ R15, R13; \
+ MULXQ 16+x, AX, CX; /* A[2]*A[1] */ MOVL $0, R14; \
+ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ADCXQ R15, R14; \
+ XORL R15, R15; \
+ ADOXQ AX, R10; ADCXQ R8, R8; \
+ ADOXQ CX, R11; ADCXQ R9, R9; \
+ ADOXQ R15, R12; ADCXQ R10, R10; \
+ ADOXQ R15, R13; ADCXQ R11, R11; \
+ ADOXQ R15, R14; ADCXQ R12, R12; \
+ ;;;;;;;;;;;;;;; ADCXQ R13, R13; \
+ ;;;;;;;;;;;;;;; ADCXQ R14, R14; \
+ MOVQ 0+x, DX; MULXQ DX, AX, CX; /* A[0]^2 */ \
+ ;;;;;;;;;;;;;;; MOVQ AX, 0+z; \
+ ADDQ CX, R8; MOVQ R8, 8+z; \
+ MOVQ 8+x, DX; MULXQ DX, AX, CX; /* A[1]^2 */ \
+ ADCQ AX, R9; MOVQ R9, 16+z; \
+ ADCQ CX, R10; MOVQ R10, 24+z; \
+ MOVQ 16+x, DX; MULXQ DX, AX, CX; /* A[2]^2 */ \
+ ADCQ AX, R11; MOVQ R11, 32+z; \
+ ADCQ CX, R12; MOVQ R12, 40+z; \
+ MOVQ 24+x, DX; MULXQ DX, AX, CX; /* A[3]^2 */ \
+ ADCQ AX, R13; MOVQ R13, 48+z; \
+ ADCQ CX, R14; MOVQ R14, 56+z;
+
+// reduceFromDouble finds z congruent to x modulo p such that 0<z<2^256
+// Uses: AX, DX, R8-R13, FLAGS
+// Instr: x86_64
+#define reduceFromDoubleLeg(z,x) \
+ /* 2*C = 38 = 2^256 */ \
+ MOVL $38, AX; MULQ 32+x; MOVQ AX, R8; MOVQ DX, R9; /* C*C[4] */ \
+ MOVL $38, AX; MULQ 40+x; MOVQ AX, R12; MOVQ DX, R10; /* C*C[5] */ \
+ MOVL $38, AX; MULQ 48+x; MOVQ AX, R13; MOVQ DX, R11; /* C*C[6] */ \
+ MOVL $38, AX; MULQ 56+x; /* C*C[7] */ \
+ ADDQ R12, R9; \
+ ADCQ R13, R10; \
+ ADCQ AX, R11; \
+ ADCQ $0, DX; \
+ ADDQ 0+x, R8; \
+ ADCQ 8+x, R9; \
+ ADCQ 16+x, R10; \
+ ADCQ 24+x, R11; \
+ ADCQ $0, DX; \
+ MOVL $38, AX; \
+ IMULQ AX, DX; /* C*C[4], CF=0, OF=0 */ \
+ ADDQ DX, R8; \
+ ADCQ $0, R9; MOVQ R9, 8+z; \
+ ADCQ $0, R10; MOVQ R10, 16+z; \
+ ADCQ $0, R11; MOVQ R11, 24+z; \
+ MOVL $0, DX; \
+ CMOVQCS AX, DX; \
+ ADDQ DX, R8; MOVQ R8, 0+z;
+
+// reduceFromDoubleAdx finds z congruent to x modulo p such that 0<z<2^256
+// Uses: AX, DX, R8-R13, FLAGS
+// Instr: x86_64, bmi2, adx
+#define reduceFromDoubleAdx(z,x) \
+ MOVL $38, DX; /* 2*C = 38 = 2^256 */ \
+ MULXQ 32+x, R8, R10; /* C*C[4] */ XORL AX, AX; ADOXQ 0+x, R8; \
+ MULXQ 40+x, R9, R11; /* C*C[5] */ ADCXQ R10, R9; ADOXQ 8+x, R9; \
+ MULXQ 48+x, R10, R13; /* C*C[6] */ ADCXQ R11, R10; ADOXQ 16+x, R10; \
+ MULXQ 56+x, R11, R12; /* C*C[7] */ ADCXQ R13, R11; ADOXQ 24+x, R11; \
+ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ADCXQ AX, R12; ADOXQ AX, R12; \
+ IMULQ DX, R12; /* C*C[4], CF=0, OF=0 */ \
+ ADCXQ R12, R8; \
+ ADCXQ AX, R9; MOVQ R9, 8+z; \
+ ADCXQ AX, R10; MOVQ R10, 16+z; \
+ ADCXQ AX, R11; MOVQ R11, 24+z; \
+ MOVL $0, R12; \
+ CMOVQCS DX, R12; \
+ ADDQ R12, R8; MOVQ R8, 0+z;
+
+// addSub calculates two operations: x,y = x+y,x-y
+// Uses: AX, DX, R8-R15, FLAGS
+#define addSub(x,y) \
+ MOVL $38, AX; \
+ XORL DX, DX; \
+ MOVQ 0+x, R8; MOVQ R8, R12; ADDQ 0+y, R8; \
+ MOVQ 8+x, R9; MOVQ R9, R13; ADCQ 8+y, R9; \
+ MOVQ 16+x, R10; MOVQ R10, R14; ADCQ 16+y, R10; \
+ MOVQ 24+x, R11; MOVQ R11, R15; ADCQ 24+y, R11; \
+ CMOVQCS AX, DX; \
+ XORL AX, AX; \
+ ADDQ DX, R8; \
+ ADCQ $0, R9; \
+ ADCQ $0, R10; \
+ ADCQ $0, R11; \
+ MOVL $38, DX; \
+ CMOVQCS DX, AX; \
+ ADDQ AX, R8; \
+ MOVL $38, AX; \
+ SUBQ 0+y, R12; \
+ SBBQ 8+y, R13; \
+ SBBQ 16+y, R14; \
+ SBBQ 24+y, R15; \
+ MOVL $0, DX; \
+ CMOVQCS AX, DX; \
+ SUBQ DX, R12; \
+ SBBQ $0, R13; \
+ SBBQ $0, R14; \
+ SBBQ $0, R15; \
+ MOVL $0, DX; \
+ CMOVQCS AX, DX; \
+ SUBQ DX, R12; \
+ MOVQ R8, 0+x; \
+ MOVQ R9, 8+x; \
+ MOVQ R10, 16+x; \
+ MOVQ R11, 24+x; \
+ MOVQ R12, 0+y; \
+ MOVQ R13, 8+y; \
+ MOVQ R14, 16+y; \
+ MOVQ R15, 24+y;
diff --git a/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.s b/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.s
new file mode 100644
index 0000000000000000000000000000000000000000..5c4aeddecb43c27881e2f79746245f650ae85368
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/fp25519/fp_amd64.s
@@ -0,0 +1,111 @@
+// +build amd64
+
+#include "textflag.h"
+#include "fp_amd64.h"
+
+// func cmovAmd64(x, y *Elt, n uint)
+TEXT ·cmovAmd64(SB),NOSPLIT,$0-24
+ MOVQ x+0(FP), DI
+ MOVQ y+8(FP), SI
+ MOVQ n+16(FP), BX
+ cselect(0(DI),0(SI),BX)
+ RET
+
+// func cswapAmd64(x, y *Elt, n uint)
+TEXT ·cswapAmd64(SB),NOSPLIT,$0-24
+ MOVQ x+0(FP), DI
+ MOVQ y+8(FP), SI
+ MOVQ n+16(FP), BX
+ cswap(0(DI),0(SI),BX)
+ RET
+
+// func subAmd64(z, x, y *Elt)
+TEXT ·subAmd64(SB),NOSPLIT,$0-24
+ MOVQ z+0(FP), DI
+ MOVQ x+8(FP), SI
+ MOVQ y+16(FP), BX
+ subtraction(0(DI),0(SI),0(BX))
+ RET
+
+// func addsubAmd64(x, y *Elt)
+TEXT ·addsubAmd64(SB),NOSPLIT,$0-16
+ MOVQ x+0(FP), DI
+ MOVQ y+8(FP), SI
+ addSub(0(DI),0(SI))
+ RET
+
+#define addLegacy \
+ additionLeg(0(DI),0(SI),0(BX))
+#define addBmi2Adx \
+ additionAdx(0(DI),0(SI),0(BX))
+
+#define mulLegacy \
+ integerMulLeg(0(SP),0(SI),0(BX)) \
+ reduceFromDoubleLeg(0(DI),0(SP))
+#define mulBmi2Adx \
+ integerMulAdx(0(SP),0(SI),0(BX)) \
+ reduceFromDoubleAdx(0(DI),0(SP))
+
+#define sqrLegacy \
+ integerSqrLeg(0(SP),0(SI)) \
+ reduceFromDoubleLeg(0(DI),0(SP))
+#define sqrBmi2Adx \
+ integerSqrAdx(0(SP),0(SI)) \
+ reduceFromDoubleAdx(0(DI),0(SP))
+
+// func addAmd64(z, x, y *Elt)
+TEXT ·addAmd64(SB),NOSPLIT,$0-24
+ MOVQ z+0(FP), DI
+ MOVQ x+8(FP), SI
+ MOVQ y+16(FP), BX
+ CHECK_BMI2ADX(LADD, addLegacy, addBmi2Adx)
+
+// func mulAmd64(z, x, y *Elt)
+TEXT ·mulAmd64(SB),NOSPLIT,$64-24
+ MOVQ z+0(FP), DI
+ MOVQ x+8(FP), SI
+ MOVQ y+16(FP), BX
+ CHECK_BMI2ADX(LMUL, mulLegacy, mulBmi2Adx)
+
+// func sqrAmd64(z, x *Elt)
+TEXT ·sqrAmd64(SB),NOSPLIT,$64-16
+ MOVQ z+0(FP), DI
+ MOVQ x+8(FP), SI
+ CHECK_BMI2ADX(LSQR, sqrLegacy, sqrBmi2Adx)
+
+// func modpAmd64(z *Elt)
+TEXT ·modpAmd64(SB),NOSPLIT,$0-8
+ MOVQ z+0(FP), DI
+
+ MOVQ (DI), R8
+ MOVQ 8(DI), R9
+ MOVQ 16(DI), R10
+ MOVQ 24(DI), R11
+
+ MOVL $19, AX
+ MOVL $38, CX
+
+ BTRQ $63, R11 // PUT BIT 255 IN CARRY FLAG AND CLEAR
+ CMOVLCC AX, CX // C[255] ? 38 : 19
+
+ // ADD EITHER 19 OR 38 TO C
+ ADDQ CX, R8
+ ADCQ $0, R9
+ ADCQ $0, R10
+ ADCQ $0, R11
+
+ // TEST FOR BIT 255 AGAIN; ONLY TRIGGERED ON OVERFLOW MODULO 2^255-19
+ MOVL $0, CX
+ CMOVLPL AX, CX // C[255] ? 0 : 19
+ BTRQ $63, R11 // CLEAR BIT 255
+
+ // SUBTRACT 19 IF NECESSARY
+ SUBQ CX, R8
+ MOVQ R8, (DI)
+ SBBQ $0, R9
+ MOVQ R9, 8(DI)
+ SBBQ $0, R10
+ MOVQ R10, 16(DI)
+ SBBQ $0, R11
+ MOVQ R11, 24(DI)
+ RET
diff --git a/vendor/github.com/cloudflare/circl/math/fp25519/fp_generic.go b/vendor/github.com/cloudflare/circl/math/fp25519/fp_generic.go
new file mode 100644
index 0000000000000000000000000000000000000000..32bc582a25757c6b7ff7c1e4a3bf1b456b51f552
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/fp25519/fp_generic.go
@@ -0,0 +1,317 @@
+package fp25519
+
+import (
+ "encoding/binary"
+ "math/bits"
+)
+
+func cmovGeneric(x, y *Elt, n uint) {
+ m := -uint64(n & 0x1)
+ x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8])
+ x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8])
+ x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8])
+ x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8])
+
+ y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8])
+ y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8])
+ y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8])
+ y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8])
+
+ x0 = (x0 &^ m) | (y0 & m)
+ x1 = (x1 &^ m) | (y1 & m)
+ x2 = (x2 &^ m) | (y2 & m)
+ x3 = (x3 &^ m) | (y3 & m)
+
+ binary.LittleEndian.PutUint64(x[0*8:1*8], x0)
+ binary.LittleEndian.PutUint64(x[1*8:2*8], x1)
+ binary.LittleEndian.PutUint64(x[2*8:3*8], x2)
+ binary.LittleEndian.PutUint64(x[3*8:4*8], x3)
+}
+
+func cswapGeneric(x, y *Elt, n uint) {
+ m := -uint64(n & 0x1)
+ x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8])
+ x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8])
+ x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8])
+ x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8])
+
+ y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8])
+ y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8])
+ y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8])
+ y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8])
+
+ t0 := m & (x0 ^ y0)
+ t1 := m & (x1 ^ y1)
+ t2 := m & (x2 ^ y2)
+ t3 := m & (x3 ^ y3)
+ x0 ^= t0
+ x1 ^= t1
+ x2 ^= t2
+ x3 ^= t3
+ y0 ^= t0
+ y1 ^= t1
+ y2 ^= t2
+ y3 ^= t3
+
+ binary.LittleEndian.PutUint64(x[0*8:1*8], x0)
+ binary.LittleEndian.PutUint64(x[1*8:2*8], x1)
+ binary.LittleEndian.PutUint64(x[2*8:3*8], x2)
+ binary.LittleEndian.PutUint64(x[3*8:4*8], x3)
+
+ binary.LittleEndian.PutUint64(y[0*8:1*8], y0)
+ binary.LittleEndian.PutUint64(y[1*8:2*8], y1)
+ binary.LittleEndian.PutUint64(y[2*8:3*8], y2)
+ binary.LittleEndian.PutUint64(y[3*8:4*8], y3)
+}
+
+func addGeneric(z, x, y *Elt) {
+ x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8])
+ x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8])
+ x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8])
+ x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8])
+
+ y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8])
+ y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8])
+ y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8])
+ y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8])
+
+ z0, c0 := bits.Add64(x0, y0, 0)
+ z1, c1 := bits.Add64(x1, y1, c0)
+ z2, c2 := bits.Add64(x2, y2, c1)
+ z3, c3 := bits.Add64(x3, y3, c2)
+
+ z0, c0 = bits.Add64(z0, (-c3)&38, 0)
+ z1, c1 = bits.Add64(z1, 0, c0)
+ z2, c2 = bits.Add64(z2, 0, c1)
+ z3, c3 = bits.Add64(z3, 0, c2)
+ z0, _ = bits.Add64(z0, (-c3)&38, 0)
+
+ binary.LittleEndian.PutUint64(z[0*8:1*8], z0)
+ binary.LittleEndian.PutUint64(z[1*8:2*8], z1)
+ binary.LittleEndian.PutUint64(z[2*8:3*8], z2)
+ binary.LittleEndian.PutUint64(z[3*8:4*8], z3)
+}
+
+func subGeneric(z, x, y *Elt) {
+ x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8])
+ x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8])
+ x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8])
+ x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8])
+
+ y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8])
+ y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8])
+ y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8])
+ y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8])
+
+ z0, c0 := bits.Sub64(x0, y0, 0)
+ z1, c1 := bits.Sub64(x1, y1, c0)
+ z2, c2 := bits.Sub64(x2, y2, c1)
+ z3, c3 := bits.Sub64(x3, y3, c2)
+
+ z0, c0 = bits.Sub64(z0, (-c3)&38, 0)
+ z1, c1 = bits.Sub64(z1, 0, c0)
+ z2, c2 = bits.Sub64(z2, 0, c1)
+ z3, c3 = bits.Sub64(z3, 0, c2)
+ z0, _ = bits.Sub64(z0, (-c3)&38, 0)
+
+ binary.LittleEndian.PutUint64(z[0*8:1*8], z0)
+ binary.LittleEndian.PutUint64(z[1*8:2*8], z1)
+ binary.LittleEndian.PutUint64(z[2*8:3*8], z2)
+ binary.LittleEndian.PutUint64(z[3*8:4*8], z3)
+}
+
+func addsubGeneric(x, y *Elt) {
+ z := &Elt{}
+ addGeneric(z, x, y)
+ subGeneric(y, x, y)
+ *x = *z
+}
+
+func mulGeneric(z, x, y *Elt) {
+ x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8])
+ x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8])
+ x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8])
+ x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8])
+
+ y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8])
+ y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8])
+ y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8])
+ y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8])
+
+ yi := y0
+ h0, l0 := bits.Mul64(x0, yi)
+ h1, l1 := bits.Mul64(x1, yi)
+ h2, l2 := bits.Mul64(x2, yi)
+ h3, l3 := bits.Mul64(x3, yi)
+
+ z0 := l0
+ a0, c0 := bits.Add64(h0, l1, 0)
+ a1, c1 := bits.Add64(h1, l2, c0)
+ a2, c2 := bits.Add64(h2, l3, c1)
+ a3, _ := bits.Add64(h3, 0, c2)
+
+ yi = y1
+ h0, l0 = bits.Mul64(x0, yi)
+ h1, l1 = bits.Mul64(x1, yi)
+ h2, l2 = bits.Mul64(x2, yi)
+ h3, l3 = bits.Mul64(x3, yi)
+
+ z1, c0 := bits.Add64(a0, l0, 0)
+ h0, c1 = bits.Add64(h0, l1, c0)
+ h1, c2 = bits.Add64(h1, l2, c1)
+ h2, c3 := bits.Add64(h2, l3, c2)
+ h3, _ = bits.Add64(h3, 0, c3)
+
+ a0, c0 = bits.Add64(a1, h0, 0)
+ a1, c1 = bits.Add64(a2, h1, c0)
+ a2, c2 = bits.Add64(a3, h2, c1)
+ a3, _ = bits.Add64(0, h3, c2)
+
+ yi = y2
+ h0, l0 = bits.Mul64(x0, yi)
+ h1, l1 = bits.Mul64(x1, yi)
+ h2, l2 = bits.Mul64(x2, yi)
+ h3, l3 = bits.Mul64(x3, yi)
+
+ z2, c0 := bits.Add64(a0, l0, 0)
+ h0, c1 = bits.Add64(h0, l1, c0)
+ h1, c2 = bits.Add64(h1, l2, c1)
+ h2, c3 = bits.Add64(h2, l3, c2)
+ h3, _ = bits.Add64(h3, 0, c3)
+
+ a0, c0 = bits.Add64(a1, h0, 0)
+ a1, c1 = bits.Add64(a2, h1, c0)
+ a2, c2 = bits.Add64(a3, h2, c1)
+ a3, _ = bits.Add64(0, h3, c2)
+
+ yi = y3
+ h0, l0 = bits.Mul64(x0, yi)
+ h1, l1 = bits.Mul64(x1, yi)
+ h2, l2 = bits.Mul64(x2, yi)
+ h3, l3 = bits.Mul64(x3, yi)
+
+ z3, c0 := bits.Add64(a0, l0, 0)
+ h0, c1 = bits.Add64(h0, l1, c0)
+ h1, c2 = bits.Add64(h1, l2, c1)
+ h2, c3 = bits.Add64(h2, l3, c2)
+ h3, _ = bits.Add64(h3, 0, c3)
+
+ z4, c0 := bits.Add64(a1, h0, 0)
+ z5, c1 := bits.Add64(a2, h1, c0)
+ z6, c2 := bits.Add64(a3, h2, c1)
+ z7, _ := bits.Add64(0, h3, c2)
+
+ red64(z, z0, z1, z2, z3, z4, z5, z6, z7)
+}
+
+func sqrGeneric(z, x *Elt) {
+ x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8])
+ x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8])
+ x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8])
+ x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8])
+
+ h0, a0 := bits.Mul64(x0, x1)
+ h1, l1 := bits.Mul64(x0, x2)
+ h2, l2 := bits.Mul64(x0, x3)
+ h3, l3 := bits.Mul64(x3, x1)
+ h4, l4 := bits.Mul64(x3, x2)
+ h, l := bits.Mul64(x1, x2)
+
+ a1, c0 := bits.Add64(l1, h0, 0)
+ a2, c1 := bits.Add64(l2, h1, c0)
+ a3, c2 := bits.Add64(l3, h2, c1)
+ a4, c3 := bits.Add64(l4, h3, c2)
+ a5, _ := bits.Add64(h4, 0, c3)
+
+ a2, c0 = bits.Add64(a2, l, 0)
+ a3, c1 = bits.Add64(a3, h, c0)
+ a4, c2 = bits.Add64(a4, 0, c1)
+ a5, c3 = bits.Add64(a5, 0, c2)
+ a6, _ := bits.Add64(0, 0, c3)
+
+ a0, c0 = bits.Add64(a0, a0, 0)
+ a1, c1 = bits.Add64(a1, a1, c0)
+ a2, c2 = bits.Add64(a2, a2, c1)
+ a3, c3 = bits.Add64(a3, a3, c2)
+ a4, c4 := bits.Add64(a4, a4, c3)
+ a5, c5 := bits.Add64(a5, a5, c4)
+ a6, _ = bits.Add64(a6, a6, c5)
+
+ b1, b0 := bits.Mul64(x0, x0)
+ b3, b2 := bits.Mul64(x1, x1)
+ b5, b4 := bits.Mul64(x2, x2)
+ b7, b6 := bits.Mul64(x3, x3)
+
+ b1, c0 = bits.Add64(b1, a0, 0)
+ b2, c1 = bits.Add64(b2, a1, c0)
+ b3, c2 = bits.Add64(b3, a2, c1)
+ b4, c3 = bits.Add64(b4, a3, c2)
+ b5, c4 = bits.Add64(b5, a4, c3)
+ b6, c5 = bits.Add64(b6, a5, c4)
+ b7, _ = bits.Add64(b7, a6, c5)
+
+ red64(z, b0, b1, b2, b3, b4, b5, b6, b7)
+}
+
+func modpGeneric(x *Elt) {
+ x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8])
+ x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8])
+ x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8])
+ x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8])
+
+ // CX = C[255] ? 38 : 19
+ cx := uint64(19) << (x3 >> 63)
+ // PUT BIT 255 IN CARRY FLAG AND CLEAR
+ x3 &^= 1 << 63
+
+ x0, c0 := bits.Add64(x0, cx, 0)
+ x1, c1 := bits.Add64(x1, 0, c0)
+ x2, c2 := bits.Add64(x2, 0, c1)
+ x3, _ = bits.Add64(x3, 0, c2)
+
+ // TEST FOR BIT 255 AGAIN; ONLY TRIGGERED ON OVERFLOW MODULO 2^255-19
+ // cx = C[255] ? 0 : 19
+ cx = uint64(19) &^ (-(x3 >> 63))
+ // CLEAR BIT 255
+ x3 &^= 1 << 63
+
+ x0, c0 = bits.Sub64(x0, cx, 0)
+ x1, c1 = bits.Sub64(x1, 0, c0)
+ x2, c2 = bits.Sub64(x2, 0, c1)
+ x3, _ = bits.Sub64(x3, 0, c2)
+
+ binary.LittleEndian.PutUint64(x[0*8:1*8], x0)
+ binary.LittleEndian.PutUint64(x[1*8:2*8], x1)
+ binary.LittleEndian.PutUint64(x[2*8:3*8], x2)
+ binary.LittleEndian.PutUint64(x[3*8:4*8], x3)
+}
+
+func red64(z *Elt, x0, x1, x2, x3, x4, x5, x6, x7 uint64) {
+ h0, l0 := bits.Mul64(x4, 38)
+ h1, l1 := bits.Mul64(x5, 38)
+ h2, l2 := bits.Mul64(x6, 38)
+ h3, l3 := bits.Mul64(x7, 38)
+
+ l1, c0 := bits.Add64(h0, l1, 0)
+ l2, c1 := bits.Add64(h1, l2, c0)
+ l3, c2 := bits.Add64(h2, l3, c1)
+ l4, _ := bits.Add64(h3, 0, c2)
+
+ l0, c0 = bits.Add64(l0, x0, 0)
+ l1, c1 = bits.Add64(l1, x1, c0)
+ l2, c2 = bits.Add64(l2, x2, c1)
+ l3, c3 := bits.Add64(l3, x3, c2)
+ l4, _ = bits.Add64(l4, 0, c3)
+
+ _, l4 = bits.Mul64(l4, 38)
+ l0, c0 = bits.Add64(l0, l4, 0)
+ z1, c1 := bits.Add64(l1, 0, c0)
+ z2, c2 := bits.Add64(l2, 0, c1)
+ z3, c3 := bits.Add64(l3, 0, c2)
+ z0, _ := bits.Add64(l0, (-c3)&38, 0)
+
+ binary.LittleEndian.PutUint64(z[0*8:1*8], z0)
+ binary.LittleEndian.PutUint64(z[1*8:2*8], z1)
+ binary.LittleEndian.PutUint64(z[2*8:3*8], z2)
+ binary.LittleEndian.PutUint64(z[3*8:4*8], z3)
+}
diff --git a/vendor/github.com/cloudflare/circl/math/fp25519/fp_noasm.go b/vendor/github.com/cloudflare/circl/math/fp25519/fp_noasm.go
new file mode 100644
index 0000000000000000000000000000000000000000..26ca4d01b7ea1da9ad23d69277e152592866479a
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/fp25519/fp_noasm.go
@@ -0,0 +1,13 @@
+//go:build !amd64 || purego
+// +build !amd64 purego
+
+package fp25519
+
+func cmov(x, y *Elt, n uint) { cmovGeneric(x, y, n) }
+func cswap(x, y *Elt, n uint) { cswapGeneric(x, y, n) }
+func add(z, x, y *Elt) { addGeneric(z, x, y) }
+func sub(z, x, y *Elt) { subGeneric(z, x, y) }
+func addsub(x, y *Elt) { addsubGeneric(x, y) }
+func mul(z, x, y *Elt) { mulGeneric(z, x, y) }
+func sqr(z, x *Elt) { sqrGeneric(z, x) }
+func modp(z *Elt) { modpGeneric(z) }
diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fp.go b/vendor/github.com/cloudflare/circl/math/fp448/fp.go
new file mode 100644
index 0000000000000000000000000000000000000000..a5e36600bb6d4916f9784273f4fa0e10ad941c34
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/fp448/fp.go
@@ -0,0 +1,164 @@
+// Package fp448 provides prime field arithmetic over GF(2^448-2^224-1).
+package fp448
+
+import (
+ "errors"
+
+ "github.com/cloudflare/circl/internal/conv"
+)
+
+// Size in bytes of an element.
+const Size = 56
+
+// Elt is a prime field element.
+type Elt [Size]byte
+
+func (e Elt) String() string { return conv.BytesLe2Hex(e[:]) }
+
+// p is the prime modulus 2^448-2^224-1.
+var p = Elt{
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+}
+
+// P returns the prime modulus 2^448-2^224-1.
+func P() Elt { return p }
+
+// ToBytes stores in b the little-endian byte representation of x.
+func ToBytes(b []byte, x *Elt) error {
+ if len(b) != Size {
+ return errors.New("wrong size")
+ }
+ Modp(x)
+ copy(b, x[:])
+ return nil
+}
+
+// IsZero returns true if x is equal to 0.
+func IsZero(x *Elt) bool { Modp(x); return *x == Elt{} }
+
+// IsOne returns true if x is equal to 1.
+func IsOne(x *Elt) bool { Modp(x); return *x == Elt{1} }
+
+// SetOne assigns x=1.
+func SetOne(x *Elt) { *x = Elt{1} }
+
+// One returns the 1 element.
+func One() (x Elt) { x = Elt{1}; return }
+
+// Neg calculates z = -x.
+func Neg(z, x *Elt) { Sub(z, &p, x) }
+
+// Modp ensures that z is between [0,p-1].
+func Modp(z *Elt) { Sub(z, z, &p) }
+
+// InvSqrt calculates z = sqrt(x/y) iff x/y is a quadratic-residue. If so,
+// isQR = true; otherwise, isQR = false, since x/y is a quadratic non-residue,
+// and z = sqrt(-x/y).
+func InvSqrt(z, x, y *Elt) (isQR bool) {
+ // First note that x^(2(k+1)) = x^(p-1)/2 * x = legendre(x) * x
+ // so that's x if x is a quadratic residue and -x otherwise.
+ // Next, y^(6k+3) = y^(4k+2) * y^(2k+1) = y^(p-1) * y^((p-1)/2) = legendre(y).
+ // So the z we compute satisfies z^2 y = x^(2(k+1)) y^(6k+3) = legendre(x)*legendre(y).
+ // Thus if x and y are quadratic residues, then z is indeed sqrt(x/y).
+ t0, t1 := &Elt{}, &Elt{}
+ Mul(t0, x, y) // x*y
+ Sqr(t1, y) // y^2
+ Mul(t1, t0, t1) // x*y^3
+ powPminus3div4(z, t1) // (x*y^3)^k
+ Mul(z, z, t0) // z = x*y*(x*y^3)^k = x^(k+1) * y^(3k+1)
+
+ // Check if x/y is a quadratic residue
+ Sqr(t0, z) // z^2
+ Mul(t0, t0, y) // y*z^2
+ Sub(t0, t0, x) // y*z^2-x
+ return IsZero(t0)
+}
+
+// Inv calculates z = 1/x mod p.
+func Inv(z, x *Elt) {
+ // Calculates z = x^(4k+1) = x^(p-3+1) = x^(p-2) = x^-1, where k = (p-3)/4.
+ t := &Elt{}
+ powPminus3div4(t, x) // t = x^k
+ Sqr(t, t) // t = x^2k
+ Sqr(t, t) // t = x^4k
+ Mul(z, t, x) // z = x^(4k+1)
+}
+
+// powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4.
+func powPminus3div4(z, x *Elt) {
+ x0, x1 := &Elt{}, &Elt{}
+ Sqr(z, x)
+ Mul(z, z, x)
+ Sqr(x0, z)
+ Mul(x0, x0, x)
+ Sqr(z, x0)
+ Sqr(z, z)
+ Sqr(z, z)
+ Mul(z, z, x0)
+ Sqr(x1, z)
+ for i := 0; i < 5; i++ {
+ Sqr(x1, x1)
+ }
+ Mul(x1, x1, z)
+ Sqr(z, x1)
+ for i := 0; i < 11; i++ {
+ Sqr(z, z)
+ }
+ Mul(z, z, x1)
+ Sqr(z, z)
+ Sqr(z, z)
+ Sqr(z, z)
+ Mul(z, z, x0)
+ Sqr(x1, z)
+ for i := 0; i < 26; i++ {
+ Sqr(x1, x1)
+ }
+ Mul(x1, x1, z)
+ Sqr(z, x1)
+ for i := 0; i < 53; i++ {
+ Sqr(z, z)
+ }
+ Mul(z, z, x1)
+ Sqr(z, z)
+ Sqr(z, z)
+ Sqr(z, z)
+ Mul(z, z, x0)
+ Sqr(x1, z)
+ for i := 0; i < 110; i++ {
+ Sqr(x1, x1)
+ }
+ Mul(x1, x1, z)
+ Sqr(z, x1)
+ Mul(z, z, x)
+ for i := 0; i < 223; i++ {
+ Sqr(z, z)
+ }
+ Mul(z, z, x1)
+}
+
+// Cmov assigns y to x if n is 1.
+func Cmov(x, y *Elt, n uint) { cmov(x, y, n) }
+
+// Cswap interchanges x and y if n is 1.
+func Cswap(x, y *Elt, n uint) { cswap(x, y, n) }
+
+// Add calculates z = x+y mod p.
+func Add(z, x, y *Elt) { add(z, x, y) }
+
+// Sub calculates z = x-y mod p.
+func Sub(z, x, y *Elt) { sub(z, x, y) }
+
+// AddSub calculates (x,y) = (x+y mod p, x-y mod p).
+func AddSub(x, y *Elt) { addsub(x, y) }
+
+// Mul calculates z = x*y mod p.
+func Mul(z, x, y *Elt) { mul(z, x, y) }
+
+// Sqr calculates z = x^2 mod p.
+func Sqr(z, x *Elt) { sqr(z, x) }
diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.go b/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.go
new file mode 100644
index 0000000000000000000000000000000000000000..6a12209a704bf1bd26a64a64be4700cbe95531d6
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.go
@@ -0,0 +1,43 @@
+//go:build amd64 && !purego
+// +build amd64,!purego
+
+package fp448
+
+import (
+ "golang.org/x/sys/cpu"
+)
+
+var hasBmi2Adx = cpu.X86.HasBMI2 && cpu.X86.HasADX
+
+var _ = hasBmi2Adx
+
+func cmov(x, y *Elt, n uint) { cmovAmd64(x, y, n) }
+func cswap(x, y *Elt, n uint) { cswapAmd64(x, y, n) }
+func add(z, x, y *Elt) { addAmd64(z, x, y) }
+func sub(z, x, y *Elt) { subAmd64(z, x, y) }
+func addsub(x, y *Elt) { addsubAmd64(x, y) }
+func mul(z, x, y *Elt) { mulAmd64(z, x, y) }
+func sqr(z, x *Elt) { sqrAmd64(z, x) }
+
+/* Functions defined in fp_amd64.s */
+
+//go:noescape
+func cmovAmd64(x, y *Elt, n uint)
+
+//go:noescape
+func cswapAmd64(x, y *Elt, n uint)
+
+//go:noescape
+func addAmd64(z, x, y *Elt)
+
+//go:noescape
+func subAmd64(z, x, y *Elt)
+
+//go:noescape
+func addsubAmd64(x, y *Elt)
+
+//go:noescape
+func mulAmd64(z, x, y *Elt)
+
+//go:noescape
+func sqrAmd64(z, x *Elt)
diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.h b/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.h
new file mode 100644
index 0000000000000000000000000000000000000000..536fe5bdfe0aaf6d0c8056203acf9d38718d4c85
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.h
@@ -0,0 +1,591 @@
+// This code was imported from https://github.com/armfazh/rfc7748_precomputed
+
+// CHECK_BMI2ADX triggers bmi2adx if supported,
+// otherwise it fallbacks to legacy code.
+#define CHECK_BMI2ADX(label, legacy, bmi2adx) \
+ CMPB ·hasBmi2Adx(SB), $0 \
+ JE label \
+ bmi2adx \
+ RET \
+ label: \
+ legacy \
+ RET
+
+// cselect is a conditional move
+// if b=1: it copies y into x;
+// if b=0: x remains with the same value;
+// if b<> 0,1: undefined.
+// Uses: AX, DX, FLAGS
+// Instr: x86_64, cmov
+#define cselect(x,y,b) \
+ TESTQ b, b \
+ MOVQ 0+x, AX; MOVQ 0+y, DX; CMOVQNE DX, AX; MOVQ AX, 0+x; \
+ MOVQ 8+x, AX; MOVQ 8+y, DX; CMOVQNE DX, AX; MOVQ AX, 8+x; \
+ MOVQ 16+x, AX; MOVQ 16+y, DX; CMOVQNE DX, AX; MOVQ AX, 16+x; \
+ MOVQ 24+x, AX; MOVQ 24+y, DX; CMOVQNE DX, AX; MOVQ AX, 24+x; \
+ MOVQ 32+x, AX; MOVQ 32+y, DX; CMOVQNE DX, AX; MOVQ AX, 32+x; \
+ MOVQ 40+x, AX; MOVQ 40+y, DX; CMOVQNE DX, AX; MOVQ AX, 40+x; \
+ MOVQ 48+x, AX; MOVQ 48+y, DX; CMOVQNE DX, AX; MOVQ AX, 48+x;
+
+// cswap is a conditional swap
+// if b=1: x,y <- y,x;
+// if b=0: x,y remain with the same values;
+// if b<> 0,1: undefined.
+// Uses: AX, DX, R8, FLAGS
+// Instr: x86_64, cmov
+#define cswap(x,y,b) \
+ TESTQ b, b \
+ MOVQ 0+x, AX; MOVQ AX, R8; MOVQ 0+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 0+x; MOVQ DX, 0+y; \
+ MOVQ 8+x, AX; MOVQ AX, R8; MOVQ 8+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 8+x; MOVQ DX, 8+y; \
+ MOVQ 16+x, AX; MOVQ AX, R8; MOVQ 16+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 16+x; MOVQ DX, 16+y; \
+ MOVQ 24+x, AX; MOVQ AX, R8; MOVQ 24+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 24+x; MOVQ DX, 24+y; \
+ MOVQ 32+x, AX; MOVQ AX, R8; MOVQ 32+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 32+x; MOVQ DX, 32+y; \
+ MOVQ 40+x, AX; MOVQ AX, R8; MOVQ 40+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 40+x; MOVQ DX, 40+y; \
+ MOVQ 48+x, AX; MOVQ AX, R8; MOVQ 48+y, DX; CMOVQNE DX, AX; CMOVQNE R8, DX; MOVQ AX, 48+x; MOVQ DX, 48+y;
+
+// additionLeg adds x and y and stores in z
+// Uses: AX, DX, R8-R14, FLAGS
+// Instr: x86_64
+#define additionLeg(z,x,y) \
+ MOVQ 0+x, R8; ADDQ 0+y, R8; \
+ MOVQ 8+x, R9; ADCQ 8+y, R9; \
+ MOVQ 16+x, R10; ADCQ 16+y, R10; \
+ MOVQ 24+x, R11; ADCQ 24+y, R11; \
+ MOVQ 32+x, R12; ADCQ 32+y, R12; \
+ MOVQ 40+x, R13; ADCQ 40+y, R13; \
+ MOVQ 48+x, R14; ADCQ 48+y, R14; \
+ MOVQ $0, AX; ADCQ $0, AX; \
+ MOVQ AX, DX; \
+ SHLQ $32, DX; \
+ ADDQ AX, R8; MOVQ $0, AX; \
+ ADCQ $0, R9; \
+ ADCQ $0, R10; \
+ ADCQ DX, R11; \
+ ADCQ $0, R12; \
+ ADCQ $0, R13; \
+ ADCQ $0, R14; \
+ ADCQ $0, AX; \
+ MOVQ AX, DX; \
+ SHLQ $32, DX; \
+ ADDQ AX, R8; MOVQ R8, 0+z; \
+ ADCQ $0, R9; MOVQ R9, 8+z; \
+ ADCQ $0, R10; MOVQ R10, 16+z; \
+ ADCQ DX, R11; MOVQ R11, 24+z; \
+ ADCQ $0, R12; MOVQ R12, 32+z; \
+ ADCQ $0, R13; MOVQ R13, 40+z; \
+ ADCQ $0, R14; MOVQ R14, 48+z;
+
+
+// additionAdx adds x and y and stores in z
+// Uses: AX, DX, R8-R15, FLAGS
+// Instr: x86_64, adx
+#define additionAdx(z,x,y) \
+ MOVL $32, R15; \
+ XORL DX, DX; \
+ MOVQ 0+x, R8; ADCXQ 0+y, R8; \
+ MOVQ 8+x, R9; ADCXQ 8+y, R9; \
+ MOVQ 16+x, R10; ADCXQ 16+y, R10; \
+ MOVQ 24+x, R11; ADCXQ 24+y, R11; \
+ MOVQ 32+x, R12; ADCXQ 32+y, R12; \
+ MOVQ 40+x, R13; ADCXQ 40+y, R13; \
+ MOVQ 48+x, R14; ADCXQ 48+y, R14; \
+ ;;;;;;;;;;;;;;; ADCXQ DX, DX; \
+ XORL AX, AX; \
+ ADCXQ DX, R8; SHLXQ R15, DX, DX; \
+ ADCXQ AX, R9; \
+ ADCXQ AX, R10; \
+ ADCXQ DX, R11; \
+ ADCXQ AX, R12; \
+ ADCXQ AX, R13; \
+ ADCXQ AX, R14; \
+ ADCXQ AX, AX; \
+ XORL DX, DX; \
+ ADCXQ AX, R8; MOVQ R8, 0+z; SHLXQ R15, AX, AX; \
+ ADCXQ DX, R9; MOVQ R9, 8+z; \
+ ADCXQ DX, R10; MOVQ R10, 16+z; \
+ ADCXQ AX, R11; MOVQ R11, 24+z; \
+ ADCXQ DX, R12; MOVQ R12, 32+z; \
+ ADCXQ DX, R13; MOVQ R13, 40+z; \
+ ADCXQ DX, R14; MOVQ R14, 48+z;
+
+// subtraction subtracts y from x and stores in z
+// Uses: AX, DX, R8-R14, FLAGS
+// Instr: x86_64
+#define subtraction(z,x,y) \
+ MOVQ 0+x, R8; SUBQ 0+y, R8; \
+ MOVQ 8+x, R9; SBBQ 8+y, R9; \
+ MOVQ 16+x, R10; SBBQ 16+y, R10; \
+ MOVQ 24+x, R11; SBBQ 24+y, R11; \
+ MOVQ 32+x, R12; SBBQ 32+y, R12; \
+ MOVQ 40+x, R13; SBBQ 40+y, R13; \
+ MOVQ 48+x, R14; SBBQ 48+y, R14; \
+ MOVQ $0, AX; SETCS AX; \
+ MOVQ AX, DX; \
+ SHLQ $32, DX; \
+ SUBQ AX, R8; MOVQ $0, AX; \
+ SBBQ $0, R9; \
+ SBBQ $0, R10; \
+ SBBQ DX, R11; \
+ SBBQ $0, R12; \
+ SBBQ $0, R13; \
+ SBBQ $0, R14; \
+ SETCS AX; \
+ MOVQ AX, DX; \
+ SHLQ $32, DX; \
+ SUBQ AX, R8; MOVQ R8, 0+z; \
+ SBBQ $0, R9; MOVQ R9, 8+z; \
+ SBBQ $0, R10; MOVQ R10, 16+z; \
+ SBBQ DX, R11; MOVQ R11, 24+z; \
+ SBBQ $0, R12; MOVQ R12, 32+z; \
+ SBBQ $0, R13; MOVQ R13, 40+z; \
+ SBBQ $0, R14; MOVQ R14, 48+z;
+
+// maddBmi2Adx multiplies x and y and accumulates in z
+// Uses: AX, DX, R15, FLAGS
+// Instr: x86_64, bmi2, adx
+#define maddBmi2Adx(z,x,y,i,r0,r1,r2,r3,r4,r5,r6) \
+ MOVQ i+y, DX; XORL AX, AX; \
+ MULXQ 0+x, AX, R8; ADOXQ AX, r0; ADCXQ R8, r1; MOVQ r0,i+z; \
+ MULXQ 8+x, AX, r0; ADOXQ AX, r1; ADCXQ r0, r2; MOVQ $0, R8; \
+ MULXQ 16+x, AX, r0; ADOXQ AX, r2; ADCXQ r0, r3; \
+ MULXQ 24+x, AX, r0; ADOXQ AX, r3; ADCXQ r0, r4; \
+ MULXQ 32+x, AX, r0; ADOXQ AX, r4; ADCXQ r0, r5; \
+ MULXQ 40+x, AX, r0; ADOXQ AX, r5; ADCXQ r0, r6; \
+ MULXQ 48+x, AX, r0; ADOXQ AX, r6; ADCXQ R8, r0; \
+ ;;;;;;;;;;;;;;;;;;; ADOXQ R8, r0;
+
+// integerMulAdx multiplies x and y and stores in z
+// Uses: AX, DX, R8-R15, FLAGS
+// Instr: x86_64, bmi2, adx
+#define integerMulAdx(z,x,y) \
+ MOVL $0,R15; \
+ MOVQ 0+y, DX; XORL AX, AX; MOVQ $0, R8; \
+ MULXQ 0+x, AX, R9; MOVQ AX, 0+z; \
+ MULXQ 8+x, AX, R10; ADCXQ AX, R9; \
+ MULXQ 16+x, AX, R11; ADCXQ AX, R10; \
+ MULXQ 24+x, AX, R12; ADCXQ AX, R11; \
+ MULXQ 32+x, AX, R13; ADCXQ AX, R12; \
+ MULXQ 40+x, AX, R14; ADCXQ AX, R13; \
+ MULXQ 48+x, AX, R15; ADCXQ AX, R14; \
+ ;;;;;;;;;;;;;;;;;;;; ADCXQ R8, R15; \
+ maddBmi2Adx(z,x,y, 8, R9,R10,R11,R12,R13,R14,R15) \
+ maddBmi2Adx(z,x,y,16,R10,R11,R12,R13,R14,R15, R9) \
+ maddBmi2Adx(z,x,y,24,R11,R12,R13,R14,R15, R9,R10) \
+ maddBmi2Adx(z,x,y,32,R12,R13,R14,R15, R9,R10,R11) \
+ maddBmi2Adx(z,x,y,40,R13,R14,R15, R9,R10,R11,R12) \
+ maddBmi2Adx(z,x,y,48,R14,R15, R9,R10,R11,R12,R13) \
+ MOVQ R15, 56+z; \
+ MOVQ R9, 64+z; \
+ MOVQ R10, 72+z; \
+ MOVQ R11, 80+z; \
+ MOVQ R12, 88+z; \
+ MOVQ R13, 96+z; \
+ MOVQ R14, 104+z;
+
+// maddLegacy multiplies x and y and accumulates in z
+// Uses: AX, DX, R15, FLAGS
+// Instr: x86_64
+#define maddLegacy(z,x,y,i) \
+ MOVQ i+y, R15; \
+ MOVQ 0+x, AX; MULQ R15; MOVQ AX, R8; ;;;;;;;;;;;; MOVQ DX, R9; \
+ MOVQ 8+x, AX; MULQ R15; ADDQ AX, R9; ADCQ $0, DX; MOVQ DX, R10; \
+ MOVQ 16+x, AX; MULQ R15; ADDQ AX, R10; ADCQ $0, DX; MOVQ DX, R11; \
+ MOVQ 24+x, AX; MULQ R15; ADDQ AX, R11; ADCQ $0, DX; MOVQ DX, R12; \
+ MOVQ 32+x, AX; MULQ R15; ADDQ AX, R12; ADCQ $0, DX; MOVQ DX, R13; \
+ MOVQ 40+x, AX; MULQ R15; ADDQ AX, R13; ADCQ $0, DX; MOVQ DX, R14; \
+ MOVQ 48+x, AX; MULQ R15; ADDQ AX, R14; ADCQ $0, DX; \
+ ADDQ 0+i+z, R8; MOVQ R8, 0+i+z; \
+ ADCQ 8+i+z, R9; MOVQ R9, 8+i+z; \
+ ADCQ 16+i+z, R10; MOVQ R10, 16+i+z; \
+ ADCQ 24+i+z, R11; MOVQ R11, 24+i+z; \
+ ADCQ 32+i+z, R12; MOVQ R12, 32+i+z; \
+ ADCQ 40+i+z, R13; MOVQ R13, 40+i+z; \
+ ADCQ 48+i+z, R14; MOVQ R14, 48+i+z; \
+ ADCQ $0, DX; MOVQ DX, 56+i+z;
+
+// integerMulLeg multiplies x and y and stores in z
+// Uses: AX, DX, R8-R15, FLAGS
+// Instr: x86_64
+#define integerMulLeg(z,x,y) \
+ MOVQ 0+y, R15; \
+ MOVQ 0+x, AX; MULQ R15; MOVQ AX, 0+z; ;;;;;;;;;;;; MOVQ DX, R8; \
+ MOVQ 8+x, AX; MULQ R15; ADDQ AX, R8; ADCQ $0, DX; MOVQ DX, R9; MOVQ R8, 8+z; \
+ MOVQ 16+x, AX; MULQ R15; ADDQ AX, R9; ADCQ $0, DX; MOVQ DX, R10; MOVQ R9, 16+z; \
+ MOVQ 24+x, AX; MULQ R15; ADDQ AX, R10; ADCQ $0, DX; MOVQ DX, R11; MOVQ R10, 24+z; \
+ MOVQ 32+x, AX; MULQ R15; ADDQ AX, R11; ADCQ $0, DX; MOVQ DX, R12; MOVQ R11, 32+z; \
+ MOVQ 40+x, AX; MULQ R15; ADDQ AX, R12; ADCQ $0, DX; MOVQ DX, R13; MOVQ R12, 40+z; \
+ MOVQ 48+x, AX; MULQ R15; ADDQ AX, R13; ADCQ $0, DX; MOVQ DX,56+z; MOVQ R13, 48+z; \
+ maddLegacy(z,x,y, 8) \
+ maddLegacy(z,x,y,16) \
+ maddLegacy(z,x,y,24) \
+ maddLegacy(z,x,y,32) \
+ maddLegacy(z,x,y,40) \
+ maddLegacy(z,x,y,48)
+
+// integerSqrLeg squares x and stores in z
+// Uses: AX, CX, DX, R8-R15, FLAGS
+// Instr: x86_64
+#define integerSqrLeg(z,x) \
+ XORL R15, R15; \
+ MOVQ 0+x, CX; \
+ MOVQ CX, AX; MULQ CX; MOVQ AX, 0+z; MOVQ DX, R8; \
+ ADDQ CX, CX; ADCQ $0, R15; \
+ MOVQ 8+x, AX; MULQ CX; ADDQ AX, R8; ADCQ $0, DX; MOVQ DX, R9; MOVQ R8, 8+z; \
+ MOVQ 16+x, AX; MULQ CX; ADDQ AX, R9; ADCQ $0, DX; MOVQ DX, R10; \
+ MOVQ 24+x, AX; MULQ CX; ADDQ AX, R10; ADCQ $0, DX; MOVQ DX, R11; \
+ MOVQ 32+x, AX; MULQ CX; ADDQ AX, R11; ADCQ $0, DX; MOVQ DX, R12; \
+ MOVQ 40+x, AX; MULQ CX; ADDQ AX, R12; ADCQ $0, DX; MOVQ DX, R13; \
+ MOVQ 48+x, AX; MULQ CX; ADDQ AX, R13; ADCQ $0, DX; MOVQ DX, R14; \
+ \
+ MOVQ 8+x, CX; \
+ MOVQ CX, AX; ADDQ R15, CX; MOVQ $0, R15; ADCQ $0, R15; \
+ ;;;;;;;;;;;;;; MULQ CX; ADDQ AX, R9; ADCQ $0, DX; MOVQ R9,16+z; \
+ MOVQ R15, AX; NEGQ AX; ANDQ 8+x, AX; ADDQ AX, DX; ADCQ $0, R11; MOVQ DX, R8; \
+ ADDQ 8+x, CX; ADCQ $0, R15; \
+ MOVQ 16+x, AX; MULQ CX; ADDQ AX, R10; ADCQ $0, DX; ADDQ R8, R10; ADCQ $0, DX; MOVQ DX, R8; MOVQ R10, 24+z; \
+ MOVQ 24+x, AX; MULQ CX; ADDQ AX, R11; ADCQ $0, DX; ADDQ R8, R11; ADCQ $0, DX; MOVQ DX, R8; \
+ MOVQ 32+x, AX; MULQ CX; ADDQ AX, R12; ADCQ $0, DX; ADDQ R8, R12; ADCQ $0, DX; MOVQ DX, R8; \
+ MOVQ 40+x, AX; MULQ CX; ADDQ AX, R13; ADCQ $0, DX; ADDQ R8, R13; ADCQ $0, DX; MOVQ DX, R8; \
+ MOVQ 48+x, AX; MULQ CX; ADDQ AX, R14; ADCQ $0, DX; ADDQ R8, R14; ADCQ $0, DX; MOVQ DX, R9; \
+ \
+ MOVQ 16+x, CX; \
+ MOVQ CX, AX; ADDQ R15, CX; MOVQ $0, R15; ADCQ $0, R15; \
+ ;;;;;;;;;;;;;; MULQ CX; ADDQ AX, R11; ADCQ $0, DX; MOVQ R11, 32+z; \
+ MOVQ R15, AX; NEGQ AX; ANDQ 16+x,AX; ADDQ AX, DX; ADCQ $0, R13; MOVQ DX, R8; \
+ ADDQ 16+x, CX; ADCQ $0, R15; \
+ MOVQ 24+x, AX; MULQ CX; ADDQ AX, R12; ADCQ $0, DX; ADDQ R8, R12; ADCQ $0, DX; MOVQ DX, R8; MOVQ R12, 40+z; \
+ MOVQ 32+x, AX; MULQ CX; ADDQ AX, R13; ADCQ $0, DX; ADDQ R8, R13; ADCQ $0, DX; MOVQ DX, R8; \
+ MOVQ 40+x, AX; MULQ CX; ADDQ AX, R14; ADCQ $0, DX; ADDQ R8, R14; ADCQ $0, DX; MOVQ DX, R8; \
+ MOVQ 48+x, AX; MULQ CX; ADDQ AX, R9; ADCQ $0, DX; ADDQ R8, R9; ADCQ $0, DX; MOVQ DX,R10; \
+ \
+ MOVQ 24+x, CX; \
+ MOVQ CX, AX; ADDQ R15, CX; MOVQ $0, R15; ADCQ $0, R15; \
+ ;;;;;;;;;;;;;; MULQ CX; ADDQ AX, R13; ADCQ $0, DX; MOVQ R13, 48+z; \
+ MOVQ R15, AX; NEGQ AX; ANDQ 24+x,AX; ADDQ AX, DX; ADCQ $0, R9; MOVQ DX, R8; \
+ ADDQ 24+x, CX; ADCQ $0, R15; \
+ MOVQ 32+x, AX; MULQ CX; ADDQ AX, R14; ADCQ $0, DX; ADDQ R8, R14; ADCQ $0, DX; MOVQ DX, R8; MOVQ R14, 56+z; \
+ MOVQ 40+x, AX; MULQ CX; ADDQ AX, R9; ADCQ $0, DX; ADDQ R8, R9; ADCQ $0, DX; MOVQ DX, R8; \
+ MOVQ 48+x, AX; MULQ CX; ADDQ AX, R10; ADCQ $0, DX; ADDQ R8, R10; ADCQ $0, DX; MOVQ DX,R11; \
+ \
+ MOVQ 32+x, CX; \
+ MOVQ CX, AX; ADDQ R15, CX; MOVQ $0, R15; ADCQ $0, R15; \
+ ;;;;;;;;;;;;;; MULQ CX; ADDQ AX, R9; ADCQ $0, DX; MOVQ R9, 64+z; \
+ MOVQ R15, AX; NEGQ AX; ANDQ 32+x,AX; ADDQ AX, DX; ADCQ $0, R11; MOVQ DX, R8; \
+ ADDQ 32+x, CX; ADCQ $0, R15; \
+ MOVQ 40+x, AX; MULQ CX; ADDQ AX, R10; ADCQ $0, DX; ADDQ R8, R10; ADCQ $0, DX; MOVQ DX, R8; MOVQ R10, 72+z; \
+ MOVQ 48+x, AX; MULQ CX; ADDQ AX, R11; ADCQ $0, DX; ADDQ R8, R11; ADCQ $0, DX; MOVQ DX,R12; \
+ \
+ XORL R13, R13; \
+ XORL R14, R14; \
+ MOVQ 40+x, CX; \
+ MOVQ CX, AX; ADDQ R15, CX; MOVQ $0, R15; ADCQ $0, R15; \
+ ;;;;;;;;;;;;;; MULQ CX; ADDQ AX, R11; ADCQ $0, DX; MOVQ R11, 80+z; \
+ MOVQ R15, AX; NEGQ AX; ANDQ 40+x,AX; ADDQ AX, DX; ADCQ $0, R13; MOVQ DX, R8; \
+ ADDQ 40+x, CX; ADCQ $0, R15; \
+ MOVQ 48+x, AX; MULQ CX; ADDQ AX, R12; ADCQ $0, DX; ADDQ R8, R12; ADCQ $0, DX; MOVQ DX, R8; MOVQ R12, 88+z; \
+ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ADDQ R8, R13; ADCQ $0,R14; \
+ \
+ XORL R9, R9; \
+ MOVQ 48+x, CX; \
+ MOVQ CX, AX; ADDQ R15, CX; MOVQ $0, R15; ADCQ $0, R15; \
+ ;;;;;;;;;;;;;; MULQ CX; ADDQ AX, R13; ADCQ $0, DX; MOVQ R13, 96+z; \
+ MOVQ R15, AX; NEGQ AX; ANDQ 48+x,AX; ADDQ AX, DX; ADCQ $0, R9; MOVQ DX, R8; \
+ ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ADDQ R8,R14; ADCQ $0, R9; MOVQ R14, 104+z;
+
+
+// integerSqrAdx squares x and stores in z
+// Uses: AX, CX, DX, R8-R15, FLAGS
+// Instr: x86_64, bmi2, adx
+#define integerSqrAdx(z,x) \
+ XORL R15, R15; \
+ MOVQ 0+x, DX; \
+ ;;;;;;;;;;;;;; MULXQ DX, AX, R8; MOVQ AX, 0+z; \
+ ADDQ DX, DX; ADCQ $0, R15; CLC; \
+ MULXQ 8+x, AX, R9; ADCXQ AX, R8; MOVQ R8, 8+z; \
+ MULXQ 16+x, AX, R10; ADCXQ AX, R9; MOVQ $0, R8;\
+ MULXQ 24+x, AX, R11; ADCXQ AX, R10; \
+ MULXQ 32+x, AX, R12; ADCXQ AX, R11; \
+ MULXQ 40+x, AX, R13; ADCXQ AX, R12; \
+ MULXQ 48+x, AX, R14; ADCXQ AX, R13; \
+ ;;;;;;;;;;;;;;;;;;;; ADCXQ R8, R14; \
+ \
+ MOVQ 8+x, DX; \
+ MOVQ DX, AX; ADDQ R15, DX; MOVQ $0, R15; ADCQ $0, R15; \
+ MULXQ AX, AX, CX; \
+ MOVQ R15, R8; NEGQ R8; ANDQ 8+x, R8; \
+ ADDQ AX, R9; MOVQ R9, 16+z; \
+ ADCQ CX, R8; \
+ ADCQ $0, R11; \
+ ADDQ 8+x, DX; \
+ ADCQ $0, R15; \
+ XORL R9, R9; ;;;;;;;;;;;;;;;;;;;;; ADOXQ R8, R10; \
+ MULXQ 16+x, AX, CX; ADCXQ AX, R10; ADOXQ CX, R11; MOVQ R10, 24+z; \
+ MULXQ 24+x, AX, CX; ADCXQ AX, R11; ADOXQ CX, R12; MOVQ $0, R10; \
+ MULXQ 32+x, AX, CX; ADCXQ AX, R12; ADOXQ CX, R13; \
+ MULXQ 40+x, AX, CX; ADCXQ AX, R13; ADOXQ CX, R14; \
+ MULXQ 48+x, AX, CX; ADCXQ AX, R14; ADOXQ CX, R9; \
+ ;;;;;;;;;;;;;;;;;;; ADCXQ R10, R9; \
+ \
+ MOVQ 16+x, DX; \
+ MOVQ DX, AX; ADDQ R15, DX; MOVQ $0, R15; ADCQ $0, R15; \
+ MULXQ AX, AX, CX; \
+ MOVQ R15, R8; NEGQ R8; ANDQ 16+x, R8; \
+ ADDQ AX, R11; MOVQ R11, 32+z; \
+ ADCQ CX, R8; \
+ ADCQ $0, R13; \
+ ADDQ 16+x, DX; \
+ ADCQ $0, R15; \
+ XORL R11, R11; ;;;;;;;;;;;;;;;;;;; ADOXQ R8, R12; \
+ MULXQ 24+x, AX, CX; ADCXQ AX, R12; ADOXQ CX, R13; MOVQ R12, 40+z; \
+ MULXQ 32+x, AX, CX; ADCXQ AX, R13; ADOXQ CX, R14; MOVQ $0, R12; \
+ MULXQ 40+x, AX, CX; ADCXQ AX, R14; ADOXQ CX, R9; \
+ MULXQ 48+x, AX, CX; ADCXQ AX, R9; ADOXQ CX, R10; \
+ ;;;;;;;;;;;;;;;;;;; ADCXQ R11,R10; \
+ \
+ MOVQ 24+x, DX; \
+ MOVQ DX, AX; ADDQ R15, DX; MOVQ $0, R15; ADCQ $0, R15; \
+ MULXQ AX, AX, CX; \
+ MOVQ R15, R8; NEGQ R8; ANDQ 24+x, R8; \
+ ADDQ AX, R13; MOVQ R13, 48+z; \
+ ADCQ CX, R8; \
+ ADCQ $0, R9; \
+ ADDQ 24+x, DX; \
+ ADCQ $0, R15; \
+ XORL R13, R13; ;;;;;;;;;;;;;;;;;;; ADOXQ R8, R14; \
+ MULXQ 32+x, AX, CX; ADCXQ AX, R14; ADOXQ CX, R9; MOVQ R14, 56+z; \
+ MULXQ 40+x, AX, CX; ADCXQ AX, R9; ADOXQ CX, R10; MOVQ $0, R14; \
+ MULXQ 48+x, AX, CX; ADCXQ AX, R10; ADOXQ CX, R11; \
+ ;;;;;;;;;;;;;;;;;;; ADCXQ R12,R11; \
+ \
+ MOVQ 32+x, DX; \
+ MOVQ DX, AX; ADDQ R15, DX; MOVQ $0, R15; ADCQ $0, R15; \
+ MULXQ AX, AX, CX; \
+ MOVQ R15, R8; NEGQ R8; ANDQ 32+x, R8; \
+ ADDQ AX, R9; MOVQ R9, 64+z; \
+ ADCQ CX, R8; \
+ ADCQ $0, R11; \
+ ADDQ 32+x, DX; \
+ ADCQ $0, R15; \
+ XORL R9, R9; ;;;;;;;;;;;;;;;;;;;;; ADOXQ R8, R10; \
+ MULXQ 40+x, AX, CX; ADCXQ AX, R10; ADOXQ CX, R11; MOVQ R10, 72+z; \
+ MULXQ 48+x, AX, CX; ADCXQ AX, R11; ADOXQ CX, R12; \
+ ;;;;;;;;;;;;;;;;;;; ADCXQ R13,R12; \
+ \
+ MOVQ 40+x, DX; \
+ MOVQ DX, AX; ADDQ R15, DX; MOVQ $0, R15; ADCQ $0, R15; \
+ MULXQ AX, AX, CX; \
+ MOVQ R15, R8; NEGQ R8; ANDQ 40+x, R8; \
+ ADDQ AX, R11; MOVQ R11, 80+z; \
+ ADCQ CX, R8; \
+ ADCQ $0, R13; \
+ ADDQ 40+x, DX; \
+ ADCQ $0, R15; \
+ XORL R11, R11; ;;;;;;;;;;;;;;;;;;; ADOXQ R8, R12; \
+ MULXQ 48+x, AX, CX; ADCXQ AX, R12; ADOXQ CX, R13; MOVQ R12, 88+z; \
+ ;;;;;;;;;;;;;;;;;;; ADCXQ R14,R13; \
+ \
+ MOVQ 48+x, DX; \
+ MOVQ DX, AX; ADDQ R15, DX; MOVQ $0, R15; ADCQ $0, R15; \
+ MULXQ AX, AX, CX; \
+ MOVQ R15, R8; NEGQ R8; ANDQ 48+x, R8; \
+ XORL R10, R10; ;;;;;;;;;;;;;; ADOXQ CX, R14; \
+ ;;;;;;;;;;;;;; ADCXQ AX, R13; ;;;;;;;;;;;;;; MOVQ R13, 96+z; \
+ ;;;;;;;;;;;;;; ADCXQ R8, R14; MOVQ R14, 104+z;
+
+// reduceFromDoubleLeg finds a z=x modulo p such that z<2^448 and stores in z
+// Uses: AX, R8-R15, FLAGS
+// Instr: x86_64
+#define reduceFromDoubleLeg(z,x) \
+ /* ( ,2C13,2C12,2C11,2C10|C10,C9,C8, C7) + (C6,...,C0) */ \
+ /* (r14, r13, r12, r11, r10,r9,r8,r15) */ \
+ MOVQ 80+x,AX; MOVQ AX,R10; \
+ MOVQ $0xFFFFFFFF00000000, R8; \
+ ANDQ R8,R10; \
+ \
+ MOVQ $0,R14; \
+ MOVQ 104+x,R13; SHLQ $1,R13,R14; \
+ MOVQ 96+x,R12; SHLQ $1,R12,R13; \
+ MOVQ 88+x,R11; SHLQ $1,R11,R12; \
+ MOVQ 72+x, R9; SHLQ $1,R10,R11; \
+ MOVQ 64+x, R8; SHLQ $1,R10; \
+ MOVQ $0xFFFFFFFF,R15; ANDQ R15,AX; ORQ AX,R10; \
+ MOVQ 56+x,R15; \
+ \
+ ADDQ 0+x,R15; MOVQ R15, 0+z; MOVQ 56+x,R15; \
+ ADCQ 8+x, R8; MOVQ R8, 8+z; MOVQ 64+x, R8; \
+ ADCQ 16+x, R9; MOVQ R9,16+z; MOVQ 72+x, R9; \
+ ADCQ 24+x,R10; MOVQ R10,24+z; MOVQ 80+x,R10; \
+ ADCQ 32+x,R11; MOVQ R11,32+z; MOVQ 88+x,R11; \
+ ADCQ 40+x,R12; MOVQ R12,40+z; MOVQ 96+x,R12; \
+ ADCQ 48+x,R13; MOVQ R13,48+z; MOVQ 104+x,R13; \
+ ADCQ $0,R14; \
+ /* (c10c9,c9c8,c8c7,c7c13,c13c12,c12c11,c11c10) + (c6,...,c0) */ \
+ /* ( r9, r8, r15, r13, r12, r11, r10) */ \
+ MOVQ R10, AX; \
+ SHRQ $32,R11,R10; \
+ SHRQ $32,R12,R11; \
+ SHRQ $32,R13,R12; \
+ SHRQ $32,R15,R13; \
+ SHRQ $32, R8,R15; \
+ SHRQ $32, R9, R8; \
+ SHRQ $32, AX, R9; \
+ \
+ ADDQ 0+z,R10; \
+ ADCQ 8+z,R11; \
+ ADCQ 16+z,R12; \
+ ADCQ 24+z,R13; \
+ ADCQ 32+z,R15; \
+ ADCQ 40+z, R8; \
+ ADCQ 48+z, R9; \
+ ADCQ $0,R14; \
+ /* ( c7) + (c6,...,c0) */ \
+ /* (r14) */ \
+ MOVQ R14, AX; SHLQ $32, AX; \
+ ADDQ R14,R10; MOVQ $0,R14; \
+ ADCQ $0,R11; \
+ ADCQ $0,R12; \
+ ADCQ AX,R13; \
+ ADCQ $0,R15; \
+ ADCQ $0, R8; \
+ ADCQ $0, R9; \
+ ADCQ $0,R14; \
+ /* ( c7) + (c6,...,c0) */ \
+ /* (r14) */ \
+ MOVQ R14, AX; SHLQ $32,AX; \
+ ADDQ R14,R10; MOVQ R10, 0+z; \
+ ADCQ $0,R11; MOVQ R11, 8+z; \
+ ADCQ $0,R12; MOVQ R12,16+z; \
+ ADCQ AX,R13; MOVQ R13,24+z; \
+ ADCQ $0,R15; MOVQ R15,32+z; \
+ ADCQ $0, R8; MOVQ R8,40+z; \
+ ADCQ $0, R9; MOVQ R9,48+z;
+
+// reduceFromDoubleAdx finds a z=x modulo p such that z<2^448 and stores in z
+// Uses: AX, R8-R15, FLAGS
+// Instr: x86_64, adx
+#define reduceFromDoubleAdx(z,x) \
+ /* ( ,2C13,2C12,2C11,2C10|C10,C9,C8, C7) + (C6,...,C0) */ \
+ /* (r14, r13, r12, r11, r10,r9,r8,r15) */ \
+ MOVQ 80+x,AX; MOVQ AX,R10; \
+ MOVQ $0xFFFFFFFF00000000, R8; \
+ ANDQ R8,R10; \
+ \
+ MOVQ $0,R14; \
+ MOVQ 104+x,R13; SHLQ $1,R13,R14; \
+ MOVQ 96+x,R12; SHLQ $1,R12,R13; \
+ MOVQ 88+x,R11; SHLQ $1,R11,R12; \
+ MOVQ 72+x, R9; SHLQ $1,R10,R11; \
+ MOVQ 64+x, R8; SHLQ $1,R10; \
+ MOVQ $0xFFFFFFFF,R15; ANDQ R15,AX; ORQ AX,R10; \
+ MOVQ 56+x,R15; \
+ \
+ XORL AX,AX; \
+ ADCXQ 0+x,R15; MOVQ R15, 0+z; MOVQ 56+x,R15; \
+ ADCXQ 8+x, R8; MOVQ R8, 8+z; MOVQ 64+x, R8; \
+ ADCXQ 16+x, R9; MOVQ R9,16+z; MOVQ 72+x, R9; \
+ ADCXQ 24+x,R10; MOVQ R10,24+z; MOVQ 80+x,R10; \
+ ADCXQ 32+x,R11; MOVQ R11,32+z; MOVQ 88+x,R11; \
+ ADCXQ 40+x,R12; MOVQ R12,40+z; MOVQ 96+x,R12; \
+ ADCXQ 48+x,R13; MOVQ R13,48+z; MOVQ 104+x,R13; \
+ ADCXQ AX,R14; \
+ /* (c10c9,c9c8,c8c7,c7c13,c13c12,c12c11,c11c10) + (c6,...,c0) */ \
+ /* ( r9, r8, r15, r13, r12, r11, r10) */ \
+ MOVQ R10, AX; \
+ SHRQ $32,R11,R10; \
+ SHRQ $32,R12,R11; \
+ SHRQ $32,R13,R12; \
+ SHRQ $32,R15,R13; \
+ SHRQ $32, R8,R15; \
+ SHRQ $32, R9, R8; \
+ SHRQ $32, AX, R9; \
+ \
+ XORL AX,AX; \
+ ADCXQ 0+z,R10; \
+ ADCXQ 8+z,R11; \
+ ADCXQ 16+z,R12; \
+ ADCXQ 24+z,R13; \
+ ADCXQ 32+z,R15; \
+ ADCXQ 40+z, R8; \
+ ADCXQ 48+z, R9; \
+ ADCXQ AX,R14; \
+ /* ( c7) + (c6,...,c0) */ \
+ /* (r14) */ \
+ MOVQ R14, AX; SHLQ $32, AX; \
+ CLC; \
+ ADCXQ R14,R10; MOVQ $0,R14; \
+ ADCXQ R14,R11; \
+ ADCXQ R14,R12; \
+ ADCXQ AX,R13; \
+ ADCXQ R14,R15; \
+ ADCXQ R14, R8; \
+ ADCXQ R14, R9; \
+ ADCXQ R14,R14; \
+ /* ( c7) + (c6,...,c0) */ \
+ /* (r14) */ \
+ MOVQ R14, AX; SHLQ $32, AX; \
+ CLC; \
+ ADCXQ R14,R10; MOVQ R10, 0+z; MOVQ $0,R14; \
+ ADCXQ R14,R11; MOVQ R11, 8+z; \
+ ADCXQ R14,R12; MOVQ R12,16+z; \
+ ADCXQ AX,R13; MOVQ R13,24+z; \
+ ADCXQ R14,R15; MOVQ R15,32+z; \
+ ADCXQ R14, R8; MOVQ R8,40+z; \
+ ADCXQ R14, R9; MOVQ R9,48+z;
+
+// addSub calculates two operations: x,y = x+y,x-y
+// Uses: AX, DX, R8-R15, FLAGS
+#define addSub(x,y) \
+ MOVQ 0+x, R8; ADDQ 0+y, R8; \
+ MOVQ 8+x, R9; ADCQ 8+y, R9; \
+ MOVQ 16+x, R10; ADCQ 16+y, R10; \
+ MOVQ 24+x, R11; ADCQ 24+y, R11; \
+ MOVQ 32+x, R12; ADCQ 32+y, R12; \
+ MOVQ 40+x, R13; ADCQ 40+y, R13; \
+ MOVQ 48+x, R14; ADCQ 48+y, R14; \
+ MOVQ $0, AX; ADCQ $0, AX; \
+ MOVQ AX, DX; \
+ SHLQ $32, DX; \
+ ADDQ AX, R8; MOVQ $0, AX; \
+ ADCQ $0, R9; \
+ ADCQ $0, R10; \
+ ADCQ DX, R11; \
+ ADCQ $0, R12; \
+ ADCQ $0, R13; \
+ ADCQ $0, R14; \
+ ADCQ $0, AX; \
+ MOVQ AX, DX; \
+ SHLQ $32, DX; \
+ ADDQ AX, R8; MOVQ 0+x,AX; MOVQ R8, 0+x; MOVQ AX, R8; \
+ ADCQ $0, R9; MOVQ 8+x,AX; MOVQ R9, 8+x; MOVQ AX, R9; \
+ ADCQ $0, R10; MOVQ 16+x,AX; MOVQ R10, 16+x; MOVQ AX, R10; \
+ ADCQ DX, R11; MOVQ 24+x,AX; MOVQ R11, 24+x; MOVQ AX, R11; \
+ ADCQ $0, R12; MOVQ 32+x,AX; MOVQ R12, 32+x; MOVQ AX, R12; \
+ ADCQ $0, R13; MOVQ 40+x,AX; MOVQ R13, 40+x; MOVQ AX, R13; \
+ ADCQ $0, R14; MOVQ 48+x,AX; MOVQ R14, 48+x; MOVQ AX, R14; \
+ SUBQ 0+y, R8; \
+ SBBQ 8+y, R9; \
+ SBBQ 16+y, R10; \
+ SBBQ 24+y, R11; \
+ SBBQ 32+y, R12; \
+ SBBQ 40+y, R13; \
+ SBBQ 48+y, R14; \
+ MOVQ $0, AX; SETCS AX; \
+ MOVQ AX, DX; \
+ SHLQ $32, DX; \
+ SUBQ AX, R8; MOVQ $0, AX; \
+ SBBQ $0, R9; \
+ SBBQ $0, R10; \
+ SBBQ DX, R11; \
+ SBBQ $0, R12; \
+ SBBQ $0, R13; \
+ SBBQ $0, R14; \
+ SETCS AX; \
+ MOVQ AX, DX; \
+ SHLQ $32, DX; \
+ SUBQ AX, R8; MOVQ R8, 0+y; \
+ SBBQ $0, R9; MOVQ R9, 8+y; \
+ SBBQ $0, R10; MOVQ R10, 16+y; \
+ SBBQ DX, R11; MOVQ R11, 24+y; \
+ SBBQ $0, R12; MOVQ R12, 32+y; \
+ SBBQ $0, R13; MOVQ R13, 40+y; \
+ SBBQ $0, R14; MOVQ R14, 48+y;
diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s b/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s
new file mode 100644
index 0000000000000000000000000000000000000000..435addf5e6ca3cdbb408ad3203ca02c8b8fa6bc5
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/fp448/fp_amd64.s
@@ -0,0 +1,74 @@
+// +build amd64
+
+#include "textflag.h"
+#include "fp_amd64.h"
+
+// func cmovAmd64(x, y *Elt, n uint)
+TEXT ·cmovAmd64(SB),NOSPLIT,$0-24
+ MOVQ x+0(FP), DI
+ MOVQ y+8(FP), SI
+ MOVQ n+16(FP), BX
+ cselect(0(DI),0(SI),BX)
+ RET
+
+// func cswapAmd64(x, y *Elt, n uint)
+TEXT ·cswapAmd64(SB),NOSPLIT,$0-24
+ MOVQ x+0(FP), DI
+ MOVQ y+8(FP), SI
+ MOVQ n+16(FP), BX
+ cswap(0(DI),0(SI),BX)
+ RET
+
+// func subAmd64(z, x, y *Elt)
+TEXT ·subAmd64(SB),NOSPLIT,$0-24
+ MOVQ z+0(FP), DI
+ MOVQ x+8(FP), SI
+ MOVQ y+16(FP), BX
+ subtraction(0(DI),0(SI),0(BX))
+ RET
+
+// func addsubAmd64(x, y *Elt)
+TEXT ·addsubAmd64(SB),NOSPLIT,$0-16
+ MOVQ x+0(FP), DI
+ MOVQ y+8(FP), SI
+ addSub(0(DI),0(SI))
+ RET
+
+#define addLegacy \
+ additionLeg(0(DI),0(SI),0(BX))
+#define addBmi2Adx \
+ additionAdx(0(DI),0(SI),0(BX))
+
+#define mulLegacy \
+ integerMulLeg(0(SP),0(SI),0(BX)) \
+ reduceFromDoubleLeg(0(DI),0(SP))
+#define mulBmi2Adx \
+ integerMulAdx(0(SP),0(SI),0(BX)) \
+ reduceFromDoubleAdx(0(DI),0(SP))
+
+#define sqrLegacy \
+ integerSqrLeg(0(SP),0(SI)) \
+ reduceFromDoubleLeg(0(DI),0(SP))
+#define sqrBmi2Adx \
+ integerSqrAdx(0(SP),0(SI)) \
+ reduceFromDoubleAdx(0(DI),0(SP))
+
+// func addAmd64(z, x, y *Elt)
+TEXT ·addAmd64(SB),NOSPLIT,$0-24
+ MOVQ z+0(FP), DI
+ MOVQ x+8(FP), SI
+ MOVQ y+16(FP), BX
+ CHECK_BMI2ADX(LADD, addLegacy, addBmi2Adx)
+
+// func mulAmd64(z, x, y *Elt)
+TEXT ·mulAmd64(SB),NOSPLIT,$112-24
+ MOVQ z+0(FP), DI
+ MOVQ x+8(FP), SI
+ MOVQ y+16(FP), BX
+ CHECK_BMI2ADX(LMUL, mulLegacy, mulBmi2Adx)
+
+// func sqrAmd64(z, x *Elt)
+TEXT ·sqrAmd64(SB),NOSPLIT,$112-16
+ MOVQ z+0(FP), DI
+ MOVQ x+8(FP), SI
+ CHECK_BMI2ADX(LSQR, sqrLegacy, sqrBmi2Adx)
diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fp_generic.go b/vendor/github.com/cloudflare/circl/math/fp448/fp_generic.go
new file mode 100644
index 0000000000000000000000000000000000000000..47a0b63205f8b853995c4f62aa723c1fd7513636
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/fp448/fp_generic.go
@@ -0,0 +1,339 @@
+package fp448
+
+import (
+ "encoding/binary"
+ "math/bits"
+)
+
+func cmovGeneric(x, y *Elt, n uint) {
+ m := -uint64(n & 0x1)
+ x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8])
+ x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8])
+ x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8])
+ x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8])
+ x4 := binary.LittleEndian.Uint64(x[4*8 : 5*8])
+ x5 := binary.LittleEndian.Uint64(x[5*8 : 6*8])
+ x6 := binary.LittleEndian.Uint64(x[6*8 : 7*8])
+
+ y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8])
+ y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8])
+ y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8])
+ y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8])
+ y4 := binary.LittleEndian.Uint64(y[4*8 : 5*8])
+ y5 := binary.LittleEndian.Uint64(y[5*8 : 6*8])
+ y6 := binary.LittleEndian.Uint64(y[6*8 : 7*8])
+
+ x0 = (x0 &^ m) | (y0 & m)
+ x1 = (x1 &^ m) | (y1 & m)
+ x2 = (x2 &^ m) | (y2 & m)
+ x3 = (x3 &^ m) | (y3 & m)
+ x4 = (x4 &^ m) | (y4 & m)
+ x5 = (x5 &^ m) | (y5 & m)
+ x6 = (x6 &^ m) | (y6 & m)
+
+ binary.LittleEndian.PutUint64(x[0*8:1*8], x0)
+ binary.LittleEndian.PutUint64(x[1*8:2*8], x1)
+ binary.LittleEndian.PutUint64(x[2*8:3*8], x2)
+ binary.LittleEndian.PutUint64(x[3*8:4*8], x3)
+ binary.LittleEndian.PutUint64(x[4*8:5*8], x4)
+ binary.LittleEndian.PutUint64(x[5*8:6*8], x5)
+ binary.LittleEndian.PutUint64(x[6*8:7*8], x6)
+}
+
+func cswapGeneric(x, y *Elt, n uint) {
+ m := -uint64(n & 0x1)
+ x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8])
+ x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8])
+ x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8])
+ x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8])
+ x4 := binary.LittleEndian.Uint64(x[4*8 : 5*8])
+ x5 := binary.LittleEndian.Uint64(x[5*8 : 6*8])
+ x6 := binary.LittleEndian.Uint64(x[6*8 : 7*8])
+
+ y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8])
+ y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8])
+ y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8])
+ y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8])
+ y4 := binary.LittleEndian.Uint64(y[4*8 : 5*8])
+ y5 := binary.LittleEndian.Uint64(y[5*8 : 6*8])
+ y6 := binary.LittleEndian.Uint64(y[6*8 : 7*8])
+
+ t0 := m & (x0 ^ y0)
+ t1 := m & (x1 ^ y1)
+ t2 := m & (x2 ^ y2)
+ t3 := m & (x3 ^ y3)
+ t4 := m & (x4 ^ y4)
+ t5 := m & (x5 ^ y5)
+ t6 := m & (x6 ^ y6)
+ x0 ^= t0
+ x1 ^= t1
+ x2 ^= t2
+ x3 ^= t3
+ x4 ^= t4
+ x5 ^= t5
+ x6 ^= t6
+ y0 ^= t0
+ y1 ^= t1
+ y2 ^= t2
+ y3 ^= t3
+ y4 ^= t4
+ y5 ^= t5
+ y6 ^= t6
+
+ binary.LittleEndian.PutUint64(x[0*8:1*8], x0)
+ binary.LittleEndian.PutUint64(x[1*8:2*8], x1)
+ binary.LittleEndian.PutUint64(x[2*8:3*8], x2)
+ binary.LittleEndian.PutUint64(x[3*8:4*8], x3)
+ binary.LittleEndian.PutUint64(x[4*8:5*8], x4)
+ binary.LittleEndian.PutUint64(x[5*8:6*8], x5)
+ binary.LittleEndian.PutUint64(x[6*8:7*8], x6)
+
+ binary.LittleEndian.PutUint64(y[0*8:1*8], y0)
+ binary.LittleEndian.PutUint64(y[1*8:2*8], y1)
+ binary.LittleEndian.PutUint64(y[2*8:3*8], y2)
+ binary.LittleEndian.PutUint64(y[3*8:4*8], y3)
+ binary.LittleEndian.PutUint64(y[4*8:5*8], y4)
+ binary.LittleEndian.PutUint64(y[5*8:6*8], y5)
+ binary.LittleEndian.PutUint64(y[6*8:7*8], y6)
+}
+
+func addGeneric(z, x, y *Elt) {
+ x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8])
+ x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8])
+ x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8])
+ x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8])
+ x4 := binary.LittleEndian.Uint64(x[4*8 : 5*8])
+ x5 := binary.LittleEndian.Uint64(x[5*8 : 6*8])
+ x6 := binary.LittleEndian.Uint64(x[6*8 : 7*8])
+
+ y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8])
+ y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8])
+ y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8])
+ y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8])
+ y4 := binary.LittleEndian.Uint64(y[4*8 : 5*8])
+ y5 := binary.LittleEndian.Uint64(y[5*8 : 6*8])
+ y6 := binary.LittleEndian.Uint64(y[6*8 : 7*8])
+
+ z0, c0 := bits.Add64(x0, y0, 0)
+ z1, c1 := bits.Add64(x1, y1, c0)
+ z2, c2 := bits.Add64(x2, y2, c1)
+ z3, c3 := bits.Add64(x3, y3, c2)
+ z4, c4 := bits.Add64(x4, y4, c3)
+ z5, c5 := bits.Add64(x5, y5, c4)
+ z6, z7 := bits.Add64(x6, y6, c5)
+
+ z0, c0 = bits.Add64(z0, z7, 0)
+ z1, c1 = bits.Add64(z1, 0, c0)
+ z2, c2 = bits.Add64(z2, 0, c1)
+ z3, c3 = bits.Add64(z3, z7<<32, c2)
+ z4, c4 = bits.Add64(z4, 0, c3)
+ z5, c5 = bits.Add64(z5, 0, c4)
+ z6, z7 = bits.Add64(z6, 0, c5)
+
+ z0, c0 = bits.Add64(z0, z7, 0)
+ z1, c1 = bits.Add64(z1, 0, c0)
+ z2, c2 = bits.Add64(z2, 0, c1)
+ z3, c3 = bits.Add64(z3, z7<<32, c2)
+ z4, c4 = bits.Add64(z4, 0, c3)
+ z5, c5 = bits.Add64(z5, 0, c4)
+ z6, _ = bits.Add64(z6, 0, c5)
+
+ binary.LittleEndian.PutUint64(z[0*8:1*8], z0)
+ binary.LittleEndian.PutUint64(z[1*8:2*8], z1)
+ binary.LittleEndian.PutUint64(z[2*8:3*8], z2)
+ binary.LittleEndian.PutUint64(z[3*8:4*8], z3)
+ binary.LittleEndian.PutUint64(z[4*8:5*8], z4)
+ binary.LittleEndian.PutUint64(z[5*8:6*8], z5)
+ binary.LittleEndian.PutUint64(z[6*8:7*8], z6)
+}
+
+func subGeneric(z, x, y *Elt) {
+ x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8])
+ x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8])
+ x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8])
+ x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8])
+ x4 := binary.LittleEndian.Uint64(x[4*8 : 5*8])
+ x5 := binary.LittleEndian.Uint64(x[5*8 : 6*8])
+ x6 := binary.LittleEndian.Uint64(x[6*8 : 7*8])
+
+ y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8])
+ y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8])
+ y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8])
+ y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8])
+ y4 := binary.LittleEndian.Uint64(y[4*8 : 5*8])
+ y5 := binary.LittleEndian.Uint64(y[5*8 : 6*8])
+ y6 := binary.LittleEndian.Uint64(y[6*8 : 7*8])
+
+ z0, c0 := bits.Sub64(x0, y0, 0)
+ z1, c1 := bits.Sub64(x1, y1, c0)
+ z2, c2 := bits.Sub64(x2, y2, c1)
+ z3, c3 := bits.Sub64(x3, y3, c2)
+ z4, c4 := bits.Sub64(x4, y4, c3)
+ z5, c5 := bits.Sub64(x5, y5, c4)
+ z6, z7 := bits.Sub64(x6, y6, c5)
+
+ z0, c0 = bits.Sub64(z0, z7, 0)
+ z1, c1 = bits.Sub64(z1, 0, c0)
+ z2, c2 = bits.Sub64(z2, 0, c1)
+ z3, c3 = bits.Sub64(z3, z7<<32, c2)
+ z4, c4 = bits.Sub64(z4, 0, c3)
+ z5, c5 = bits.Sub64(z5, 0, c4)
+ z6, z7 = bits.Sub64(z6, 0, c5)
+
+ z0, c0 = bits.Sub64(z0, z7, 0)
+ z1, c1 = bits.Sub64(z1, 0, c0)
+ z2, c2 = bits.Sub64(z2, 0, c1)
+ z3, c3 = bits.Sub64(z3, z7<<32, c2)
+ z4, c4 = bits.Sub64(z4, 0, c3)
+ z5, c5 = bits.Sub64(z5, 0, c4)
+ z6, _ = bits.Sub64(z6, 0, c5)
+
+ binary.LittleEndian.PutUint64(z[0*8:1*8], z0)
+ binary.LittleEndian.PutUint64(z[1*8:2*8], z1)
+ binary.LittleEndian.PutUint64(z[2*8:3*8], z2)
+ binary.LittleEndian.PutUint64(z[3*8:4*8], z3)
+ binary.LittleEndian.PutUint64(z[4*8:5*8], z4)
+ binary.LittleEndian.PutUint64(z[5*8:6*8], z5)
+ binary.LittleEndian.PutUint64(z[6*8:7*8], z6)
+}
+
+func addsubGeneric(x, y *Elt) {
+ z := &Elt{}
+ addGeneric(z, x, y)
+ subGeneric(y, x, y)
+ *x = *z
+}
+
+func mulGeneric(z, x, y *Elt) {
+ x0 := binary.LittleEndian.Uint64(x[0*8 : 1*8])
+ x1 := binary.LittleEndian.Uint64(x[1*8 : 2*8])
+ x2 := binary.LittleEndian.Uint64(x[2*8 : 3*8])
+ x3 := binary.LittleEndian.Uint64(x[3*8 : 4*8])
+ x4 := binary.LittleEndian.Uint64(x[4*8 : 5*8])
+ x5 := binary.LittleEndian.Uint64(x[5*8 : 6*8])
+ x6 := binary.LittleEndian.Uint64(x[6*8 : 7*8])
+
+ y0 := binary.LittleEndian.Uint64(y[0*8 : 1*8])
+ y1 := binary.LittleEndian.Uint64(y[1*8 : 2*8])
+ y2 := binary.LittleEndian.Uint64(y[2*8 : 3*8])
+ y3 := binary.LittleEndian.Uint64(y[3*8 : 4*8])
+ y4 := binary.LittleEndian.Uint64(y[4*8 : 5*8])
+ y5 := binary.LittleEndian.Uint64(y[5*8 : 6*8])
+ y6 := binary.LittleEndian.Uint64(y[6*8 : 7*8])
+
+ yy := [7]uint64{y0, y1, y2, y3, y4, y5, y6}
+ zz := [7]uint64{}
+
+ yi := yy[0]
+ h0, l0 := bits.Mul64(x0, yi)
+ h1, l1 := bits.Mul64(x1, yi)
+ h2, l2 := bits.Mul64(x2, yi)
+ h3, l3 := bits.Mul64(x3, yi)
+ h4, l4 := bits.Mul64(x4, yi)
+ h5, l5 := bits.Mul64(x5, yi)
+ h6, l6 := bits.Mul64(x6, yi)
+
+ zz[0] = l0
+ a0, c0 := bits.Add64(h0, l1, 0)
+ a1, c1 := bits.Add64(h1, l2, c0)
+ a2, c2 := bits.Add64(h2, l3, c1)
+ a3, c3 := bits.Add64(h3, l4, c2)
+ a4, c4 := bits.Add64(h4, l5, c3)
+ a5, c5 := bits.Add64(h5, l6, c4)
+ a6, _ := bits.Add64(h6, 0, c5)
+
+ for i := 1; i < 7; i++ {
+ yi = yy[i]
+ h0, l0 = bits.Mul64(x0, yi)
+ h1, l1 = bits.Mul64(x1, yi)
+ h2, l2 = bits.Mul64(x2, yi)
+ h3, l3 = bits.Mul64(x3, yi)
+ h4, l4 = bits.Mul64(x4, yi)
+ h5, l5 = bits.Mul64(x5, yi)
+ h6, l6 = bits.Mul64(x6, yi)
+
+ zz[i], c0 = bits.Add64(a0, l0, 0)
+ a0, c1 = bits.Add64(a1, l1, c0)
+ a1, c2 = bits.Add64(a2, l2, c1)
+ a2, c3 = bits.Add64(a3, l3, c2)
+ a3, c4 = bits.Add64(a4, l4, c3)
+ a4, c5 = bits.Add64(a5, l5, c4)
+ a5, a6 = bits.Add64(a6, l6, c5)
+
+ a0, c0 = bits.Add64(a0, h0, 0)
+ a1, c1 = bits.Add64(a1, h1, c0)
+ a2, c2 = bits.Add64(a2, h2, c1)
+ a3, c3 = bits.Add64(a3, h3, c2)
+ a4, c4 = bits.Add64(a4, h4, c3)
+ a5, c5 = bits.Add64(a5, h5, c4)
+ a6, _ = bits.Add64(a6, h6, c5)
+ }
+ red64(z, &zz, &[7]uint64{a0, a1, a2, a3, a4, a5, a6})
+}
+
+func sqrGeneric(z, x *Elt) { mulGeneric(z, x, x) }
+
+func red64(z *Elt, l, h *[7]uint64) {
+ /* (2C13, 2C12, 2C11, 2C10|C10, C9, C8, C7) + (C6,...,C0) */
+ h0 := h[0]
+ h1 := h[1]
+ h2 := h[2]
+ h3 := ((h[3] & (0xFFFFFFFF << 32)) << 1) | (h[3] & 0xFFFFFFFF)
+ h4 := (h[3] >> 63) | (h[4] << 1)
+ h5 := (h[4] >> 63) | (h[5] << 1)
+ h6 := (h[5] >> 63) | (h[6] << 1)
+ h7 := (h[6] >> 63)
+
+ l0, c0 := bits.Add64(h0, l[0], 0)
+ l1, c1 := bits.Add64(h1, l[1], c0)
+ l2, c2 := bits.Add64(h2, l[2], c1)
+ l3, c3 := bits.Add64(h3, l[3], c2)
+ l4, c4 := bits.Add64(h4, l[4], c3)
+ l5, c5 := bits.Add64(h5, l[5], c4)
+ l6, c6 := bits.Add64(h6, l[6], c5)
+ l7, _ := bits.Add64(h7, 0, c6)
+
+ /* (C10C9, C9C8,C8C7,C7C13,C13C12,C12C11,C11C10) + (C6,...,C0) */
+ h0 = (h[3] >> 32) | (h[4] << 32)
+ h1 = (h[4] >> 32) | (h[5] << 32)
+ h2 = (h[5] >> 32) | (h[6] << 32)
+ h3 = (h[6] >> 32) | (h[0] << 32)
+ h4 = (h[0] >> 32) | (h[1] << 32)
+ h5 = (h[1] >> 32) | (h[2] << 32)
+ h6 = (h[2] >> 32) | (h[3] << 32)
+
+ l0, c0 = bits.Add64(l0, h0, 0)
+ l1, c1 = bits.Add64(l1, h1, c0)
+ l2, c2 = bits.Add64(l2, h2, c1)
+ l3, c3 = bits.Add64(l3, h3, c2)
+ l4, c4 = bits.Add64(l4, h4, c3)
+ l5, c5 = bits.Add64(l5, h5, c4)
+ l6, c6 = bits.Add64(l6, h6, c5)
+ l7, _ = bits.Add64(l7, 0, c6)
+
+ /* (C7) + (C6,...,C0) */
+ l0, c0 = bits.Add64(l0, l7, 0)
+ l1, c1 = bits.Add64(l1, 0, c0)
+ l2, c2 = bits.Add64(l2, 0, c1)
+ l3, c3 = bits.Add64(l3, l7<<32, c2)
+ l4, c4 = bits.Add64(l4, 0, c3)
+ l5, c5 = bits.Add64(l5, 0, c4)
+ l6, l7 = bits.Add64(l6, 0, c5)
+
+ /* (C7) + (C6,...,C0) */
+ l0, c0 = bits.Add64(l0, l7, 0)
+ l1, c1 = bits.Add64(l1, 0, c0)
+ l2, c2 = bits.Add64(l2, 0, c1)
+ l3, c3 = bits.Add64(l3, l7<<32, c2)
+ l4, c4 = bits.Add64(l4, 0, c3)
+ l5, c5 = bits.Add64(l5, 0, c4)
+ l6, _ = bits.Add64(l6, 0, c5)
+
+ binary.LittleEndian.PutUint64(z[0*8:1*8], l0)
+ binary.LittleEndian.PutUint64(z[1*8:2*8], l1)
+ binary.LittleEndian.PutUint64(z[2*8:3*8], l2)
+ binary.LittleEndian.PutUint64(z[3*8:4*8], l3)
+ binary.LittleEndian.PutUint64(z[4*8:5*8], l4)
+ binary.LittleEndian.PutUint64(z[5*8:6*8], l5)
+ binary.LittleEndian.PutUint64(z[6*8:7*8], l6)
+}
diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fp_noasm.go b/vendor/github.com/cloudflare/circl/math/fp448/fp_noasm.go
new file mode 100644
index 0000000000000000000000000000000000000000..a62225d296240f7cd7f59e269047125d563eb834
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/fp448/fp_noasm.go
@@ -0,0 +1,12 @@
+//go:build !amd64 || purego
+// +build !amd64 purego
+
+package fp448
+
+func cmov(x, y *Elt, n uint) { cmovGeneric(x, y, n) }
+func cswap(x, y *Elt, n uint) { cswapGeneric(x, y, n) }
+func add(z, x, y *Elt) { addGeneric(z, x, y) }
+func sub(z, x, y *Elt) { subGeneric(z, x, y) }
+func addsub(x, y *Elt) { addsubGeneric(x, y) }
+func mul(z, x, y *Elt) { mulGeneric(z, x, y) }
+func sqr(z, x *Elt) { sqrGeneric(z, x) }
diff --git a/vendor/github.com/cloudflare/circl/math/fp448/fuzzer.go b/vendor/github.com/cloudflare/circl/math/fp448/fuzzer.go
new file mode 100644
index 0000000000000000000000000000000000000000..2d7afc80598454661b35837cb6686885bf114340
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/fp448/fuzzer.go
@@ -0,0 +1,75 @@
+//go:build gofuzz
+// +build gofuzz
+
+// How to run the fuzzer:
+//
+// $ go get -u github.com/dvyukov/go-fuzz/go-fuzz
+// $ go get -u github.com/dvyukov/go-fuzz/go-fuzz-build
+// $ go-fuzz-build -libfuzzer -func FuzzReduction -o lib.a
+// $ clang -fsanitize=fuzzer lib.a -o fu.exe
+// $ ./fu.exe
+package fp448
+
+import (
+ "encoding/binary"
+ "fmt"
+ "math/big"
+
+ "github.com/cloudflare/circl/internal/conv"
+)
+
+// FuzzReduction is a fuzzer target for red64 function, which reduces t
+// (112 bits) to a number t' (56 bits) congruent modulo p448.
+func FuzzReduction(data []byte) int {
+ if len(data) != 2*Size {
+ return -1
+ }
+ var got, want Elt
+ var lo, hi [7]uint64
+ a := data[:Size]
+ b := data[Size:]
+ lo[0] = binary.LittleEndian.Uint64(a[0*8 : 1*8])
+ lo[1] = binary.LittleEndian.Uint64(a[1*8 : 2*8])
+ lo[2] = binary.LittleEndian.Uint64(a[2*8 : 3*8])
+ lo[3] = binary.LittleEndian.Uint64(a[3*8 : 4*8])
+ lo[4] = binary.LittleEndian.Uint64(a[4*8 : 5*8])
+ lo[5] = binary.LittleEndian.Uint64(a[5*8 : 6*8])
+ lo[6] = binary.LittleEndian.Uint64(a[6*8 : 7*8])
+
+ hi[0] = binary.LittleEndian.Uint64(b[0*8 : 1*8])
+ hi[1] = binary.LittleEndian.Uint64(b[1*8 : 2*8])
+ hi[2] = binary.LittleEndian.Uint64(b[2*8 : 3*8])
+ hi[3] = binary.LittleEndian.Uint64(b[3*8 : 4*8])
+ hi[4] = binary.LittleEndian.Uint64(b[4*8 : 5*8])
+ hi[5] = binary.LittleEndian.Uint64(b[5*8 : 6*8])
+ hi[6] = binary.LittleEndian.Uint64(b[6*8 : 7*8])
+
+ red64(&got, &lo, &hi)
+
+ t := conv.BytesLe2BigInt(data[:2*Size])
+
+ two448 := big.NewInt(1)
+ two448.Lsh(two448, 448) // 2^448
+ mask448 := big.NewInt(1)
+ mask448.Sub(two448, mask448) // 2^448-1
+ two224plus1 := big.NewInt(1)
+ two224plus1.Lsh(two224plus1, 224)
+ two224plus1.Add(two224plus1, big.NewInt(1)) // 2^224+1
+
+ var loBig, hiBig big.Int
+ for t.Cmp(two448) >= 0 {
+ loBig.And(t, mask448)
+ hiBig.Rsh(t, 448)
+ t.Mul(&hiBig, two224plus1)
+ t.Add(t, &loBig)
+ }
+ conv.BigInt2BytesLe(want[:], t)
+
+ if got != want {
+ fmt.Printf("in: %v\n", conv.BytesLe2BigInt(data[:2*Size]))
+ fmt.Printf("got: %v\n", got)
+ fmt.Printf("want: %v\n", want)
+ panic("error found")
+ }
+ return 1
+}
diff --git a/vendor/github.com/cloudflare/circl/math/mlsbset/mlsbset.go b/vendor/github.com/cloudflare/circl/math/mlsbset/mlsbset.go
new file mode 100644
index 0000000000000000000000000000000000000000..a43851b8bb2b3fb4e0db394263ec89cdb7369114
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/mlsbset/mlsbset.go
@@ -0,0 +1,122 @@
+// Package mlsbset provides a constant-time exponentiation method with precomputation.
+//
+// References: "Efficient and secure algorithms for GLV-based scalar
+// multiplication and their implementation on GLV–GLS curves" by (Faz-Hernandez et al.)
+// - https://doi.org/10.1007/s13389-014-0085-7
+// - https://eprint.iacr.org/2013/158
+package mlsbset
+
+import (
+ "errors"
+ "fmt"
+ "math/big"
+
+ "github.com/cloudflare/circl/internal/conv"
+)
+
+// EltG is a group element.
+type EltG interface{}
+
+// EltP is a precomputed group element.
+type EltP interface{}
+
+// Group defines the operations required by MLSBSet exponentiation method.
+type Group interface {
+ Identity() EltG // Returns the identity of the group.
+ Sqr(x EltG) // Calculates x = x^2.
+ Mul(x EltG, y EltP) // Calculates x = x*y.
+ NewEltP() EltP // Returns an arbitrary precomputed element.
+ ExtendedEltP() EltP // Returns the precomputed element x^(2^(w*d)).
+ Lookup(a EltP, v uint, s, u int32) // Sets a = s*T[v][u].
+}
+
+// Params contains the parameters of the encoding.
+type Params struct {
+ T uint // T is the maximum size (in bits) of exponents.
+ V uint // V is the number of tables.
+ W uint // W is the window size.
+ E uint // E is the number of digits per table.
+ D uint // D is the number of digits in total.
+ L uint // L is the length of the code.
+}
+
+// Encoder allows to convert integers into valid powers.
+type Encoder struct{ p Params }
+
+// New produces an encoder of the MLSBSet algorithm.
+func New(t, v, w uint) (Encoder, error) {
+ if !(t > 1 && v >= 1 && w >= 2) {
+ return Encoder{}, errors.New("t>1, v>=1, w>=2")
+ }
+ e := (t + w*v - 1) / (w * v)
+ d := e * v
+ l := d * w
+ return Encoder{Params{t, v, w, e, d, l}}, nil
+}
+
+// Encode converts an odd integer k into a valid power for exponentiation.
+func (m Encoder) Encode(k []byte) (*Power, error) {
+ if len(k) == 0 {
+ return nil, errors.New("empty slice")
+ }
+ if !(len(k) <= int(m.p.L+7)>>3) {
+ return nil, errors.New("k too big")
+ }
+ if k[0]%2 == 0 {
+ return nil, errors.New("k must be odd")
+ }
+ ap := int((m.p.L+7)/8) - len(k)
+ k = append(k, make([]byte, ap)...)
+ s := m.signs(k)
+ b := make([]int32, m.p.L-m.p.D)
+ c := conv.BytesLe2BigInt(k)
+ c.Rsh(c, m.p.D)
+ var bi big.Int
+ for i := m.p.D; i < m.p.L; i++ {
+ c0 := int32(c.Bit(0))
+ b[i-m.p.D] = s[i%m.p.D] * c0
+ bi.SetInt64(int64(b[i-m.p.D] >> 1))
+ c.Rsh(c, 1)
+ c.Sub(c, &bi)
+ }
+ carry := int(c.Int64())
+ return &Power{m, s, b, carry}, nil
+}
+
+// signs calculates the set of signs.
+func (m Encoder) signs(k []byte) []int32 {
+ s := make([]int32, m.p.D)
+ s[m.p.D-1] = 1
+ for i := uint(1); i < m.p.D; i++ {
+ ki := int32((k[i>>3] >> (i & 0x7)) & 0x1)
+ s[i-1] = 2*ki - 1
+ }
+ return s
+}
+
+// GetParams returns the complementary parameters of the encoding.
+func (m Encoder) GetParams() Params { return m.p }
+
+// tableSize returns the size of each table.
+func (m Encoder) tableSize() uint { return 1 << (m.p.W - 1) }
+
+// Elts returns the total number of elements that must be precomputed.
+func (m Encoder) Elts() uint { return m.p.V * m.tableSize() }
+
+// IsExtended returns true if the element x^(2^(wd)) must be calculated.
+func (m Encoder) IsExtended() bool { q := m.p.T / (m.p.V * m.p.W); return m.p.T == q*m.p.V*m.p.W }
+
+// Ops returns the number of squares and multiplications executed during an exponentiation.
+func (m Encoder) Ops() (S uint, M uint) {
+ S = m.p.E
+ M = m.p.E * m.p.V
+ if m.IsExtended() {
+ M++
+ }
+ return
+}
+
+func (m Encoder) String() string {
+ return fmt.Sprintf("T: %v W: %v V: %v e: %v d: %v l: %v wv|t: %v",
+ m.p.T, m.p.W, m.p.V, m.p.E, m.p.D, m.p.L, m.IsExtended())
+}
diff --git a/vendor/github.com/cloudflare/circl/math/mlsbset/power.go b/vendor/github.com/cloudflare/circl/math/mlsbset/power.go
new file mode 100644
index 0000000000000000000000000000000000000000..3f214c3046afb6456736a8090e1076200b6c57d7
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/mlsbset/power.go
@@ -0,0 +1,64 @@
+package mlsbset
+
+import "fmt"
+
+// Power is a valid exponent produced by the MLSBSet encoding algorithm.
+type Power struct {
+ set Encoder // parameters of code.
+ s []int32 // set of signs.
+ b []int32 // set of digits.
+ c int // carry is {0,1}.
+}
+
+// Exp is calculates x^k, where x is a predetermined element of a group G.
+func (p *Power) Exp(G Group) EltG {
+ a, b := G.Identity(), G.NewEltP()
+ for e := int(p.set.p.E - 1); e >= 0; e-- {
+ G.Sqr(a)
+ for v := uint(0); v < p.set.p.V; v++ {
+ sgnElt, idElt := p.Digit(v, uint(e))
+ G.Lookup(b, v, sgnElt, idElt)
+ G.Mul(a, b)
+ }
+ }
+ if p.set.IsExtended() && p.c == 1 {
+ G.Mul(a, G.ExtendedEltP())
+ }
+ return a
+}
+
+// Digit returns the (v,e)-th digit and its sign.
+func (p *Power) Digit(v, e uint) (sgn, dig int32) {
+ sgn = p.bit(0, v, e)
+ dig = 0
+ for i := p.set.p.W - 1; i > 0; i-- {
+ dig = 2*dig + p.bit(i, v, e)
+ }
+ mask := dig >> 31
+ dig = (dig + mask) ^ mask
+ return sgn, dig
+}
+
+// bit returns the (w,v,e)-th bit of the code.
+func (p *Power) bit(w, v, e uint) int32 {
+ if !(w < p.set.p.W &&
+ v < p.set.p.V &&
+ e < p.set.p.E) {
+ panic(fmt.Errorf("indexes outside (%v,%v,%v)", w, v, e))
+ }
+ if w == 0 {
+ return p.s[p.set.p.E*v+e]
+ }
+ return p.b[p.set.p.D*(w-1)+p.set.p.E*v+e]
+}
+
+func (p *Power) String() string {
+ dig := ""
+ for j := uint(0); j < p.set.p.V; j++ {
+ for i := uint(0); i < p.set.p.E; i++ {
+ s, d := p.Digit(j, i)
+ dig += fmt.Sprintf("(%2v,%2v) = %+2v %+2v\n", j, i, s, d)
+ }
+ }
+ return fmt.Sprintf("len: %v\ncarry: %v\ndigits:\n%v", len(p.b)+len(p.s), p.c, dig)
+}
diff --git a/vendor/github.com/cloudflare/circl/math/primes.go b/vendor/github.com/cloudflare/circl/math/primes.go
new file mode 100644
index 0000000000000000000000000000000000000000..158fd83a7aa24c651b894446bdbc19d136cfa513
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/primes.go
@@ -0,0 +1,34 @@
+package math
+
+import (
+ "crypto/rand"
+ "io"
+ "math/big"
+)
+
+// IsSafePrime reports whether p is (probably) a safe prime.
+// The prime p=2*q+1 is safe prime if both p and q are primes.
+// Note that ProbablyPrime is not suitable for judging primes
+// that an adversary may have crafted to fool the test.
+func IsSafePrime(p *big.Int) bool {
+ pdiv2 := new(big.Int).Rsh(p, 1)
+ return p.ProbablyPrime(20) && pdiv2.ProbablyPrime(20)
+}
+
+// SafePrime returns a number of the given bit length that is a safe prime with high probability.
+// The number returned p=2*q+1 is a safe prime if both p and q are primes.
+// SafePrime will return error for any error returned by rand.Read or if bits < 2.
+func SafePrime(random io.Reader, bits int) (*big.Int, error) {
+ one := big.NewInt(1)
+ p := new(big.Int)
+ for {
+ q, err := rand.Prime(random, bits-1)
+ if err != nil {
+ return nil, err
+ }
+ p.Lsh(q, 1).Add(p, one)
+ if p.ProbablyPrime(20) {
+ return p, nil
+ }
+ }
+}
diff --git a/vendor/github.com/cloudflare/circl/math/wnaf.go b/vendor/github.com/cloudflare/circl/math/wnaf.go
new file mode 100644
index 0000000000000000000000000000000000000000..94a1ec5042901cccc6bfe998de3b6349a87682ff
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/math/wnaf.go
@@ -0,0 +1,84 @@
+// Package math provides some utility functions for big integers.
+package math
+
+import "math/big"
+
+// SignedDigit obtains the signed-digit recoding of n and returns a list L of
+// digits such that n = sum( L[i]*2^(i*(w-1)) ), and each L[i] is an odd number
+// in the set {±1, ±3, ..., ±2^(w-1)-1}. The third parameter ensures that the
+// output has ceil(l/(w-1)) digits.
+//
+// Restrictions:
+// - n is odd and n > 0.
+// - 1 < w < 32.
+// - l >= bit length of n.
+//
+// References:
+// - Alg.6 in "Exponent Recoding and Regular Exponentiation Algorithms"
+// by Joye-Tunstall. http://doi.org/10.1007/978-3-642-02384-2_21
+// - Alg.6 in "Selecting Elliptic Curves for Cryptography: An Efficiency and
+// Security Analysis" by Bos et al. http://doi.org/10.1007/s13389-015-0097-y
+func SignedDigit(n *big.Int, w, l uint) []int32 {
+ if n.Sign() <= 0 || n.Bit(0) == 0 {
+ panic("n must be non-zero, odd, and positive")
+ }
+ if w <= 1 || w >= 32 {
+ panic("Verify that 1 < w < 32")
+ }
+ if uint(n.BitLen()) > l {
+ panic("n is too big to fit in l digits")
+ }
+ lenN := (l + (w - 1) - 1) / (w - 1) // ceil(l/(w-1))
+ L := make([]int32, lenN+1)
+ var k, v big.Int
+ k.Set(n)
+
+ var i uint
+ for i = 0; i < lenN; i++ {
+ words := k.Bits()
+ value := int32(words[0] & ((1 << w) - 1))
+ value -= int32(1) << (w - 1)
+ L[i] = value
+ v.SetInt64(int64(value))
+ k.Sub(&k, &v)
+ k.Rsh(&k, w-1)
+ }
+ L[i] = int32(k.Int64())
+ return L
+}
+
+// OmegaNAF obtains the window-w Non-Adjacent Form of a positive number n and
+// 1 < w < 32. The returned slice L holds n = sum( L[i]*2^i ).
+//
+// Reference:
+// - Alg.9 "Efficient arithmetic on Koblitz curves" by Solinas.
+// http://doi.org/10.1023/A:1008306223194
+func OmegaNAF(n *big.Int, w uint) (L []int32) {
+ if n.Sign() < 0 {
+ panic("n must be positive")
+ }
+ if w <= 1 || w >= 32 {
+ panic("Verify that 1 < w < 32")
+ }
+
+ L = make([]int32, n.BitLen()+1)
+ var k, v big.Int
+ k.Set(n)
+
+ i := 0
+ for ; k.Sign() > 0; i++ {
+ value := int32(0)
+ if k.Bit(0) == 1 {
+ words := k.Bits()
+ value = int32(words[0] & ((1 << w) - 1))
+ if value >= (int32(1) << (w - 1)) {
+ value -= int32(1) << w
+ }
+ v.SetInt64(int64(value))
+ k.Sub(&k, &v)
+ }
+ L[i] = value
+ k.Rsh(&k, 1)
+ }
+ return L[:i]
+}
diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go b/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go
new file mode 100644
index 0000000000000000000000000000000000000000..2c73c26fb1faaecfa761f95a3bb3d645f23aa654
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/sign/ed25519/ed25519.go
@@ -0,0 +1,453 @@
+// Package ed25519 implements Ed25519 signature scheme as described in RFC-8032.
+//
+// This package provides optimized implementations of the three signature
+// variants and maintaining closer compatibility with crypto/ed25519.
+//
+// | Scheme Name | Sign Function | Verification | Context |
+// |-------------|-------------------|---------------|-------------------|
+// | Ed25519 | Sign | Verify | None |
+// | Ed25519Ph | SignPh | VerifyPh | Yes, can be empty |
+// | Ed25519Ctx | SignWithCtx | VerifyWithCtx | Yes, non-empty |
+// | All above | (PrivateKey).Sign | VerifyAny | As above |
+//
+// Specific functions for sign and verify are defined. A generic signing
+// function for all schemes is available through the crypto.Signer interface,
+// which is implemented by the PrivateKey type. A correspond all-in-one
+// verification method is provided by the VerifyAny function.
+//
+// Signing with Ed25519Ph or Ed25519Ctx requires a context string for domain
+// separation. This parameter is passed using a SignerOptions struct defined
+// in this package. While Ed25519Ph accepts an empty context, Ed25519Ctx
+// enforces non-empty context strings.
+//
+// # Compatibility with crypto.ed25519
+//
+// These functions are compatible with the “Ed25519” function defined in
+// RFC-8032. However, unlike RFC 8032's formulation, this package's private
+// key representation includes a public key suffix to make multiple signing
+// operations with the same key more efficient. This package refers to the
+// RFC-8032 private key as the “seed”.
+//
+// References
+//
+// - RFC-8032: https://rfc-editor.org/rfc/rfc8032.txt
+// - Ed25519: https://ed25519.cr.yp.to/
+// - EdDSA: High-speed high-security signatures. https://doi.org/10.1007/s13389-012-0027-1
+package ed25519
+
+import (
+ "bytes"
+ "crypto"
+ cryptoRand "crypto/rand"
+ "crypto/sha512"
+ "crypto/subtle"
+ "errors"
+ "fmt"
+ "io"
+ "strconv"
+
+ "github.com/cloudflare/circl/sign"
+)
+
+const (
+ // ContextMaxSize is the maximum length (in bytes) allowed for context.
+ ContextMaxSize = 255
+ // PublicKeySize is the size, in bytes, of public keys as used in this package.
+ PublicKeySize = 32
+ // PrivateKeySize is the size, in bytes, of private keys as used in this package.
+ PrivateKeySize = 64
+ // SignatureSize is the size, in bytes, of signatures generated and verified by this package.
+ SignatureSize = 64
+ // SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032.
+ SeedSize = 32
+)
+
+const (
+ paramB = 256 / 8 // Size of keys in bytes.
+)
+
+// SignerOptions implements crypto.SignerOpts and augments with parameters
+// that are specific to the Ed25519 signature schemes.
+type SignerOptions struct {
+ // Hash must be crypto.Hash(0) for Ed25519/Ed25519ctx, or crypto.SHA512
+ // for Ed25519ph.
+ crypto.Hash
+
+ // Context is an optional domain separation string for Ed25519ph and a
+ // must for Ed25519ctx. Its length must be less or equal than 255 bytes.
+ Context string
+
+ // Scheme is an identifier for choosing a signature scheme. The zero value
+ // is ED25519.
+ Scheme SchemeID
+}
+
+// SchemeID is an identifier for each signature scheme.
+type SchemeID uint
+
+const (
+ ED25519 SchemeID = iota
+ ED25519Ph
+ ED25519Ctx
+)
+
+// PrivateKey is the type of Ed25519 private keys. It implements crypto.Signer.
+type PrivateKey []byte
+
+// Equal reports whether priv and x have the same value.
+func (priv PrivateKey) Equal(x crypto.PrivateKey) bool {
+ xx, ok := x.(PrivateKey)
+ return ok && subtle.ConstantTimeCompare(priv, xx) == 1
+}
+
+// Public returns the PublicKey corresponding to priv.
+func (priv PrivateKey) Public() crypto.PublicKey {
+ publicKey := make(PublicKey, PublicKeySize)
+ copy(publicKey, priv[SeedSize:])
+ return publicKey
+}
+
+// Seed returns the private key seed corresponding to priv. It is provided for
+// interoperability with RFC 8032. RFC 8032's private keys correspond to seeds
+// in this package.
+func (priv PrivateKey) Seed() []byte {
+ seed := make([]byte, SeedSize)
+ copy(seed, priv[:SeedSize])
+ return seed
+}
+
+func (priv PrivateKey) Scheme() sign.Scheme { return sch }
+
+func (pub PublicKey) Scheme() sign.Scheme { return sch }
+
+func (priv PrivateKey) MarshalBinary() (data []byte, err error) {
+ privateKey := make(PrivateKey, PrivateKeySize)
+ copy(privateKey, priv)
+ return privateKey, nil
+}
+
+func (pub PublicKey) MarshalBinary() (data []byte, err error) {
+ publicKey := make(PublicKey, PublicKeySize)
+ copy(publicKey, pub)
+ return publicKey, nil
+}
+
+// Equal reports whether pub and x have the same value.
+func (pub PublicKey) Equal(x crypto.PublicKey) bool {
+ xx, ok := x.(PublicKey)
+ return ok && bytes.Equal(pub, xx)
+}
+
+// Sign creates a signature of a message with priv key.
+// This function is compatible with crypto.ed25519 and also supports the
+// three signature variants defined in RFC-8032, namely Ed25519 (or pure
+// EdDSA), Ed25519Ph, and Ed25519Ctx.
+// The opts.HashFunc() must return zero to specify either Ed25519 or Ed25519Ctx
+// variant. This can be achieved by passing crypto.Hash(0) as the value for
+// opts.
+// The opts.HashFunc() must return SHA512 to specify the Ed25519Ph variant.
+// This can be achieved by passing crypto.SHA512 as the value for opts.
+// Use a SignerOptions struct (defined in this package) to pass a context
+// string for signing.
+func (priv PrivateKey) Sign(
+ rand io.Reader,
+ message []byte,
+ opts crypto.SignerOpts,
+) (signature []byte, err error) {
+ var ctx string
+ var scheme SchemeID
+ if o, ok := opts.(SignerOptions); ok {
+ ctx = o.Context
+ scheme = o.Scheme
+ }
+
+ switch true {
+ case scheme == ED25519 && opts.HashFunc() == crypto.Hash(0):
+ return Sign(priv, message), nil
+ case scheme == ED25519Ph && opts.HashFunc() == crypto.SHA512:
+ return SignPh(priv, message, ctx), nil
+ case scheme == ED25519Ctx && opts.HashFunc() == crypto.Hash(0) && len(ctx) > 0:
+ return SignWithCtx(priv, message, ctx), nil
+ default:
+ return nil, errors.New("ed25519: bad hash algorithm")
+ }
+}
+
+// GenerateKey generates a public/private key pair using entropy from rand.
+// If rand is nil, crypto/rand.Reader will be used.
+func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) {
+ if rand == nil {
+ rand = cryptoRand.Reader
+ }
+
+ seed := make([]byte, SeedSize)
+ if _, err := io.ReadFull(rand, seed); err != nil {
+ return nil, nil, err
+ }
+
+ privateKey := NewKeyFromSeed(seed)
+ publicKey := make(PublicKey, PublicKeySize)
+ copy(publicKey, privateKey[SeedSize:])
+
+ return publicKey, privateKey, nil
+}
+
+// NewKeyFromSeed calculates a private key from a seed. It will panic if
+// len(seed) is not SeedSize. This function is provided for interoperability
+// with RFC 8032. RFC 8032's private keys correspond to seeds in this
+// package.
+func NewKeyFromSeed(seed []byte) PrivateKey {
+ privateKey := make(PrivateKey, PrivateKeySize)
+ newKeyFromSeed(privateKey, seed)
+ return privateKey
+}
+
+func newKeyFromSeed(privateKey, seed []byte) {
+ if l := len(seed); l != SeedSize {
+ panic("ed25519: bad seed length: " + strconv.Itoa(l))
+ }
+ var P pointR1
+ k := sha512.Sum512(seed)
+ clamp(k[:])
+ reduceModOrder(k[:paramB], false)
+ P.fixedMult(k[:paramB])
+ copy(privateKey[:SeedSize], seed)
+ _ = P.ToBytes(privateKey[SeedSize:])
+}
+
+func signAll(signature []byte, privateKey PrivateKey, message, ctx []byte, preHash bool) {
+ if l := len(privateKey); l != PrivateKeySize {
+ panic("ed25519: bad private key length: " + strconv.Itoa(l))
+ }
+
+ H := sha512.New()
+ var PHM []byte
+
+ if preHash {
+ _, _ = H.Write(message)
+ PHM = H.Sum(nil)
+ H.Reset()
+ } else {
+ PHM = message
+ }
+
+ // 1. Hash the 32-byte private key using SHA-512.
+ _, _ = H.Write(privateKey[:SeedSize])
+ h := H.Sum(nil)
+ clamp(h[:])
+ prefix, s := h[paramB:], h[:paramB]
+
+ // 2. Compute SHA-512(dom2(F, C) || prefix || PH(M))
+ H.Reset()
+
+ writeDom(H, ctx, preHash)
+
+ _, _ = H.Write(prefix)
+ _, _ = H.Write(PHM)
+ r := H.Sum(nil)
+ reduceModOrder(r[:], true)
+
+ // 3. Compute the point [r]B.
+ var P pointR1
+ P.fixedMult(r[:paramB])
+ R := (&[paramB]byte{})[:]
+ if err := P.ToBytes(R); err != nil {
+ panic(err)
+ }
+
+ // 4. Compute SHA512(dom2(F, C) || R || A || PH(M)).
+ H.Reset()
+
+ writeDom(H, ctx, preHash)
+
+ _, _ = H.Write(R)
+ _, _ = H.Write(privateKey[SeedSize:])
+ _, _ = H.Write(PHM)
+ hRAM := H.Sum(nil)
+
+ reduceModOrder(hRAM[:], true)
+
+ // 5. Compute S = (r + k * s) mod order.
+ S := (&[paramB]byte{})[:]
+ calculateS(S, r[:paramB], hRAM[:paramB], s)
+
+ // 6. The signature is the concatenation of R and S.
+ copy(signature[:paramB], R[:])
+ copy(signature[paramB:], S[:])
+}
+
+// Sign signs the message with privateKey and returns a signature.
+// This function supports the signature variant defined in RFC-8032: Ed25519,
+// also known as the pure version of EdDSA.
+// It will panic if len(privateKey) is not PrivateKeySize.
+func Sign(privateKey PrivateKey, message []byte) []byte {
+ signature := make([]byte, SignatureSize)
+ signAll(signature, privateKey, message, []byte(""), false)
+ return signature
+}
+
+// SignPh creates a signature of a message with private key and context.
+// This function supports the signature variant defined in RFC-8032: Ed25519ph,
+// meaning it internally hashes the message using SHA-512, and optionally
+// accepts a context string.
+// It will panic if len(privateKey) is not PrivateKeySize.
+// Context could be passed to this function, which length should be no more than
+// ContextMaxSize=255. It can be empty.
+func SignPh(privateKey PrivateKey, message []byte, ctx string) []byte {
+ if len(ctx) > ContextMaxSize {
+ panic(fmt.Errorf("ed25519: bad context length: %v", len(ctx)))
+ }
+
+ signature := make([]byte, SignatureSize)
+ signAll(signature, privateKey, message, []byte(ctx), true)
+ return signature
+}
+
+// SignWithCtx creates a signature of a message with private key and context.
+// This function supports the signature variant defined in RFC-8032: Ed25519ctx,
+// meaning it accepts a non-empty context string.
+// It will panic if len(privateKey) is not PrivateKeySize.
+// Context must be passed to this function, which length should be no more than
+// ContextMaxSize=255 and cannot be empty.
+func SignWithCtx(privateKey PrivateKey, message []byte, ctx string) []byte {
+ if len(ctx) == 0 || len(ctx) > ContextMaxSize {
+ panic(fmt.Errorf("ed25519: bad context length: %v > %v", len(ctx), ContextMaxSize))
+ }
+
+ signature := make([]byte, SignatureSize)
+ signAll(signature, privateKey, message, []byte(ctx), false)
+ return signature
+}
+
+func verify(public PublicKey, message, signature, ctx []byte, preHash bool) bool {
+ if len(public) != PublicKeySize ||
+ len(signature) != SignatureSize ||
+ !isLessThanOrder(signature[paramB:]) {
+ return false
+ }
+
+ var P pointR1
+ if ok := P.FromBytes(public); !ok {
+ return false
+ }
+
+ H := sha512.New()
+ var PHM []byte
+
+ if preHash {
+ _, _ = H.Write(message)
+ PHM = H.Sum(nil)
+ H.Reset()
+ } else {
+ PHM = message
+ }
+
+ R := signature[:paramB]
+
+ writeDom(H, ctx, preHash)
+
+ _, _ = H.Write(R)
+ _, _ = H.Write(public)
+ _, _ = H.Write(PHM)
+ hRAM := H.Sum(nil)
+ reduceModOrder(hRAM[:], true)
+
+ var Q pointR1
+ encR := (&[paramB]byte{})[:]
+ P.neg()
+ Q.doubleMult(&P, signature[paramB:], hRAM[:paramB])
+ _ = Q.ToBytes(encR)
+ return bytes.Equal(R, encR)
+}
+
+// VerifyAny returns true if the signature is valid. Failure cases are invalid
+// signature, or when the public key cannot be decoded.
+// This function supports all the three signature variants defined in RFC-8032,
+// namely Ed25519 (or pure EdDSA), Ed25519Ph, and Ed25519Ctx.
+// The opts.HashFunc() must return zero to specify either Ed25519 or Ed25519Ctx
+// variant. This can be achieved by passing crypto.Hash(0) as the value for opts.
+// The opts.HashFunc() must return SHA512 to specify the Ed25519Ph variant.
+// This can be achieved by passing crypto.SHA512 as the value for opts.
+// Use a SignerOptions struct to pass a context string for signing.
+func VerifyAny(public PublicKey, message, signature []byte, opts crypto.SignerOpts) bool {
+ var ctx string
+ var scheme SchemeID
+ if o, ok := opts.(SignerOptions); ok {
+ ctx = o.Context
+ scheme = o.Scheme
+ }
+
+ switch true {
+ case scheme == ED25519 && opts.HashFunc() == crypto.Hash(0):
+ return Verify(public, message, signature)
+ case scheme == ED25519Ph && opts.HashFunc() == crypto.SHA512:
+ return VerifyPh(public, message, signature, ctx)
+ case scheme == ED25519Ctx && opts.HashFunc() == crypto.Hash(0) && len(ctx) > 0:
+ return VerifyWithCtx(public, message, signature, ctx)
+ default:
+ return false
+ }
+}
+
+// Verify returns true if the signature is valid. Failure cases are invalid
+// signature, or when the public key cannot be decoded.
+// This function supports the signature variant defined in RFC-8032: Ed25519,
+// also known as the pure version of EdDSA.
+func Verify(public PublicKey, message, signature []byte) bool {
+ return verify(public, message, signature, []byte(""), false)
+}
+
+// VerifyPh returns true if the signature is valid. Failure cases are invalid
+// signature, or when the public key cannot be decoded.
+// This function supports the signature variant defined in RFC-8032: Ed25519ph,
+// meaning it internally hashes the message using SHA-512.
+// Context could be passed to this function, which length should be no more than
+// 255. It can be empty.
+func VerifyPh(public PublicKey, message, signature []byte, ctx string) bool {
+ return verify(public, message, signature, []byte(ctx), true)
+}
+
+// VerifyWithCtx returns true if the signature is valid. Failure cases are invalid
+// signature, or when the public key cannot be decoded, or when context is
+// not provided.
+// This function supports the signature variant defined in RFC-8032: Ed25519ctx,
+// meaning it does not handle prehashed messages. Non-empty context string must be
+// provided, and must not be more than 255 of length.
+func VerifyWithCtx(public PublicKey, message, signature []byte, ctx string) bool {
+ if len(ctx) == 0 || len(ctx) > ContextMaxSize {
+ return false
+ }
+
+ return verify(public, message, signature, []byte(ctx), false)
+}
+
+func clamp(k []byte) {
+ k[0] &= 248
+ k[paramB-1] = (k[paramB-1] & 127) | 64
+}
+
+// isLessThanOrder returns true if 0 <= x < order.
+func isLessThanOrder(x []byte) bool {
+ i := len(order) - 1
+ for i > 0 && x[i] == order[i] {
+ i--
+ }
+ return x[i] < order[i]
+}
+
+func writeDom(h io.Writer, ctx []byte, preHash bool) {
+ dom2 := "SigEd25519 no Ed25519 collisions"
+
+ if len(ctx) > 0 {
+ _, _ = h.Write([]byte(dom2))
+ if preHash {
+ _, _ = h.Write([]byte{byte(0x01), byte(len(ctx))})
+ } else {
+ _, _ = h.Write([]byte{byte(0x00), byte(len(ctx))})
+ }
+ _, _ = h.Write(ctx)
+ } else if preHash {
+ _, _ = h.Write([]byte(dom2))
+ _, _ = h.Write([]byte{0x01, 0x00})
+ }
+}
diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/modular.go b/vendor/github.com/cloudflare/circl/sign/ed25519/modular.go
new file mode 100644
index 0000000000000000000000000000000000000000..10efafdcafbab6748e1badc8dd28b2ccd0950400
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/sign/ed25519/modular.go
@@ -0,0 +1,175 @@
+package ed25519
+
+import (
+ "encoding/binary"
+ "math/bits"
+)
+
+var order = [paramB]byte{
+ 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,
+ 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10,
+}
+
+// isLessThan returns true if 0 <= x < y, and assumes that slices have the same length.
+func isLessThan(x, y []byte) bool {
+ i := len(x) - 1
+ for i > 0 && x[i] == y[i] {
+ i--
+ }
+ return x[i] < y[i]
+}
+
+// reduceModOrder calculates k = k mod order of the curve.
+func reduceModOrder(k []byte, is512Bit bool) {
+ var X [((2 * paramB) * 8) / 64]uint64
+ numWords := len(k) >> 3
+ for i := 0; i < numWords; i++ {
+ X[i] = binary.LittleEndian.Uint64(k[i*8 : (i+1)*8])
+ }
+ red512(&X, is512Bit)
+ for i := 0; i < numWords; i++ {
+ binary.LittleEndian.PutUint64(k[i*8:(i+1)*8], X[i])
+ }
+}
+
+// red512 calculates x = x mod Order of the curve.
+func red512(x *[8]uint64, full bool) {
+ // Implementation of Algs.(14.47)+(14.52) of Handbook of Applied
+ // Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone.
+ const (
+ ell0 = uint64(0x5812631a5cf5d3ed)
+ ell1 = uint64(0x14def9dea2f79cd6)
+ ell160 = uint64(0x812631a5cf5d3ed0)
+ ell161 = uint64(0x4def9dea2f79cd65)
+ ell162 = uint64(0x0000000000000001)
+ )
+
+ var c0, c1, c2, c3 uint64
+ r0, r1, r2, r3, r4 := x[0], x[1], x[2], x[3], uint64(0)
+
+ if full {
+ q0, q1, q2, q3 := x[4], x[5], x[6], x[7]
+
+ for i := 0; i < 3; i++ {
+ h0, s0 := bits.Mul64(q0, ell160)
+ h1, s1 := bits.Mul64(q1, ell160)
+ h2, s2 := bits.Mul64(q2, ell160)
+ h3, s3 := bits.Mul64(q3, ell160)
+
+ s1, c0 = bits.Add64(h0, s1, 0)
+ s2, c1 = bits.Add64(h1, s2, c0)
+ s3, c2 = bits.Add64(h2, s3, c1)
+ s4, _ := bits.Add64(h3, 0, c2)
+
+ h0, l0 := bits.Mul64(q0, ell161)
+ h1, l1 := bits.Mul64(q1, ell161)
+ h2, l2 := bits.Mul64(q2, ell161)
+ h3, l3 := bits.Mul64(q3, ell161)
+
+ l1, c0 = bits.Add64(h0, l1, 0)
+ l2, c1 = bits.Add64(h1, l2, c0)
+ l3, c2 = bits.Add64(h2, l3, c1)
+ l4, _ := bits.Add64(h3, 0, c2)
+
+ s1, c0 = bits.Add64(s1, l0, 0)
+ s2, c1 = bits.Add64(s2, l1, c0)
+ s3, c2 = bits.Add64(s3, l2, c1)
+ s4, c3 = bits.Add64(s4, l3, c2)
+ s5, s6 := bits.Add64(l4, 0, c3)
+
+ s2, c0 = bits.Add64(s2, q0, 0)
+ s3, c1 = bits.Add64(s3, q1, c0)
+ s4, c2 = bits.Add64(s4, q2, c1)
+ s5, c3 = bits.Add64(s5, q3, c2)
+ s6, s7 := bits.Add64(s6, 0, c3)
+
+ q := q0 | q1 | q2 | q3
+ m := -((q | -q) >> 63) // if q=0 then m=0...0 else m=1..1
+ s0 &= m
+ s1 &= m
+ s2 &= m
+ s3 &= m
+ q0, q1, q2, q3 = s4, s5, s6, s7
+
+ if (i+1)%2 == 0 {
+ r0, c0 = bits.Add64(r0, s0, 0)
+ r1, c1 = bits.Add64(r1, s1, c0)
+ r2, c2 = bits.Add64(r2, s2, c1)
+ r3, c3 = bits.Add64(r3, s3, c2)
+ r4, _ = bits.Add64(r4, 0, c3)
+ } else {
+ r0, c0 = bits.Sub64(r0, s0, 0)
+ r1, c1 = bits.Sub64(r1, s1, c0)
+ r2, c2 = bits.Sub64(r2, s2, c1)
+ r3, c3 = bits.Sub64(r3, s3, c2)
+ r4, _ = bits.Sub64(r4, 0, c3)
+ }
+ }
+
+ m := -(r4 >> 63)
+ r0, c0 = bits.Add64(r0, m&ell160, 0)
+ r1, c1 = bits.Add64(r1, m&ell161, c0)
+ r2, c2 = bits.Add64(r2, m&ell162, c1)
+ r3, c3 = bits.Add64(r3, 0, c2)
+ r4, _ = bits.Add64(r4, m&1, c3)
+ x[4], x[5], x[6], x[7] = 0, 0, 0, 0
+ }
+
+ q0 := (r4 << 4) | (r3 >> 60)
+ r3 &= (uint64(1) << 60) - 1
+
+ h0, s0 := bits.Mul64(ell0, q0)
+ h1, s1 := bits.Mul64(ell1, q0)
+ s1, c0 = bits.Add64(h0, s1, 0)
+ s2, _ := bits.Add64(h1, 0, c0)
+
+ r0, c0 = bits.Sub64(r0, s0, 0)
+ r1, c1 = bits.Sub64(r1, s1, c0)
+ r2, c2 = bits.Sub64(r2, s2, c1)
+ r3, _ = bits.Sub64(r3, 0, c2)
+
+ x[0], x[1], x[2], x[3] = r0, r1, r2, r3
+}
+
+// calculateS performs s = r+k*a mod Order of the curve.
+func calculateS(s, r, k, a []byte) {
+ K := [4]uint64{
+ binary.LittleEndian.Uint64(k[0*8 : 1*8]),
+ binary.LittleEndian.Uint64(k[1*8 : 2*8]),
+ binary.LittleEndian.Uint64(k[2*8 : 3*8]),
+ binary.LittleEndian.Uint64(k[3*8 : 4*8]),
+ }
+ S := [8]uint64{
+ binary.LittleEndian.Uint64(r[0*8 : 1*8]),
+ binary.LittleEndian.Uint64(r[1*8 : 2*8]),
+ binary.LittleEndian.Uint64(r[2*8 : 3*8]),
+ binary.LittleEndian.Uint64(r[3*8 : 4*8]),
+ }
+ var c3 uint64
+ for i := range K {
+ ai := binary.LittleEndian.Uint64(a[i*8 : (i+1)*8])
+
+ h0, l0 := bits.Mul64(K[0], ai)
+ h1, l1 := bits.Mul64(K[1], ai)
+ h2, l2 := bits.Mul64(K[2], ai)
+ h3, l3 := bits.Mul64(K[3], ai)
+
+ l1, c0 := bits.Add64(h0, l1, 0)
+ l2, c1 := bits.Add64(h1, l2, c0)
+ l3, c2 := bits.Add64(h2, l3, c1)
+ l4, _ := bits.Add64(h3, 0, c2)
+
+ S[i+0], c0 = bits.Add64(S[i+0], l0, 0)
+ S[i+1], c1 = bits.Add64(S[i+1], l1, c0)
+ S[i+2], c2 = bits.Add64(S[i+2], l2, c1)
+ S[i+3], c3 = bits.Add64(S[i+3], l3, c2)
+ S[i+4], _ = bits.Add64(S[i+4], l4, c3)
+ }
+ red512(&S, true)
+ binary.LittleEndian.PutUint64(s[0*8:1*8], S[0])
+ binary.LittleEndian.PutUint64(s[1*8:2*8], S[1])
+ binary.LittleEndian.PutUint64(s[2*8:3*8], S[2])
+ binary.LittleEndian.PutUint64(s[3*8:4*8], S[3])
+}
diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/mult.go b/vendor/github.com/cloudflare/circl/sign/ed25519/mult.go
new file mode 100644
index 0000000000000000000000000000000000000000..3216aae303ca8e032111cce6bb4062151a4b13c0
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/sign/ed25519/mult.go
@@ -0,0 +1,180 @@
+package ed25519
+
+import (
+ "crypto/subtle"
+ "encoding/binary"
+ "math/bits"
+
+ "github.com/cloudflare/circl/internal/conv"
+ "github.com/cloudflare/circl/math"
+ fp "github.com/cloudflare/circl/math/fp25519"
+)
+
+var paramD = fp.Elt{
+ 0xa3, 0x78, 0x59, 0x13, 0xca, 0x4d, 0xeb, 0x75,
+ 0xab, 0xd8, 0x41, 0x41, 0x4d, 0x0a, 0x70, 0x00,
+ 0x98, 0xe8, 0x79, 0x77, 0x79, 0x40, 0xc7, 0x8c,
+ 0x73, 0xfe, 0x6f, 0x2b, 0xee, 0x6c, 0x03, 0x52,
+}
+
+// mLSBRecoding parameters.
+const (
+ fxT = 257
+ fxV = 2
+ fxW = 3
+ fx2w1 = 1 << (uint(fxW) - 1)
+ numWords64 = (paramB * 8 / 64)
+)
+
+// mLSBRecoding is the odd-only modified LSB-set.
+//
+// Reference:
+//
+// "Efficient and secure algorithms for GLV-based scalar multiplication and
+// their implementation on GLV–GLS curves" by (Faz-Hernandez et al.)
+// http://doi.org/10.1007/s13389-014-0085-7.
+func mLSBRecoding(L []int8, k []byte) {
+ const ee = (fxT + fxW*fxV - 1) / (fxW * fxV)
+ const dd = ee * fxV
+ const ll = dd * fxW
+ if len(L) == (ll + 1) {
+ var m [numWords64 + 1]uint64
+ for i := 0; i < numWords64; i++ {
+ m[i] = binary.LittleEndian.Uint64(k[8*i : 8*i+8])
+ }
+ condAddOrderN(&m)
+ L[dd-1] = 1
+ for i := 0; i < dd-1; i++ {
+ kip1 := (m[(i+1)/64] >> (uint(i+1) % 64)) & 0x1
+ L[i] = int8(kip1<<1) - 1
+ }
+ { // right-shift by d
+ right := uint(dd % 64)
+ left := uint(64) - right
+ lim := ((numWords64+1)*64 - dd) / 64
+ j := dd / 64
+ for i := 0; i < lim; i++ {
+ m[i] = (m[i+j] >> right) | (m[i+j+1] << left)
+ }
+ m[lim] = m[lim+j] >> right
+ }
+ for i := dd; i < ll; i++ {
+ L[i] = L[i%dd] * int8(m[0]&0x1)
+ div2subY(m[:], int64(L[i]>>1), numWords64)
+ }
+ L[ll] = int8(m[0])
+ }
+}
+
+// absolute returns always a positive value.
+func absolute(x int32) int32 {
+ mask := x >> 31
+ return (x + mask) ^ mask
+}
+
+// condAddOrderN updates x = x+order if x is even, otherwise x remains unchanged.
+func condAddOrderN(x *[numWords64 + 1]uint64) {
+ isOdd := (x[0] & 0x1) - 1
+ c := uint64(0)
+ for i := 0; i < numWords64; i++ {
+ orderWord := binary.LittleEndian.Uint64(order[8*i : 8*i+8])
+ o := isOdd & orderWord
+ x0, c0 := bits.Add64(x[i], o, c)
+ x[i] = x0
+ c = c0
+ }
+ x[numWords64], _ = bits.Add64(x[numWords64], 0, c)
+}
+
+// div2subY update x = (x/2) - y.
+func div2subY(x []uint64, y int64, l int) {
+ s := uint64(y >> 63)
+ for i := 0; i < l-1; i++ {
+ x[i] = (x[i] >> 1) | (x[i+1] << 63)
+ }
+ x[l-1] = (x[l-1] >> 1)
+
+ b := uint64(0)
+ x0, b0 := bits.Sub64(x[0], uint64(y), b)
+ x[0] = x0
+ b = b0
+ for i := 1; i < l-1; i++ {
+ x0, b0 := bits.Sub64(x[i], s, b)
+ x[i] = x0
+ b = b0
+ }
+ x[l-1], _ = bits.Sub64(x[l-1], s, b)
+}
+
+func (P *pointR1) fixedMult(scalar []byte) {
+ if len(scalar) != paramB {
+ panic("wrong scalar size")
+ }
+ const ee = (fxT + fxW*fxV - 1) / (fxW * fxV)
+ const dd = ee * fxV
+ const ll = dd * fxW
+
+ L := make([]int8, ll+1)
+ mLSBRecoding(L[:], scalar)
+ S := &pointR3{}
+ P.SetIdentity()
+ for ii := ee - 1; ii >= 0; ii-- {
+ P.double()
+ for j := 0; j < fxV; j++ {
+ dig := L[fxW*dd-j*ee+ii-ee]
+ for i := (fxW-1)*dd - j*ee + ii - ee; i >= (2*dd - j*ee + ii - ee); i = i - dd {
+ dig = 2*dig + L[i]
+ }
+ idx := absolute(int32(dig))
+ sig := L[dd-j*ee+ii-ee]
+ Tabj := &tabSign[fxV-j-1]
+ for k := 0; k < fx2w1; k++ {
+ S.cmov(&Tabj[k], subtle.ConstantTimeEq(int32(k), idx))
+ }
+ S.cneg(subtle.ConstantTimeEq(int32(sig), -1))
+ P.mixAdd(S)
+ }
+ }
+}
+
+const (
+ omegaFix = 7
+ omegaVar = 5
+)
+
+// doubleMult returns P=mG+nQ.
+func (P *pointR1) doubleMult(Q *pointR1, m, n []byte) {
+ nafFix := math.OmegaNAF(conv.BytesLe2BigInt(m), omegaFix)
+ nafVar := math.OmegaNAF(conv.BytesLe2BigInt(n), omegaVar)
+
+ if len(nafFix) > len(nafVar) {
+ nafVar = append(nafVar, make([]int32, len(nafFix)-len(nafVar))...)
+ } else if len(nafFix) < len(nafVar) {
+ nafFix = append(nafFix, make([]int32, len(nafVar)-len(nafFix))...)
+ }
+
+ var TabQ [1 << (omegaVar - 2)]pointR2
+ Q.oddMultiples(TabQ[:])
+ P.SetIdentity()
+ for i := len(nafFix) - 1; i >= 0; i-- {
+ P.double()
+ // Generator point
+ if nafFix[i] != 0 {
+ idxM := absolute(nafFix[i]) >> 1
+ R := tabVerif[idxM]
+ if nafFix[i] < 0 {
+ R.neg()
+ }
+ P.mixAdd(&R)
+ }
+ // Variable input point
+ if nafVar[i] != 0 {
+ idxN := absolute(nafVar[i]) >> 1
+ S := TabQ[idxN]
+ if nafVar[i] < 0 {
+ S.neg()
+ }
+ P.add(&S)
+ }
+ }
+}
diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/point.go b/vendor/github.com/cloudflare/circl/sign/ed25519/point.go
new file mode 100644
index 0000000000000000000000000000000000000000..374a69503c34baf05a3585699cb5ac05070ed838
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/sign/ed25519/point.go
@@ -0,0 +1,195 @@
+package ed25519
+
+import fp "github.com/cloudflare/circl/math/fp25519"
+
+type (
+ pointR1 struct{ x, y, z, ta, tb fp.Elt }
+ pointR2 struct {
+ pointR3
+ z2 fp.Elt
+ }
+)
+type pointR3 struct{ addYX, subYX, dt2 fp.Elt }
+
+func (P *pointR1) neg() {
+ fp.Neg(&P.x, &P.x)
+ fp.Neg(&P.ta, &P.ta)
+}
+
+func (P *pointR1) SetIdentity() {
+ P.x = fp.Elt{}
+ fp.SetOne(&P.y)
+ fp.SetOne(&P.z)
+ P.ta = fp.Elt{}
+ P.tb = fp.Elt{}
+}
+
+func (P *pointR1) toAffine() {
+ fp.Inv(&P.z, &P.z)
+ fp.Mul(&P.x, &P.x, &P.z)
+ fp.Mul(&P.y, &P.y, &P.z)
+ fp.Modp(&P.x)
+ fp.Modp(&P.y)
+ fp.SetOne(&P.z)
+ P.ta = P.x
+ P.tb = P.y
+}
+
+func (P *pointR1) ToBytes(k []byte) error {
+ P.toAffine()
+ var x [fp.Size]byte
+ err := fp.ToBytes(k[:fp.Size], &P.y)
+ if err != nil {
+ return err
+ }
+ err = fp.ToBytes(x[:], &P.x)
+ if err != nil {
+ return err
+ }
+ b := x[0] & 1
+ k[paramB-1] = k[paramB-1] | (b << 7)
+ return nil
+}
+
+func (P *pointR1) FromBytes(k []byte) bool {
+ if len(k) != paramB {
+ panic("wrong size")
+ }
+ signX := k[paramB-1] >> 7
+ copy(P.y[:], k[:fp.Size])
+ P.y[fp.Size-1] &= 0x7F
+ p := fp.P()
+ if !isLessThan(P.y[:], p[:]) {
+ return false
+ }
+
+ one, u, v := &fp.Elt{}, &fp.Elt{}, &fp.Elt{}
+ fp.SetOne(one)
+ fp.Sqr(u, &P.y) // u = y^2
+ fp.Mul(v, u, ¶mD) // v = dy^2
+ fp.Sub(u, u, one) // u = y^2-1
+ fp.Add(v, v, one) // v = dy^2+1
+ isQR := fp.InvSqrt(&P.x, u, v) // x = sqrt(u/v)
+ if !isQR {
+ return false
+ }
+ fp.Modp(&P.x) // x = x mod p
+ if fp.IsZero(&P.x) && signX == 1 {
+ return false
+ }
+ if signX != (P.x[0] & 1) {
+ fp.Neg(&P.x, &P.x)
+ }
+ P.ta = P.x
+ P.tb = P.y
+ fp.SetOne(&P.z)
+ return true
+}
+
+// double calculates 2P for curves with A=-1.
+func (P *pointR1) double() {
+ Px, Py, Pz, Pta, Ptb := &P.x, &P.y, &P.z, &P.ta, &P.tb
+ a, b, c, e, f, g, h := Px, Py, Pz, Pta, Px, Py, Ptb
+ fp.Add(e, Px, Py) // x+y
+ fp.Sqr(a, Px) // A = x^2
+ fp.Sqr(b, Py) // B = y^2
+ fp.Sqr(c, Pz) // z^2
+ fp.Add(c, c, c) // C = 2*z^2
+ fp.Add(h, a, b) // H = A+B
+ fp.Sqr(e, e) // (x+y)^2
+ fp.Sub(e, e, h) // E = (x+y)^2-A-B
+ fp.Sub(g, b, a) // G = B-A
+ fp.Sub(f, c, g) // F = C-G
+ fp.Mul(Pz, f, g) // Z = F * G
+ fp.Mul(Px, e, f) // X = E * F
+ fp.Mul(Py, g, h) // Y = G * H, T = E * H
+}
+
+func (P *pointR1) mixAdd(Q *pointR3) {
+ fp.Add(&P.z, &P.z, &P.z) // D = 2*z1
+ P.coreAddition(Q)
+}
+
+func (P *pointR1) add(Q *pointR2) {
+ fp.Mul(&P.z, &P.z, &Q.z2) // D = 2*z1*z2
+ P.coreAddition(&Q.pointR3)
+}
+
+// coreAddition calculates P=P+Q for curves with A=-1.
+func (P *pointR1) coreAddition(Q *pointR3) {
+ Px, Py, Pz, Pta, Ptb := &P.x, &P.y, &P.z, &P.ta, &P.tb
+ addYX2, subYX2, dt2 := &Q.addYX, &Q.subYX, &Q.dt2
+ a, b, c, d, e, f, g, h := Px, Py, &fp.Elt{}, Pz, Pta, Px, Py, Ptb
+ fp.Mul(c, Pta, Ptb) // t1 = ta*tb
+ fp.Sub(h, Py, Px) // y1-x1
+ fp.Add(b, Py, Px) // y1+x1
+ fp.Mul(a, h, subYX2) // A = (y1-x1)*(y2-x2)
+ fp.Mul(b, b, addYX2) // B = (y1+x1)*(y2+x2)
+ fp.Mul(c, c, dt2) // C = 2*D*t1*t2
+ fp.Sub(e, b, a) // E = B-A
+ fp.Add(h, b, a) // H = B+A
+ fp.Sub(f, d, c) // F = D-C
+ fp.Add(g, d, c) // G = D+C
+ fp.Mul(Pz, f, g) // Z = F * G
+ fp.Mul(Px, e, f) // X = E * F
+ fp.Mul(Py, g, h) // Y = G * H, T = E * H
+}
+
+func (P *pointR1) oddMultiples(T []pointR2) {
+ var R pointR2
+ n := len(T)
+ T[0].fromR1(P)
+ _2P := *P
+ _2P.double()
+ R.fromR1(&_2P)
+ for i := 1; i < n; i++ {
+ P.add(&R)
+ T[i].fromR1(P)
+ }
+}
+
+func (P *pointR1) isEqual(Q *pointR1) bool {
+ l, r := &fp.Elt{}, &fp.Elt{}
+ fp.Mul(l, &P.x, &Q.z)
+ fp.Mul(r, &Q.x, &P.z)
+ fp.Sub(l, l, r)
+ b := fp.IsZero(l)
+ fp.Mul(l, &P.y, &Q.z)
+ fp.Mul(r, &Q.y, &P.z)
+ fp.Sub(l, l, r)
+ b = b && fp.IsZero(l)
+ fp.Mul(l, &P.ta, &P.tb)
+ fp.Mul(l, l, &Q.z)
+ fp.Mul(r, &Q.ta, &Q.tb)
+ fp.Mul(r, r, &P.z)
+ fp.Sub(l, l, r)
+ b = b && fp.IsZero(l)
+ return b
+}
+
+func (P *pointR3) neg() {
+ P.addYX, P.subYX = P.subYX, P.addYX
+ fp.Neg(&P.dt2, &P.dt2)
+}
+
+func (P *pointR2) fromR1(Q *pointR1) {
+ fp.Add(&P.addYX, &Q.y, &Q.x)
+ fp.Sub(&P.subYX, &Q.y, &Q.x)
+ fp.Mul(&P.dt2, &Q.ta, &Q.tb)
+ fp.Mul(&P.dt2, &P.dt2, ¶mD)
+ fp.Add(&P.dt2, &P.dt2, &P.dt2)
+ fp.Add(&P.z2, &Q.z, &Q.z)
+}
+
+func (P *pointR3) cneg(b int) {
+ t := &fp.Elt{}
+ fp.Cswap(&P.addYX, &P.subYX, uint(b))
+ fp.Neg(t, &P.dt2)
+ fp.Cmov(&P.dt2, t, uint(b))
+}
+
+func (P *pointR3) cmov(Q *pointR3, b int) {
+ fp.Cmov(&P.addYX, &Q.addYX, uint(b))
+ fp.Cmov(&P.subYX, &Q.subYX, uint(b))
+ fp.Cmov(&P.dt2, &Q.dt2, uint(b))
+}
diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/pubkey.go b/vendor/github.com/cloudflare/circl/sign/ed25519/pubkey.go
new file mode 100644
index 0000000000000000000000000000000000000000..c3505b67acec8cef37d6e3196c8261f80be65587
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/sign/ed25519/pubkey.go
@@ -0,0 +1,9 @@
+//go:build go1.13
+// +build go1.13
+
+package ed25519
+
+import cryptoEd25519 "crypto/ed25519"
+
+// PublicKey is the type of Ed25519 public keys.
+type PublicKey cryptoEd25519.PublicKey
diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/pubkey112.go b/vendor/github.com/cloudflare/circl/sign/ed25519/pubkey112.go
new file mode 100644
index 0000000000000000000000000000000000000000..d57d86eff08ebdb068da34a87bb3c4c5228c1859
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/sign/ed25519/pubkey112.go
@@ -0,0 +1,7 @@
+//go:build !go1.13
+// +build !go1.13
+
+package ed25519
+
+// PublicKey is the type of Ed25519 public keys.
+type PublicKey []byte
diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/signapi.go b/vendor/github.com/cloudflare/circl/sign/ed25519/signapi.go
new file mode 100644
index 0000000000000000000000000000000000000000..e4520f5203494c39c9994876c93e9cc731bdd52d
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/sign/ed25519/signapi.go
@@ -0,0 +1,87 @@
+package ed25519
+
+import (
+ "crypto/rand"
+ "encoding/asn1"
+
+ "github.com/cloudflare/circl/sign"
+)
+
+var sch sign.Scheme = &scheme{}
+
+// Scheme returns a signature interface.
+func Scheme() sign.Scheme { return sch }
+
+type scheme struct{}
+
+func (*scheme) Name() string { return "Ed25519" }
+func (*scheme) PublicKeySize() int { return PublicKeySize }
+func (*scheme) PrivateKeySize() int { return PrivateKeySize }
+func (*scheme) SignatureSize() int { return SignatureSize }
+func (*scheme) SeedSize() int { return SeedSize }
+func (*scheme) TLSIdentifier() uint { return 0x0807 }
+func (*scheme) SupportsContext() bool { return false }
+func (*scheme) Oid() asn1.ObjectIdentifier {
+ return asn1.ObjectIdentifier{1, 3, 101, 112}
+}
+
+func (*scheme) GenerateKey() (sign.PublicKey, sign.PrivateKey, error) {
+ return GenerateKey(rand.Reader)
+}
+
+func (*scheme) Sign(
+ sk sign.PrivateKey,
+ message []byte,
+ opts *sign.SignatureOpts,
+) []byte {
+ priv, ok := sk.(PrivateKey)
+ if !ok {
+ panic(sign.ErrTypeMismatch)
+ }
+ if opts != nil && opts.Context != "" {
+ panic(sign.ErrContextNotSupported)
+ }
+ return Sign(priv, message)
+}
+
+func (*scheme) Verify(
+ pk sign.PublicKey,
+ message, signature []byte,
+ opts *sign.SignatureOpts,
+) bool {
+ pub, ok := pk.(PublicKey)
+ if !ok {
+ panic(sign.ErrTypeMismatch)
+ }
+ if opts != nil {
+ if opts.Context != "" {
+ panic(sign.ErrContextNotSupported)
+ }
+ }
+ return Verify(pub, message, signature)
+}
+
+func (*scheme) DeriveKey(seed []byte) (sign.PublicKey, sign.PrivateKey) {
+ privateKey := NewKeyFromSeed(seed)
+ publicKey := make(PublicKey, PublicKeySize)
+ copy(publicKey, privateKey[SeedSize:])
+ return publicKey, privateKey
+}
+
+func (*scheme) UnmarshalBinaryPublicKey(buf []byte) (sign.PublicKey, error) {
+ if len(buf) < PublicKeySize {
+ return nil, sign.ErrPubKeySize
+ }
+ pub := make(PublicKey, PublicKeySize)
+ copy(pub, buf[:PublicKeySize])
+ return pub, nil
+}
+
+func (*scheme) UnmarshalBinaryPrivateKey(buf []byte) (sign.PrivateKey, error) {
+ if len(buf) < PrivateKeySize {
+ return nil, sign.ErrPrivKeySize
+ }
+ priv := make(PrivateKey, PrivateKeySize)
+ copy(priv, buf[:PrivateKeySize])
+ return priv, nil
+}
diff --git a/vendor/github.com/cloudflare/circl/sign/ed25519/tables.go b/vendor/github.com/cloudflare/circl/sign/ed25519/tables.go
new file mode 100644
index 0000000000000000000000000000000000000000..8763b426fc02640328be1feb5defb4cbbcf583f5
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/sign/ed25519/tables.go
@@ -0,0 +1,213 @@
+package ed25519
+
+import fp "github.com/cloudflare/circl/math/fp25519"
+
+var tabSign = [fxV][fx2w1]pointR3{
+ {
+ pointR3{
+ addYX: fp.Elt{0x85, 0x3b, 0x8c, 0xf5, 0xc6, 0x93, 0xbc, 0x2f, 0x19, 0x0e, 0x8c, 0xfb, 0xc6, 0x2d, 0x93, 0xcf, 0xc2, 0x42, 0x3d, 0x64, 0x98, 0x48, 0x0b, 0x27, 0x65, 0xba, 0xd4, 0x33, 0x3a, 0x9d, 0xcf, 0x07},
+ subYX: fp.Elt{0x3e, 0x91, 0x40, 0xd7, 0x05, 0x39, 0x10, 0x9d, 0xb3, 0xbe, 0x40, 0xd1, 0x05, 0x9f, 0x39, 0xfd, 0x09, 0x8a, 0x8f, 0x68, 0x34, 0x84, 0xc1, 0xa5, 0x67, 0x12, 0xf8, 0x98, 0x92, 0x2f, 0xfd, 0x44},
+ dt2: fp.Elt{0x68, 0xaa, 0x7a, 0x87, 0x05, 0x12, 0xc9, 0xab, 0x9e, 0xc4, 0xaa, 0xcc, 0x23, 0xe8, 0xd9, 0x26, 0x8c, 0x59, 0x43, 0xdd, 0xcb, 0x7d, 0x1b, 0x5a, 0xa8, 0x65, 0x0c, 0x9f, 0x68, 0x7b, 0x11, 0x6f},
+ },
+ {
+ addYX: fp.Elt{0x7c, 0xb0, 0x9e, 0xe6, 0xc5, 0xbf, 0xfa, 0x13, 0x8e, 0x0d, 0x22, 0xde, 0xc8, 0xd1, 0xce, 0x52, 0x02, 0xd5, 0x62, 0x31, 0x71, 0x0e, 0x8e, 0x9d, 0xb0, 0xd6, 0x00, 0xa5, 0x5a, 0x0e, 0xce, 0x72},
+ subYX: fp.Elt{0x1a, 0x8e, 0x5c, 0xdc, 0xa4, 0xb3, 0x6c, 0x51, 0x18, 0xa0, 0x09, 0x80, 0x9a, 0x46, 0x33, 0xd5, 0xe0, 0x3c, 0x4d, 0x3b, 0xfc, 0x49, 0xa2, 0x43, 0x29, 0xe1, 0x29, 0xa9, 0x93, 0xea, 0x7c, 0x35},
+ dt2: fp.Elt{0x08, 0x46, 0x6f, 0x68, 0x7f, 0x0b, 0x7c, 0x9e, 0xad, 0xba, 0x07, 0x61, 0x74, 0x83, 0x2f, 0xfc, 0x26, 0xd6, 0x09, 0xb9, 0x00, 0x34, 0x36, 0x4f, 0x01, 0xf3, 0x48, 0xdb, 0x43, 0xba, 0x04, 0x44},
+ },
+ {
+ addYX: fp.Elt{0x4c, 0xda, 0x0d, 0x13, 0x66, 0xfd, 0x82, 0x84, 0x9f, 0x75, 0x5b, 0xa2, 0x17, 0xfe, 0x34, 0xbf, 0x1f, 0xcb, 0xba, 0x90, 0x55, 0x80, 0x83, 0xfd, 0x63, 0xb9, 0x18, 0xf8, 0x5b, 0x5d, 0x94, 0x1e},
+ subYX: fp.Elt{0xb9, 0xdb, 0x6c, 0x04, 0x88, 0x22, 0xd8, 0x79, 0x83, 0x2f, 0x8d, 0x65, 0x6b, 0xd2, 0xab, 0x1b, 0xdd, 0x65, 0xe5, 0x93, 0x63, 0xf8, 0xa2, 0xd8, 0x3c, 0xf1, 0x4b, 0xc5, 0x99, 0xd1, 0xf2, 0x12},
+ dt2: fp.Elt{0x05, 0x4c, 0xb8, 0x3b, 0xfe, 0xf5, 0x9f, 0x2e, 0xd1, 0xb2, 0xb8, 0xff, 0xfe, 0x6d, 0xd9, 0x37, 0xe0, 0xae, 0xb4, 0x5a, 0x51, 0x80, 0x7e, 0x9b, 0x1d, 0xd1, 0x8d, 0x8c, 0x56, 0xb1, 0x84, 0x35},
+ },
+ {
+ addYX: fp.Elt{0x39, 0x71, 0x43, 0x34, 0xe3, 0x42, 0x45, 0xa1, 0xf2, 0x68, 0x71, 0xa7, 0xe8, 0x23, 0xfd, 0x9f, 0x86, 0x48, 0xff, 0xe5, 0x96, 0x74, 0xcf, 0x05, 0x49, 0xe2, 0xb3, 0x6c, 0x17, 0x77, 0x2f, 0x6d},
+ subYX: fp.Elt{0x73, 0x3f, 0xc1, 0xc7, 0x6a, 0x66, 0xa1, 0x20, 0xdd, 0x11, 0xfb, 0x7a, 0x6e, 0xa8, 0x51, 0xb8, 0x3f, 0x9d, 0xa2, 0x97, 0x84, 0xb5, 0xc7, 0x90, 0x7c, 0xab, 0x48, 0xd6, 0x84, 0xa3, 0xd5, 0x1a},
+ dt2: fp.Elt{0x63, 0x27, 0x3c, 0x49, 0x4b, 0xfc, 0x22, 0xf2, 0x0b, 0x50, 0xc2, 0x0f, 0xb4, 0x1f, 0x31, 0x0c, 0x2f, 0x53, 0xab, 0xaa, 0x75, 0x6f, 0xe0, 0x69, 0x39, 0x56, 0xe0, 0x3b, 0xb7, 0xa8, 0xbf, 0x45},
+ },
+ },
+ {
+ {
+ addYX: fp.Elt{0x00, 0x45, 0xd9, 0x0d, 0x58, 0x03, 0xfc, 0x29, 0x93, 0xec, 0xbb, 0x6f, 0xa4, 0x7a, 0xd2, 0xec, 0xf8, 0xa7, 0xe2, 0xc2, 0x5f, 0x15, 0x0a, 0x13, 0xd5, 0xa1, 0x06, 0xb7, 0x1a, 0x15, 0x6b, 0x41},
+ subYX: fp.Elt{0x85, 0x8c, 0xb2, 0x17, 0xd6, 0x3b, 0x0a, 0xd3, 0xea, 0x3b, 0x77, 0x39, 0xb7, 0x77, 0xd3, 0xc5, 0xbf, 0x5c, 0x6a, 0x1e, 0x8c, 0xe7, 0xc6, 0xc6, 0xc4, 0xb7, 0x2a, 0x8b, 0xf7, 0xb8, 0x61, 0x0d},
+ dt2: fp.Elt{0xb0, 0x36, 0xc1, 0xe9, 0xef, 0xd7, 0xa8, 0x56, 0x20, 0x4b, 0xe4, 0x58, 0xcd, 0xe5, 0x07, 0xbd, 0xab, 0xe0, 0x57, 0x1b, 0xda, 0x2f, 0xe6, 0xaf, 0xd2, 0xe8, 0x77, 0x42, 0xf7, 0x2a, 0x1a, 0x19},
+ },
+ {
+ addYX: fp.Elt{0x6a, 0x6d, 0x6d, 0xd1, 0xfa, 0xf5, 0x03, 0x30, 0xbd, 0x6d, 0xc2, 0xc8, 0xf5, 0x38, 0x80, 0x4f, 0xb2, 0xbe, 0xa1, 0x76, 0x50, 0x1a, 0x73, 0xf2, 0x78, 0x2b, 0x8e, 0x3a, 0x1e, 0x34, 0x47, 0x7b},
+ subYX: fp.Elt{0xc3, 0x2c, 0x36, 0xdc, 0xc5, 0x45, 0xbc, 0xef, 0x1b, 0x64, 0xd6, 0x65, 0x28, 0xe9, 0xda, 0x84, 0x13, 0xbe, 0x27, 0x8e, 0x3f, 0x98, 0x2a, 0x37, 0xee, 0x78, 0x97, 0xd6, 0xc0, 0x6f, 0xb4, 0x53},
+ dt2: fp.Elt{0x58, 0x5d, 0xa7, 0xa3, 0x68, 0xbb, 0x20, 0x30, 0x2e, 0x03, 0xe9, 0xb1, 0xd4, 0x90, 0x72, 0xe3, 0x71, 0xb2, 0x36, 0x3e, 0x73, 0xa0, 0x2e, 0x3d, 0xd1, 0x85, 0x33, 0x62, 0x4e, 0xa7, 0x7b, 0x31},
+ },
+ {
+ addYX: fp.Elt{0xbf, 0xc4, 0x38, 0x53, 0xfb, 0x68, 0xa9, 0x77, 0xce, 0x55, 0xf9, 0x05, 0xcb, 0xeb, 0xfb, 0x8c, 0x46, 0xc2, 0x32, 0x7c, 0xf0, 0xdb, 0xd7, 0x2c, 0x62, 0x8e, 0xdd, 0x54, 0x75, 0xcf, 0x3f, 0x33},
+ subYX: fp.Elt{0x49, 0x50, 0x1f, 0x4e, 0x6e, 0x55, 0x55, 0xde, 0x8c, 0x4e, 0x77, 0x96, 0x38, 0x3b, 0xfe, 0xb6, 0x43, 0x3c, 0x86, 0x69, 0xc2, 0x72, 0x66, 0x1f, 0x6b, 0xf9, 0x87, 0xbc, 0x4f, 0x37, 0x3e, 0x3c},
+ dt2: fp.Elt{0xd2, 0x2f, 0x06, 0x6b, 0x08, 0x07, 0x69, 0x77, 0xc0, 0x94, 0xcc, 0xae, 0x43, 0x00, 0x59, 0x6e, 0xa3, 0x63, 0xa8, 0xdd, 0xfa, 0x24, 0x18, 0xd0, 0x35, 0xc7, 0x78, 0xf7, 0x0d, 0xd4, 0x5a, 0x1e},
+ },
+ {
+ addYX: fp.Elt{0x45, 0xc1, 0x17, 0x51, 0xf8, 0xed, 0x7e, 0xc7, 0xa9, 0x1a, 0x11, 0x6e, 0x2d, 0xef, 0x0b, 0xd5, 0x3f, 0x98, 0xb0, 0xa3, 0x9d, 0x65, 0xf1, 0xcd, 0x53, 0x4a, 0x8a, 0x18, 0x70, 0x0a, 0x7f, 0x23},
+ subYX: fp.Elt{0xdd, 0xef, 0xbe, 0x3a, 0x31, 0xe0, 0xbc, 0xbe, 0x6d, 0x5d, 0x79, 0x87, 0xd6, 0xbe, 0x68, 0xe3, 0x59, 0x76, 0x8c, 0x86, 0x0e, 0x7a, 0x92, 0x13, 0x14, 0x8f, 0x67, 0xb3, 0xcb, 0x1a, 0x76, 0x76},
+ dt2: fp.Elt{0x56, 0x7a, 0x1c, 0x9d, 0xca, 0x96, 0xf9, 0xf9, 0x03, 0x21, 0xd4, 0xe8, 0xb3, 0xd5, 0xe9, 0x52, 0xc8, 0x54, 0x1e, 0x1b, 0x13, 0xb6, 0xfd, 0x47, 0x7d, 0x02, 0x32, 0x33, 0x27, 0xe2, 0x1f, 0x19},
+ },
+ },
+}
+
+var tabVerif = [1 << (omegaFix - 2)]pointR3{
+ { /* 1P */
+ addYX: fp.Elt{0x85, 0x3b, 0x8c, 0xf5, 0xc6, 0x93, 0xbc, 0x2f, 0x19, 0x0e, 0x8c, 0xfb, 0xc6, 0x2d, 0x93, 0xcf, 0xc2, 0x42, 0x3d, 0x64, 0x98, 0x48, 0x0b, 0x27, 0x65, 0xba, 0xd4, 0x33, 0x3a, 0x9d, 0xcf, 0x07},
+ subYX: fp.Elt{0x3e, 0x91, 0x40, 0xd7, 0x05, 0x39, 0x10, 0x9d, 0xb3, 0xbe, 0x40, 0xd1, 0x05, 0x9f, 0x39, 0xfd, 0x09, 0x8a, 0x8f, 0x68, 0x34, 0x84, 0xc1, 0xa5, 0x67, 0x12, 0xf8, 0x98, 0x92, 0x2f, 0xfd, 0x44},
+ dt2: fp.Elt{0x68, 0xaa, 0x7a, 0x87, 0x05, 0x12, 0xc9, 0xab, 0x9e, 0xc4, 0xaa, 0xcc, 0x23, 0xe8, 0xd9, 0x26, 0x8c, 0x59, 0x43, 0xdd, 0xcb, 0x7d, 0x1b, 0x5a, 0xa8, 0x65, 0x0c, 0x9f, 0x68, 0x7b, 0x11, 0x6f},
+ },
+ { /* 3P */
+ addYX: fp.Elt{0x30, 0x97, 0xee, 0x4c, 0xa8, 0xb0, 0x25, 0xaf, 0x8a, 0x4b, 0x86, 0xe8, 0x30, 0x84, 0x5a, 0x02, 0x32, 0x67, 0x01, 0x9f, 0x02, 0x50, 0x1b, 0xc1, 0xf4, 0xf8, 0x80, 0x9a, 0x1b, 0x4e, 0x16, 0x7a},
+ subYX: fp.Elt{0x65, 0xd2, 0xfc, 0xa4, 0xe8, 0x1f, 0x61, 0x56, 0x7d, 0xba, 0xc1, 0xe5, 0xfd, 0x53, 0xd3, 0x3b, 0xbd, 0xd6, 0x4b, 0x21, 0x1a, 0xf3, 0x31, 0x81, 0x62, 0xda, 0x5b, 0x55, 0x87, 0x15, 0xb9, 0x2a},
+ dt2: fp.Elt{0x89, 0xd8, 0xd0, 0x0d, 0x3f, 0x93, 0xae, 0x14, 0x62, 0xda, 0x35, 0x1c, 0x22, 0x23, 0x94, 0x58, 0x4c, 0xdb, 0xf2, 0x8c, 0x45, 0xe5, 0x70, 0xd1, 0xc6, 0xb4, 0xb9, 0x12, 0xaf, 0x26, 0x28, 0x5a},
+ },
+ { /* 5P */
+ addYX: fp.Elt{0x33, 0xbb, 0xa5, 0x08, 0x44, 0xbc, 0x12, 0xa2, 0x02, 0xed, 0x5e, 0xc7, 0xc3, 0x48, 0x50, 0x8d, 0x44, 0xec, 0xbf, 0x5a, 0x0c, 0xeb, 0x1b, 0xdd, 0xeb, 0x06, 0xe2, 0x46, 0xf1, 0xcc, 0x45, 0x29},
+ subYX: fp.Elt{0xba, 0xd6, 0x47, 0xa4, 0xc3, 0x82, 0x91, 0x7f, 0xb7, 0x29, 0x27, 0x4b, 0xd1, 0x14, 0x00, 0xd5, 0x87, 0xa0, 0x64, 0xb8, 0x1c, 0xf1, 0x3c, 0xe3, 0xf3, 0x55, 0x1b, 0xeb, 0x73, 0x7e, 0x4a, 0x15},
+ dt2: fp.Elt{0x85, 0x82, 0x2a, 0x81, 0xf1, 0xdb, 0xbb, 0xbc, 0xfc, 0xd1, 0xbd, 0xd0, 0x07, 0x08, 0x0e, 0x27, 0x2d, 0xa7, 0xbd, 0x1b, 0x0b, 0x67, 0x1b, 0xb4, 0x9a, 0xb6, 0x3b, 0x6b, 0x69, 0xbe, 0xaa, 0x43},
+ },
+ { /* 7P */
+ addYX: fp.Elt{0xbf, 0xa3, 0x4e, 0x94, 0xd0, 0x5c, 0x1a, 0x6b, 0xd2, 0xc0, 0x9d, 0xb3, 0x3a, 0x35, 0x70, 0x74, 0x49, 0x2e, 0x54, 0x28, 0x82, 0x52, 0xb2, 0x71, 0x7e, 0x92, 0x3c, 0x28, 0x69, 0xea, 0x1b, 0x46},
+ subYX: fp.Elt{0xb1, 0x21, 0x32, 0xaa, 0x9a, 0x2c, 0x6f, 0xba, 0xa7, 0x23, 0xba, 0x3b, 0x53, 0x21, 0xa0, 0x6c, 0x3a, 0x2c, 0x19, 0x92, 0x4f, 0x76, 0xea, 0x9d, 0xe0, 0x17, 0x53, 0x2e, 0x5d, 0xdd, 0x6e, 0x1d},
+ dt2: fp.Elt{0xa2, 0xb3, 0xb8, 0x01, 0xc8, 0x6d, 0x83, 0xf1, 0x9a, 0xa4, 0x3e, 0x05, 0x47, 0x5f, 0x03, 0xb3, 0xf3, 0xad, 0x77, 0x58, 0xba, 0x41, 0x9c, 0x52, 0xa7, 0x90, 0x0f, 0x6a, 0x1c, 0xbb, 0x9f, 0x7a},
+ },
+ { /* 9P */
+ addYX: fp.Elt{0x2f, 0x63, 0xa8, 0xa6, 0x8a, 0x67, 0x2e, 0x9b, 0xc5, 0x46, 0xbc, 0x51, 0x6f, 0x9e, 0x50, 0xa6, 0xb5, 0xf5, 0x86, 0xc6, 0xc9, 0x33, 0xb2, 0xce, 0x59, 0x7f, 0xdd, 0x8a, 0x33, 0xed, 0xb9, 0x34},
+ subYX: fp.Elt{0x64, 0x80, 0x9d, 0x03, 0x7e, 0x21, 0x6e, 0xf3, 0x9b, 0x41, 0x20, 0xf5, 0xb6, 0x81, 0xa0, 0x98, 0x44, 0xb0, 0x5e, 0xe7, 0x08, 0xc6, 0xcb, 0x96, 0x8f, 0x9c, 0xdc, 0xfa, 0x51, 0x5a, 0xc0, 0x49},
+ dt2: fp.Elt{0x1b, 0xaf, 0x45, 0x90, 0xbf, 0xe8, 0xb4, 0x06, 0x2f, 0xd2, 0x19, 0xa7, 0xe8, 0x83, 0xff, 0xe2, 0x16, 0xcf, 0xd4, 0x93, 0x29, 0xfc, 0xf6, 0xaa, 0x06, 0x8b, 0x00, 0x1b, 0x02, 0x72, 0xc1, 0x73},
+ },
+ { /* 11P */
+ addYX: fp.Elt{0xde, 0x2a, 0x80, 0x8a, 0x84, 0x00, 0xbf, 0x2f, 0x27, 0x2e, 0x30, 0x02, 0xcf, 0xfe, 0xd9, 0xe5, 0x06, 0x34, 0x70, 0x17, 0x71, 0x84, 0x3e, 0x11, 0xaf, 0x8f, 0x6d, 0x54, 0xe2, 0xaa, 0x75, 0x42},
+ subYX: fp.Elt{0x48, 0x43, 0x86, 0x49, 0x02, 0x5b, 0x5f, 0x31, 0x81, 0x83, 0x08, 0x77, 0x69, 0xb3, 0xd6, 0x3e, 0x95, 0xeb, 0x8d, 0x6a, 0x55, 0x75, 0xa0, 0xa3, 0x7f, 0xc7, 0xd5, 0x29, 0x80, 0x59, 0xab, 0x18},
+ dt2: fp.Elt{0xe9, 0x89, 0x60, 0xfd, 0xc5, 0x2c, 0x2b, 0xd8, 0xa4, 0xe4, 0x82, 0x32, 0xa1, 0xb4, 0x1e, 0x03, 0x22, 0x86, 0x1a, 0xb5, 0x99, 0x11, 0x31, 0x44, 0x48, 0xf9, 0x3d, 0xb5, 0x22, 0x55, 0xc6, 0x3d},
+ },
+ { /* 13P */
+ addYX: fp.Elt{0x6d, 0x7f, 0x00, 0xa2, 0x22, 0xc2, 0x70, 0xbf, 0xdb, 0xde, 0xbc, 0xb5, 0x9a, 0xb3, 0x84, 0xbf, 0x07, 0xba, 0x07, 0xfb, 0x12, 0x0e, 0x7a, 0x53, 0x41, 0xf2, 0x46, 0xc3, 0xee, 0xd7, 0x4f, 0x23},
+ subYX: fp.Elt{0x93, 0xbf, 0x7f, 0x32, 0x3b, 0x01, 0x6f, 0x50, 0x6b, 0x6f, 0x77, 0x9b, 0xc9, 0xeb, 0xfc, 0xae, 0x68, 0x59, 0xad, 0xaa, 0x32, 0xb2, 0x12, 0x9d, 0xa7, 0x24, 0x60, 0x17, 0x2d, 0x88, 0x67, 0x02},
+ dt2: fp.Elt{0x78, 0xa3, 0x2e, 0x73, 0x19, 0xa1, 0x60, 0x53, 0x71, 0xd4, 0x8d, 0xdf, 0xb1, 0xe6, 0x37, 0x24, 0x33, 0xe5, 0xa7, 0x91, 0xf8, 0x37, 0xef, 0xa2, 0x63, 0x78, 0x09, 0xaa, 0xfd, 0xa6, 0x7b, 0x49},
+ },
+ { /* 15P */
+ addYX: fp.Elt{0xa0, 0xea, 0xcf, 0x13, 0x03, 0xcc, 0xce, 0x24, 0x6d, 0x24, 0x9c, 0x18, 0x8d, 0xc2, 0x48, 0x86, 0xd0, 0xd4, 0xf2, 0xc1, 0xfa, 0xbd, 0xbd, 0x2d, 0x2b, 0xe7, 0x2d, 0xf1, 0x17, 0x29, 0xe2, 0x61},
+ subYX: fp.Elt{0x0b, 0xcf, 0x8c, 0x46, 0x86, 0xcd, 0x0b, 0x04, 0xd6, 0x10, 0x99, 0x2a, 0xa4, 0x9b, 0x82, 0xd3, 0x92, 0x51, 0xb2, 0x07, 0x08, 0x30, 0x08, 0x75, 0xbf, 0x5e, 0xd0, 0x18, 0x42, 0xcd, 0xb5, 0x43},
+ dt2: fp.Elt{0x16, 0xb5, 0xd0, 0x9b, 0x2f, 0x76, 0x9a, 0x5d, 0xee, 0xde, 0x3f, 0x37, 0x4e, 0xaf, 0x38, 0xeb, 0x70, 0x42, 0xd6, 0x93, 0x7d, 0x5a, 0x2e, 0x03, 0x42, 0xd8, 0xe4, 0x0a, 0x21, 0x61, 0x1d, 0x51},
+ },
+ { /* 17P */
+ addYX: fp.Elt{0x81, 0x9d, 0x0e, 0x95, 0xef, 0x76, 0xc6, 0x92, 0x4f, 0x04, 0xd7, 0xc0, 0xcd, 0x20, 0x46, 0xa5, 0x48, 0x12, 0x8f, 0x6f, 0x64, 0x36, 0x9b, 0xaa, 0xe3, 0x55, 0xb8, 0xdd, 0x24, 0x59, 0x32, 0x6d},
+ subYX: fp.Elt{0x87, 0xde, 0x20, 0x44, 0x48, 0x86, 0x13, 0x08, 0xb4, 0xed, 0x92, 0xb5, 0x16, 0xf0, 0x1c, 0x8a, 0x25, 0x2d, 0x94, 0x29, 0x27, 0x4e, 0xfa, 0x39, 0x10, 0x28, 0x48, 0xe2, 0x6f, 0xfe, 0xa7, 0x71},
+ dt2: fp.Elt{0x54, 0xc8, 0xc8, 0xa5, 0xb8, 0x82, 0x71, 0x6c, 0x03, 0x2a, 0x5f, 0xfe, 0x79, 0x14, 0xfd, 0x33, 0x0c, 0x8d, 0x77, 0x83, 0x18, 0x59, 0xcf, 0x72, 0xa9, 0xea, 0x9e, 0x55, 0xb6, 0xc4, 0x46, 0x47},
+ },
+ { /* 19P */
+ addYX: fp.Elt{0x2b, 0x9a, 0xc6, 0x6d, 0x3c, 0x7b, 0x77, 0xd3, 0x17, 0xf6, 0x89, 0x6f, 0x27, 0xb2, 0xfa, 0xde, 0xb5, 0x16, 0x3a, 0xb5, 0xf7, 0x1c, 0x65, 0x45, 0xb7, 0x9f, 0xfe, 0x34, 0xde, 0x51, 0x9a, 0x5c},
+ subYX: fp.Elt{0x47, 0x11, 0x74, 0x64, 0xc8, 0x46, 0x85, 0x34, 0x49, 0xc8, 0xfc, 0x0e, 0xdd, 0xae, 0x35, 0x7d, 0x32, 0xa3, 0x72, 0x06, 0x76, 0x9a, 0x93, 0xff, 0xd6, 0xe6, 0xb5, 0x7d, 0x49, 0x63, 0x96, 0x21},
+ dt2: fp.Elt{0x67, 0x0e, 0xf1, 0x79, 0xcf, 0xf1, 0x10, 0xf5, 0x5b, 0x51, 0x58, 0xe6, 0xa1, 0xda, 0xdd, 0xff, 0x77, 0x22, 0x14, 0x10, 0x17, 0xa7, 0xc3, 0x09, 0xbb, 0x23, 0x82, 0x60, 0x3c, 0x50, 0x04, 0x48},
+ },
+ { /* 21P */
+ addYX: fp.Elt{0xc7, 0x7f, 0xa3, 0x2c, 0xd0, 0x9e, 0x24, 0xc4, 0xab, 0xac, 0x15, 0xa6, 0xe3, 0xa0, 0x59, 0xa0, 0x23, 0x0e, 0x6e, 0xc9, 0xd7, 0x6e, 0xa9, 0x88, 0x6d, 0x69, 0x50, 0x16, 0xa5, 0x98, 0x33, 0x55},
+ subYX: fp.Elt{0x75, 0xd1, 0x36, 0x3a, 0xd2, 0x21, 0x68, 0x3b, 0x32, 0x9e, 0x9b, 0xe9, 0xa7, 0x0a, 0xb4, 0xbb, 0x47, 0x8a, 0x83, 0x20, 0xe4, 0x5c, 0x9e, 0x5d, 0x5e, 0x4c, 0xde, 0x58, 0x88, 0x09, 0x1e, 0x77},
+ dt2: fp.Elt{0xdf, 0x1e, 0x45, 0x78, 0xd2, 0xf5, 0x12, 0x9a, 0xcb, 0x9c, 0x89, 0x85, 0x79, 0x5d, 0xda, 0x3a, 0x08, 0x95, 0xa5, 0x9f, 0x2d, 0x4a, 0x7f, 0x47, 0x11, 0xa6, 0xf5, 0x8f, 0xd6, 0xd1, 0x5e, 0x5a},
+ },
+ { /* 23P */
+ addYX: fp.Elt{0x83, 0x0e, 0x15, 0xfe, 0x2a, 0x12, 0x95, 0x11, 0xd8, 0x35, 0x4b, 0x7e, 0x25, 0x9a, 0x20, 0xcf, 0x20, 0x1e, 0x71, 0x1e, 0x29, 0xf8, 0x87, 0x73, 0xf0, 0x92, 0xbf, 0xd8, 0x97, 0xb8, 0xac, 0x44},
+ subYX: fp.Elt{0x59, 0x73, 0x52, 0x58, 0xc5, 0xe0, 0xe5, 0xba, 0x7e, 0x9d, 0xdb, 0xca, 0x19, 0x5c, 0x2e, 0x39, 0xe9, 0xab, 0x1c, 0xda, 0x1e, 0x3c, 0x65, 0x28, 0x44, 0xdc, 0xef, 0x5f, 0x13, 0x60, 0x9b, 0x01},
+ dt2: fp.Elt{0x83, 0x4b, 0x13, 0x5e, 0x14, 0x68, 0x60, 0x1e, 0x16, 0x4c, 0x30, 0x24, 0x4f, 0xe6, 0xf5, 0xc4, 0xd7, 0x3e, 0x1a, 0xfc, 0xa8, 0x88, 0x6e, 0x50, 0x92, 0x2f, 0xad, 0xe6, 0xfd, 0x49, 0x0c, 0x15},
+ },
+ { /* 25P */
+ addYX: fp.Elt{0x38, 0x11, 0x47, 0x09, 0x95, 0xf2, 0x7b, 0x8e, 0x51, 0xa6, 0x75, 0x4f, 0x39, 0xef, 0x6f, 0x5d, 0xad, 0x08, 0xa7, 0x25, 0xc4, 0x79, 0xaf, 0x10, 0x22, 0x99, 0xb9, 0x5b, 0x07, 0x5a, 0x2b, 0x6b},
+ subYX: fp.Elt{0x68, 0xa8, 0xdc, 0x9c, 0x3c, 0x86, 0x49, 0xb8, 0xd0, 0x4a, 0x71, 0xb8, 0xdb, 0x44, 0x3f, 0xc8, 0x8d, 0x16, 0x36, 0x0c, 0x56, 0xe3, 0x3e, 0xfe, 0xc1, 0xfb, 0x05, 0x1e, 0x79, 0xd7, 0xa6, 0x78},
+ dt2: fp.Elt{0x76, 0xb9, 0xa0, 0x47, 0x4b, 0x70, 0xbf, 0x58, 0xd5, 0x48, 0x17, 0x74, 0x55, 0xb3, 0x01, 0xa6, 0x90, 0xf5, 0x42, 0xd5, 0xb1, 0x1f, 0x2b, 0xaa, 0x00, 0x5d, 0xd5, 0x4a, 0xfc, 0x7f, 0x5c, 0x72},
+ },
+ { /* 27P */
+ addYX: fp.Elt{0xb2, 0x99, 0xcf, 0xd1, 0x15, 0x67, 0x42, 0xe4, 0x34, 0x0d, 0xa2, 0x02, 0x11, 0xd5, 0x52, 0x73, 0x9f, 0x10, 0x12, 0x8b, 0x7b, 0x15, 0xd1, 0x23, 0xa3, 0xf3, 0xb1, 0x7c, 0x27, 0xc9, 0x4c, 0x79},
+ subYX: fp.Elt{0xc0, 0x98, 0xd0, 0x1c, 0xf7, 0x2b, 0x80, 0x91, 0x66, 0x63, 0x5e, 0xed, 0xa4, 0x6c, 0x41, 0xfe, 0x4c, 0x99, 0x02, 0x49, 0x71, 0x5d, 0x58, 0xdf, 0xe7, 0xfa, 0x55, 0xf8, 0x25, 0x46, 0xd5, 0x4c},
+ dt2: fp.Elt{0x53, 0x50, 0xac, 0xc2, 0x26, 0xc4, 0xf6, 0x4a, 0x58, 0x72, 0xf6, 0x32, 0xad, 0xed, 0x9a, 0xbc, 0x21, 0x10, 0x31, 0x0a, 0xf1, 0x32, 0xd0, 0x2a, 0x85, 0x8e, 0xcc, 0x6f, 0x7b, 0x35, 0x08, 0x70},
+ },
+ { /* 29P */
+ addYX: fp.Elt{0x01, 0x3f, 0x77, 0x38, 0x27, 0x67, 0x88, 0x0b, 0xfb, 0xcc, 0xfb, 0x95, 0xfa, 0xc8, 0xcc, 0xb8, 0xb6, 0x29, 0xad, 0xb9, 0xa3, 0xd5, 0x2d, 0x8d, 0x6a, 0x0f, 0xad, 0x51, 0x98, 0x7e, 0xef, 0x06},
+ subYX: fp.Elt{0x34, 0x4a, 0x58, 0x82, 0xbb, 0x9f, 0x1b, 0xd0, 0x2b, 0x79, 0xb4, 0xd2, 0x63, 0x64, 0xab, 0x47, 0x02, 0x62, 0x53, 0x48, 0x9c, 0x63, 0x31, 0xb6, 0x28, 0xd4, 0xd6, 0x69, 0x36, 0x2a, 0xa9, 0x13},
+ dt2: fp.Elt{0xe5, 0x7d, 0x57, 0xc0, 0x1c, 0x77, 0x93, 0xca, 0x5c, 0xdc, 0x35, 0x50, 0x1e, 0xe4, 0x40, 0x75, 0x71, 0xe0, 0x02, 0xd8, 0x01, 0x0f, 0x68, 0x24, 0x6a, 0xf8, 0x2a, 0x8a, 0xdf, 0x6d, 0x29, 0x3c},
+ },
+ { /* 31P */
+ addYX: fp.Elt{0x13, 0xa7, 0x14, 0xd9, 0xf9, 0x15, 0xad, 0xae, 0x12, 0xf9, 0x8f, 0x8c, 0xf9, 0x7b, 0x2f, 0xa9, 0x30, 0xd7, 0x53, 0x9f, 0x17, 0x23, 0xf8, 0xaf, 0xba, 0x77, 0x0c, 0x49, 0x93, 0xd3, 0x99, 0x7a},
+ subYX: fp.Elt{0x41, 0x25, 0x1f, 0xbb, 0x2e, 0x4d, 0xeb, 0xfc, 0x1f, 0xb9, 0xad, 0x40, 0xc7, 0x10, 0x95, 0xb8, 0x05, 0xad, 0xa1, 0xd0, 0x7d, 0xa3, 0x71, 0xfc, 0x7b, 0x71, 0x47, 0x07, 0x70, 0x2c, 0x89, 0x0a},
+ dt2: fp.Elt{0xe8, 0xa3, 0xbd, 0x36, 0x24, 0xed, 0x52, 0x8f, 0x94, 0x07, 0xe8, 0x57, 0x41, 0xc8, 0xa8, 0x77, 0xe0, 0x9c, 0x2f, 0x26, 0x63, 0x65, 0xa9, 0xa5, 0xd2, 0xf7, 0x02, 0x83, 0xd2, 0x62, 0x67, 0x28},
+ },
+ { /* 33P */
+ addYX: fp.Elt{0x25, 0x5b, 0xe3, 0x3c, 0x09, 0x36, 0x78, 0x4e, 0x97, 0xaa, 0x6b, 0xb2, 0x1d, 0x18, 0xe1, 0x82, 0x3f, 0xb8, 0xc7, 0xcb, 0xd3, 0x92, 0xc1, 0x0c, 0x3a, 0x9d, 0x9d, 0x6a, 0x04, 0xda, 0xf1, 0x32},
+ subYX: fp.Elt{0xbd, 0xf5, 0x2e, 0xce, 0x2b, 0x8e, 0x55, 0x7c, 0x63, 0xbc, 0x47, 0x67, 0xb4, 0x6c, 0x98, 0xe4, 0xb8, 0x89, 0xbb, 0x3b, 0x9f, 0x17, 0x4a, 0x15, 0x7a, 0x76, 0xf1, 0xd6, 0xa3, 0xf2, 0x86, 0x76},
+ dt2: fp.Elt{0x6a, 0x7c, 0x59, 0x6d, 0xa6, 0x12, 0x8d, 0xaa, 0x2b, 0x85, 0xd3, 0x04, 0x03, 0x93, 0x11, 0x8f, 0x22, 0xb0, 0x09, 0xc2, 0x73, 0xdc, 0x91, 0x3f, 0xa6, 0x28, 0xad, 0xa9, 0xf8, 0x05, 0x13, 0x56},
+ },
+ { /* 35P */
+ addYX: fp.Elt{0xd1, 0xae, 0x92, 0xec, 0x8d, 0x97, 0x0c, 0x10, 0xe5, 0x73, 0x6d, 0x4d, 0x43, 0xd5, 0x43, 0xca, 0x48, 0xba, 0x47, 0xd8, 0x22, 0x1b, 0x13, 0x83, 0x2c, 0x4d, 0x5d, 0xe3, 0x53, 0xec, 0xaa},
+ subYX: fp.Elt{0xd5, 0xc0, 0xb0, 0xe7, 0x28, 0xcc, 0x22, 0x67, 0x53, 0x5c, 0x07, 0xdb, 0xbb, 0xe9, 0x9d, 0x70, 0x61, 0x0a, 0x01, 0xd7, 0xa7, 0x8d, 0xf6, 0xca, 0x6c, 0xcc, 0x57, 0x2c, 0xef, 0x1a, 0x0a, 0x03},
+ dt2: fp.Elt{0xaa, 0xd2, 0x3a, 0x00, 0x73, 0xf7, 0xb1, 0x7b, 0x08, 0x66, 0x21, 0x2b, 0x80, 0x29, 0x3f, 0x0b, 0x3e, 0xd2, 0x0e, 0x52, 0x86, 0xdc, 0x21, 0x78, 0x80, 0x54, 0x06, 0x24, 0x1c, 0x9c, 0xbe, 0x20},
+ },
+ { /* 37P */
+ addYX: fp.Elt{0xa6, 0x73, 0x96, 0x24, 0xd8, 0x87, 0x53, 0xe1, 0x93, 0xe4, 0x46, 0xf5, 0x2d, 0xbc, 0x43, 0x59, 0xb5, 0x63, 0x6f, 0xc3, 0x81, 0x9a, 0x7f, 0x1c, 0xde, 0xc1, 0x0a, 0x1f, 0x36, 0xb3, 0x0a, 0x75},
+ subYX: fp.Elt{0x60, 0x5e, 0x02, 0xe2, 0x4a, 0xe4, 0xe0, 0x20, 0x38, 0xb9, 0xdc, 0xcb, 0x2f, 0x3b, 0x3b, 0xb0, 0x1c, 0x0d, 0x5a, 0xf9, 0x9c, 0x63, 0x5d, 0x10, 0x11, 0xe3, 0x67, 0x50, 0x54, 0x4c, 0x76, 0x69},
+ dt2: fp.Elt{0x37, 0x10, 0xf8, 0xa2, 0x83, 0x32, 0x8a, 0x1e, 0xf1, 0xcb, 0x7f, 0xbd, 0x23, 0xda, 0x2e, 0x6f, 0x63, 0x25, 0x2e, 0xac, 0x5b, 0xd1, 0x2f, 0xb7, 0x40, 0x50, 0x07, 0xb7, 0x3f, 0x6b, 0xf9, 0x54},
+ },
+ { /* 39P */
+ addYX: fp.Elt{0x79, 0x92, 0x66, 0x29, 0x04, 0xf2, 0xad, 0x0f, 0x4a, 0x72, 0x7d, 0x7d, 0x04, 0xa2, 0xdd, 0x3a, 0xf1, 0x60, 0x57, 0x8c, 0x82, 0x94, 0x3d, 0x6f, 0x9e, 0x53, 0xb7, 0x2b, 0xc5, 0xe9, 0x7f, 0x3d},
+ subYX: fp.Elt{0xcd, 0x1e, 0xb1, 0x16, 0xc6, 0xaf, 0x7d, 0x17, 0x79, 0x64, 0x57, 0xfa, 0x9c, 0x4b, 0x76, 0x89, 0x85, 0xe7, 0xec, 0xe6, 0x10, 0xa1, 0xa8, 0xb7, 0xf0, 0xdb, 0x85, 0xbe, 0x9f, 0x83, 0xe6, 0x78},
+ dt2: fp.Elt{0x6b, 0x85, 0xb8, 0x37, 0xf7, 0x2d, 0x33, 0x70, 0x8a, 0x17, 0x1a, 0x04, 0x43, 0x5d, 0xd0, 0x75, 0x22, 0x9e, 0xe5, 0xa0, 0x4a, 0xf7, 0x0f, 0x32, 0x42, 0x82, 0x08, 0x50, 0xf3, 0x68, 0xf2, 0x70},
+ },
+ { /* 41P */
+ addYX: fp.Elt{0x47, 0x5f, 0x80, 0xb1, 0x83, 0x45, 0x86, 0x66, 0x19, 0x7c, 0xdd, 0x60, 0xd1, 0xc5, 0x35, 0xf5, 0x06, 0xb0, 0x4c, 0x1e, 0xb7, 0x4e, 0x87, 0xe9, 0xd9, 0x89, 0xd8, 0xfa, 0x5c, 0x34, 0x0d, 0x7c},
+ subYX: fp.Elt{0x55, 0xf3, 0xdc, 0x70, 0x20, 0x11, 0x24, 0x23, 0x17, 0xe1, 0xfc, 0xe7, 0x7e, 0xc9, 0x0c, 0x38, 0x98, 0xb6, 0x52, 0x35, 0xed, 0xde, 0x1d, 0xb3, 0xb9, 0xc4, 0xb8, 0x39, 0xc0, 0x56, 0x4e, 0x40},
+ dt2: fp.Elt{0x8a, 0x33, 0x78, 0x8c, 0x4b, 0x1f, 0x1f, 0x59, 0xe1, 0xb5, 0xe0, 0x67, 0xb1, 0x6a, 0x36, 0xa0, 0x44, 0x3d, 0x5f, 0xb4, 0x52, 0x41, 0xbc, 0x5c, 0x77, 0xc7, 0xae, 0x2a, 0x76, 0x54, 0xd7, 0x20},
+ },
+ { /* 43P */
+ addYX: fp.Elt{0x58, 0xb7, 0x3b, 0xc7, 0x6f, 0xc3, 0x8f, 0x5e, 0x9a, 0xbb, 0x3c, 0x36, 0xa5, 0x43, 0xe5, 0xac, 0x22, 0xc9, 0x3b, 0x90, 0x7d, 0x4a, 0x93, 0xa9, 0x62, 0xec, 0xce, 0xf3, 0x46, 0x1e, 0x8f, 0x2b},
+ subYX: fp.Elt{0x43, 0xf5, 0xb9, 0x35, 0xb1, 0xfe, 0x74, 0x9d, 0x6c, 0x95, 0x8c, 0xde, 0xf1, 0x7d, 0xb3, 0x84, 0xa9, 0x8b, 0x13, 0x57, 0x07, 0x2b, 0x32, 0xe9, 0xe1, 0x4c, 0x0b, 0x79, 0xa8, 0xad, 0xb8, 0x38},
+ dt2: fp.Elt{0x5d, 0xf9, 0x51, 0xdf, 0x9c, 0x4a, 0xc0, 0xb5, 0xac, 0xde, 0x1f, 0xcb, 0xae, 0x52, 0x39, 0x2b, 0xda, 0x66, 0x8b, 0x32, 0x8b, 0x6d, 0x10, 0x1d, 0x53, 0x19, 0xba, 0xce, 0x32, 0xeb, 0x9a, 0x04},
+ },
+ { /* 45P */
+ addYX: fp.Elt{0x31, 0x79, 0xfc, 0x75, 0x0b, 0x7d, 0x50, 0xaa, 0xd3, 0x25, 0x67, 0x7a, 0x4b, 0x92, 0xef, 0x0f, 0x30, 0x39, 0x6b, 0x39, 0x2b, 0x54, 0x82, 0x1d, 0xfc, 0x74, 0xf6, 0x30, 0x75, 0xe1, 0x5e, 0x79},
+ subYX: fp.Elt{0x7e, 0xfe, 0xdc, 0x63, 0x3c, 0x7d, 0x76, 0xd7, 0x40, 0x6e, 0x85, 0x97, 0x48, 0x59, 0x9c, 0x20, 0x13, 0x7c, 0x4f, 0xe1, 0x61, 0x68, 0x67, 0xb6, 0xfc, 0x25, 0xd6, 0xc8, 0xe0, 0x65, 0xc6, 0x51},
+ dt2: fp.Elt{0x81, 0xbd, 0xec, 0x52, 0x0a, 0x5b, 0x4a, 0x25, 0xe7, 0xaf, 0x34, 0xe0, 0x6e, 0x1f, 0x41, 0x5d, 0x31, 0x4a, 0xee, 0xca, 0x0d, 0x4d, 0xa2, 0xe6, 0x77, 0x44, 0xc5, 0x9d, 0xf4, 0x9b, 0xd1, 0x6c},
+ },
+ { /* 47P */
+ addYX: fp.Elt{0x86, 0xc3, 0xaf, 0x65, 0x21, 0x61, 0xfe, 0x1f, 0x10, 0x1b, 0xd5, 0xb8, 0x88, 0x2a, 0x2a, 0x08, 0xaa, 0x0b, 0x99, 0x20, 0x7e, 0x62, 0xf6, 0x76, 0xe7, 0x43, 0x9e, 0x42, 0xa7, 0xb3, 0x01, 0x5e},
+ subYX: fp.Elt{0xa3, 0x9c, 0x17, 0x52, 0x90, 0x61, 0x87, 0x7e, 0x85, 0x9f, 0x2c, 0x0b, 0x06, 0x0a, 0x1d, 0x57, 0x1e, 0x71, 0x99, 0x84, 0xa8, 0xba, 0xa2, 0x80, 0x38, 0xe6, 0xb2, 0x40, 0xdb, 0xf3, 0x20, 0x75},
+ dt2: fp.Elt{0xa1, 0x57, 0x93, 0xd3, 0xe3, 0x0b, 0xb5, 0x3d, 0xa5, 0x94, 0x9e, 0x59, 0xdd, 0x6c, 0x7b, 0x96, 0x6e, 0x1e, 0x31, 0xdf, 0x64, 0x9a, 0x30, 0x1a, 0x86, 0xc9, 0xf3, 0xce, 0x9c, 0x2c, 0x09, 0x71},
+ },
+ { /* 49P */
+ addYX: fp.Elt{0xcf, 0x1d, 0x05, 0x74, 0xac, 0xd8, 0x6b, 0x85, 0x1e, 0xaa, 0xb7, 0x55, 0x08, 0xa4, 0xf6, 0x03, 0xeb, 0x3c, 0x74, 0xc9, 0xcb, 0xe7, 0x4a, 0x3a, 0xde, 0xab, 0x37, 0x71, 0xbb, 0xa5, 0x73, 0x41},
+ subYX: fp.Elt{0x8c, 0x91, 0x64, 0x03, 0x3f, 0x52, 0xd8, 0x53, 0x1c, 0x6b, 0xab, 0x3f, 0xf4, 0x04, 0xb4, 0xa2, 0xa4, 0xe5, 0x81, 0x66, 0x9e, 0x4a, 0x0b, 0x08, 0xa7, 0x7b, 0x25, 0xd0, 0x03, 0x5b, 0xa1, 0x0e},
+ dt2: fp.Elt{0x8a, 0x21, 0xf9, 0xf0, 0x31, 0x6e, 0xc5, 0x17, 0x08, 0x47, 0xfc, 0x1a, 0x2b, 0x6e, 0x69, 0x5a, 0x76, 0xf1, 0xb2, 0xf4, 0x68, 0x16, 0x93, 0xf7, 0x67, 0x3a, 0x4e, 0x4a, 0x61, 0x65, 0xc5, 0x5f},
+ },
+ { /* 51P */
+ addYX: fp.Elt{0x8e, 0x98, 0x90, 0x77, 0xe6, 0xe1, 0x92, 0x48, 0x22, 0xd7, 0x5c, 0x1c, 0x0f, 0x95, 0xd5, 0x01, 0xed, 0x3e, 0x92, 0xe5, 0x9a, 0x81, 0xb0, 0xe3, 0x1b, 0x65, 0x46, 0x9d, 0x40, 0xc7, 0x14, 0x32},
+ subYX: fp.Elt{0xe5, 0x7a, 0x6d, 0xc4, 0x0d, 0x57, 0x6e, 0x13, 0x8f, 0xdc, 0xf8, 0x54, 0xcc, 0xaa, 0xd0, 0x0f, 0x86, 0xad, 0x0d, 0x31, 0x03, 0x9f, 0x54, 0x59, 0xa1, 0x4a, 0x45, 0x4c, 0x41, 0x1c, 0x71, 0x62},
+ dt2: fp.Elt{0x70, 0x17, 0x65, 0x06, 0x74, 0x82, 0x29, 0x13, 0x36, 0x94, 0x27, 0x8a, 0x66, 0xa0, 0xa4, 0x3b, 0x3c, 0x22, 0x5d, 0x18, 0xec, 0xb8, 0xb6, 0xd9, 0x3c, 0x83, 0xcb, 0x3e, 0x07, 0x94, 0xea, 0x5b},
+ },
+ { /* 53P */
+ addYX: fp.Elt{0xf8, 0xd2, 0x43, 0xf3, 0x63, 0xce, 0x70, 0xb4, 0xf1, 0xe8, 0x43, 0x05, 0x8f, 0xba, 0x67, 0x00, 0x6f, 0x7b, 0x11, 0xa2, 0xa1, 0x51, 0xda, 0x35, 0x2f, 0xbd, 0xf1, 0x44, 0x59, 0x78, 0xd0, 0x4a},
+ subYX: fp.Elt{0xe4, 0x9b, 0xc8, 0x12, 0x09, 0xbf, 0x1d, 0x64, 0x9c, 0x57, 0x6e, 0x7d, 0x31, 0x8b, 0xf3, 0xac, 0x65, 0xb0, 0x97, 0xf6, 0x02, 0x9e, 0xfe, 0xab, 0xec, 0x1e, 0xf6, 0x48, 0xc1, 0xd5, 0xac, 0x3a},
+ dt2: fp.Elt{0x01, 0x83, 0x31, 0xc3, 0x34, 0x3b, 0x8e, 0x85, 0x26, 0x68, 0x31, 0x07, 0x47, 0xc0, 0x99, 0xdc, 0x8c, 0xa8, 0x9d, 0xd3, 0x2e, 0x5b, 0x08, 0x34, 0x3d, 0x85, 0x02, 0xd9, 0xb1, 0x0c, 0xff, 0x3a},
+ },
+ { /* 55P */
+ addYX: fp.Elt{0x05, 0x35, 0xc5, 0xf4, 0x0b, 0x43, 0x26, 0x92, 0x83, 0x22, 0x1f, 0x26, 0x13, 0x9c, 0xe4, 0x68, 0xc6, 0x27, 0xd3, 0x8f, 0x78, 0x33, 0xef, 0x09, 0x7f, 0x9e, 0xd9, 0x2b, 0x73, 0x9f, 0xcf, 0x2c},
+ subYX: fp.Elt{0x5e, 0x40, 0x20, 0x3a, 0xeb, 0xc7, 0xc5, 0x87, 0xc9, 0x56, 0xad, 0xed, 0xef, 0x11, 0xe3, 0x8e, 0xf9, 0xd5, 0x29, 0xad, 0x48, 0x2e, 0x25, 0x29, 0x1d, 0x25, 0xcd, 0xf4, 0x86, 0x7e, 0x0e, 0x11},
+ dt2: fp.Elt{0xe4, 0xf5, 0x03, 0xd6, 0x9e, 0xd8, 0xc0, 0x57, 0x0c, 0x20, 0xb0, 0xf0, 0x28, 0x86, 0x88, 0x12, 0xb7, 0x3b, 0x2e, 0xa0, 0x09, 0x27, 0x17, 0x53, 0x37, 0x3a, 0x69, 0xb9, 0xe0, 0x57, 0xc5, 0x05},
+ },
+ { /* 57P */
+ addYX: fp.Elt{0xb0, 0x0e, 0xc2, 0x89, 0xb0, 0xbb, 0x76, 0xf7, 0x5c, 0xd8, 0x0f, 0xfa, 0xf6, 0x5b, 0xf8, 0x61, 0xfb, 0x21, 0x44, 0x63, 0x4e, 0x3f, 0xb9, 0xb6, 0x05, 0x12, 0x86, 0x41, 0x08, 0xef, 0x9f, 0x28},
+ subYX: fp.Elt{0x6f, 0x7e, 0xc9, 0x1f, 0x31, 0xce, 0xf9, 0xd8, 0xae, 0xfd, 0xf9, 0x11, 0x30, 0x26, 0x3f, 0x7a, 0xdd, 0x25, 0xed, 0x8b, 0xa0, 0x7e, 0x5b, 0xe1, 0x5a, 0x87, 0xe9, 0x8f, 0x17, 0x4c, 0x15, 0x6e},
+ dt2: fp.Elt{0xbf, 0x9a, 0xd6, 0xfe, 0x36, 0x63, 0x61, 0xcf, 0x4f, 0xc9, 0x35, 0x83, 0xe7, 0xe4, 0x16, 0x9b, 0xe7, 0x7f, 0x3a, 0x75, 0x65, 0x97, 0x78, 0x13, 0x19, 0xa3, 0x5c, 0xa9, 0x42, 0xf6, 0xfb, 0x6a},
+ },
+ { /* 59P */
+ addYX: fp.Elt{0xcc, 0xa8, 0x13, 0xf9, 0x70, 0x50, 0xe5, 0x5d, 0x61, 0xf5, 0x0c, 0x2b, 0x7b, 0x16, 0x1d, 0x7d, 0x89, 0xd4, 0xea, 0x90, 0xb6, 0x56, 0x29, 0xda, 0xd9, 0x1e, 0x80, 0xdb, 0xce, 0x93, 0xc0, 0x12},
+ subYX: fp.Elt{0xc1, 0xd2, 0xf5, 0x62, 0x0c, 0xde, 0xa8, 0x7d, 0x9a, 0x7b, 0x0e, 0xb0, 0xa4, 0x3d, 0xfc, 0x98, 0xe0, 0x70, 0xad, 0x0d, 0xda, 0x6a, 0xeb, 0x7d, 0xc4, 0x38, 0x50, 0xb9, 0x51, 0xb8, 0xb4, 0x0d},
+ dt2: fp.Elt{0x0f, 0x19, 0xb8, 0x08, 0x93, 0x7f, 0x14, 0xfc, 0x10, 0xe3, 0x1a, 0xa1, 0xa0, 0x9d, 0x96, 0x06, 0xfd, 0xd7, 0xc7, 0xda, 0x72, 0x55, 0xe7, 0xce, 0xe6, 0x5c, 0x63, 0xc6, 0x99, 0x87, 0xaa, 0x33},
+ },
+ { /* 61P */
+ addYX: fp.Elt{0xb1, 0x6c, 0x15, 0xfc, 0x88, 0xf5, 0x48, 0x83, 0x27, 0x6d, 0x0a, 0x1a, 0x9b, 0xba, 0xa2, 0x6d, 0xb6, 0x5a, 0xca, 0x87, 0x5c, 0x2d, 0x26, 0xe2, 0xa6, 0x89, 0xd5, 0xc8, 0xc1, 0xd0, 0x2c, 0x21},
+ subYX: fp.Elt{0xf2, 0x5c, 0x08, 0xbd, 0x1e, 0xf5, 0x0f, 0xaf, 0x1f, 0x3f, 0xd3, 0x67, 0x89, 0x1a, 0xf5, 0x78, 0x3c, 0x03, 0x60, 0x50, 0xe1, 0xbf, 0xc2, 0x6e, 0x86, 0x1a, 0xe2, 0xe8, 0x29, 0x6f, 0x3c, 0x23},
+ dt2: fp.Elt{0x81, 0xc7, 0x18, 0x7f, 0x10, 0xd5, 0xf4, 0xd2, 0x28, 0x9d, 0x7e, 0x52, 0xf2, 0xcd, 0x2e, 0x12, 0x41, 0x33, 0x3d, 0x3d, 0x2a, 0x86, 0x0a, 0xa7, 0xe3, 0x4c, 0x91, 0x11, 0x89, 0x77, 0xb7, 0x1d},
+ },
+ { /* 63P */
+ addYX: fp.Elt{0xb6, 0x1a, 0x70, 0xdd, 0x69, 0x47, 0x39, 0xb3, 0xa5, 0x8d, 0xcf, 0x19, 0xd4, 0xde, 0xb8, 0xe2, 0x52, 0xc8, 0x2a, 0xfd, 0x61, 0x41, 0xdf, 0x15, 0xbe, 0x24, 0x7d, 0x01, 0x8a, 0xca, 0xe2, 0x7a},
+ subYX: fp.Elt{0x6f, 0xc2, 0x6b, 0x7c, 0x39, 0x52, 0xf3, 0xdd, 0x13, 0x01, 0xd5, 0x53, 0xcc, 0xe2, 0x97, 0x7a, 0x30, 0xa3, 0x79, 0xbf, 0x3a, 0xf4, 0x74, 0x7c, 0xfc, 0xad, 0xe2, 0x26, 0xad, 0x97, 0xad, 0x31},
+ dt2: fp.Elt{0x62, 0xb9, 0x20, 0x09, 0xed, 0x17, 0xe8, 0xb7, 0x9d, 0xda, 0x19, 0x3f, 0xcc, 0x18, 0x85, 0x1e, 0x64, 0x0a, 0x56, 0x25, 0x4f, 0xc1, 0x91, 0xe4, 0x83, 0x2c, 0x62, 0xa6, 0x53, 0xfc, 0xd1, 0x1e},
+ },
+}
diff --git a/vendor/github.com/cloudflare/circl/sign/ed448/ed448.go b/vendor/github.com/cloudflare/circl/sign/ed448/ed448.go
new file mode 100644
index 0000000000000000000000000000000000000000..324bd8f334609a28e8564f00e8c11c4e620cb331
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/sign/ed448/ed448.go
@@ -0,0 +1,411 @@
+// Package ed448 implements Ed448 signature scheme as described in RFC-8032.
+//
+// This package implements two signature variants.
+//
+// | Scheme Name | Sign Function | Verification | Context |
+// |-------------|-------------------|---------------|-------------------|
+// | Ed448 | Sign | Verify | Yes, can be empty |
+// | Ed448Ph | SignPh | VerifyPh | Yes, can be empty |
+// | All above | (PrivateKey).Sign | VerifyAny | As above |
+//
+// Specific functions for sign and verify are defined. A generic signing
+// function for all schemes is available through the crypto.Signer interface,
+// which is implemented by the PrivateKey type. A correspond all-in-one
+// verification method is provided by the VerifyAny function.
+//
+// Both schemes require a context string for domain separation. This parameter
+// is passed using a SignerOptions struct defined in this package.
+//
+// References:
+//
+// - RFC8032: https://rfc-editor.org/rfc/rfc8032.txt
+// - EdDSA for more curves: https://eprint.iacr.org/2015/677
+// - High-speed high-security signatures: https://doi.org/10.1007/s13389-012-0027-1
+package ed448
+
+import (
+ "bytes"
+ "crypto"
+ cryptoRand "crypto/rand"
+ "crypto/subtle"
+ "errors"
+ "fmt"
+ "io"
+ "strconv"
+
+ "github.com/cloudflare/circl/ecc/goldilocks"
+ "github.com/cloudflare/circl/internal/sha3"
+ "github.com/cloudflare/circl/sign"
+)
+
+const (
+ // ContextMaxSize is the maximum length (in bytes) allowed for context.
+ ContextMaxSize = 255
+ // PublicKeySize is the length in bytes of Ed448 public keys.
+ PublicKeySize = 57
+ // PrivateKeySize is the length in bytes of Ed448 private keys.
+ PrivateKeySize = 114
+ // SignatureSize is the length in bytes of signatures.
+ SignatureSize = 114
+ // SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032.
+ SeedSize = 57
+)
+
+const (
+ paramB = 456 / 8 // Size of keys in bytes.
+ hashSize = 2 * paramB // Size of the hash function's output.
+)
+
+// SignerOptions implements crypto.SignerOpts and augments with parameters
+// that are specific to the Ed448 signature schemes.
+type SignerOptions struct {
+ // Hash must be crypto.Hash(0) for both Ed448 and Ed448Ph.
+ crypto.Hash
+
+ // Context is an optional domain separation string for signing.
+ // Its length must be less or equal than 255 bytes.
+ Context string
+
+ // Scheme is an identifier for choosing a signature scheme.
+ Scheme SchemeID
+}
+
+// SchemeID is an identifier for each signature scheme.
+type SchemeID uint
+
+const (
+ ED448 SchemeID = iota
+ ED448Ph
+)
+
+// PublicKey is the type of Ed448 public keys.
+type PublicKey []byte
+
+// Equal reports whether pub and x have the same value.
+func (pub PublicKey) Equal(x crypto.PublicKey) bool {
+ xx, ok := x.(PublicKey)
+ return ok && bytes.Equal(pub, xx)
+}
+
+// PrivateKey is the type of Ed448 private keys. It implements crypto.Signer.
+type PrivateKey []byte
+
+// Equal reports whether priv and x have the same value.
+func (priv PrivateKey) Equal(x crypto.PrivateKey) bool {
+ xx, ok := x.(PrivateKey)
+ return ok && subtle.ConstantTimeCompare(priv, xx) == 1
+}
+
+// Public returns the PublicKey corresponding to priv.
+func (priv PrivateKey) Public() crypto.PublicKey {
+ publicKey := make([]byte, PublicKeySize)
+ copy(publicKey, priv[SeedSize:])
+ return PublicKey(publicKey)
+}
+
+// Seed returns the private key seed corresponding to priv. It is provided for
+// interoperability with RFC 8032. RFC 8032's private keys correspond to seeds
+// in this package.
+func (priv PrivateKey) Seed() []byte {
+ seed := make([]byte, SeedSize)
+ copy(seed, priv[:SeedSize])
+ return seed
+}
+
+func (priv PrivateKey) Scheme() sign.Scheme { return sch }
+
+func (pub PublicKey) Scheme() sign.Scheme { return sch }
+
+func (priv PrivateKey) MarshalBinary() (data []byte, err error) {
+ privateKey := make(PrivateKey, PrivateKeySize)
+ copy(privateKey, priv)
+ return privateKey, nil
+}
+
+func (pub PublicKey) MarshalBinary() (data []byte, err error) {
+ publicKey := make(PublicKey, PublicKeySize)
+ copy(publicKey, pub)
+ return publicKey, nil
+}
+
+// Sign creates a signature of a message given a key pair.
+// This function supports all the two signature variants defined in RFC-8032,
+// namely Ed448 (or pure EdDSA) and Ed448Ph.
+// The opts.HashFunc() must return zero to the specify Ed448 variant. This can
+// be achieved by passing crypto.Hash(0) as the value for opts.
+// Use an Options struct to pass a bool indicating that the ed448Ph variant
+// should be used.
+// The struct can also be optionally used to pass a context string for signing.
+func (priv PrivateKey) Sign(
+ rand io.Reader,
+ message []byte,
+ opts crypto.SignerOpts,
+) (signature []byte, err error) {
+ var ctx string
+ var scheme SchemeID
+
+ if o, ok := opts.(SignerOptions); ok {
+ ctx = o.Context
+ scheme = o.Scheme
+ }
+
+ switch true {
+ case scheme == ED448 && opts.HashFunc() == crypto.Hash(0):
+ return Sign(priv, message, ctx), nil
+ case scheme == ED448Ph && opts.HashFunc() == crypto.Hash(0):
+ return SignPh(priv, message, ctx), nil
+ default:
+ return nil, errors.New("ed448: bad hash algorithm")
+ }
+}
+
+// GenerateKey generates a public/private key pair using entropy from rand.
+// If rand is nil, crypto/rand.Reader will be used.
+func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error) {
+ if rand == nil {
+ rand = cryptoRand.Reader
+ }
+
+ seed := make(PrivateKey, SeedSize)
+ if _, err := io.ReadFull(rand, seed); err != nil {
+ return nil, nil, err
+ }
+
+ privateKey := NewKeyFromSeed(seed)
+ publicKey := make([]byte, PublicKeySize)
+ copy(publicKey, privateKey[SeedSize:])
+
+ return publicKey, privateKey, nil
+}
+
+// NewKeyFromSeed calculates a private key from a seed. It will panic if
+// len(seed) is not SeedSize. This function is provided for interoperability
+// with RFC 8032. RFC 8032's private keys correspond to seeds in this
+// package.
+func NewKeyFromSeed(seed []byte) PrivateKey {
+ privateKey := make([]byte, PrivateKeySize)
+ newKeyFromSeed(privateKey, seed)
+ return privateKey
+}
+
+func newKeyFromSeed(privateKey, seed []byte) {
+ if l := len(seed); l != SeedSize {
+ panic("ed448: bad seed length: " + strconv.Itoa(l))
+ }
+
+ var h [hashSize]byte
+ H := sha3.NewShake256()
+ _, _ = H.Write(seed)
+ _, _ = H.Read(h[:])
+ s := &goldilocks.Scalar{}
+ deriveSecretScalar(s, h[:paramB])
+
+ copy(privateKey[:SeedSize], seed)
+ _ = goldilocks.Curve{}.ScalarBaseMult(s).ToBytes(privateKey[SeedSize:])
+}
+
+func signAll(signature []byte, privateKey PrivateKey, message, ctx []byte, preHash bool) {
+ if len(ctx) > ContextMaxSize {
+ panic(fmt.Errorf("ed448: bad context length: " + strconv.Itoa(len(ctx))))
+ }
+
+ H := sha3.NewShake256()
+ var PHM []byte
+
+ if preHash {
+ var h [64]byte
+ _, _ = H.Write(message)
+ _, _ = H.Read(h[:])
+ PHM = h[:]
+ H.Reset()
+ } else {
+ PHM = message
+ }
+
+ // 1. Hash the 57-byte private key using SHAKE256(x, 114).
+ var h [hashSize]byte
+ _, _ = H.Write(privateKey[:SeedSize])
+ _, _ = H.Read(h[:])
+ s := &goldilocks.Scalar{}
+ deriveSecretScalar(s, h[:paramB])
+ prefix := h[paramB:]
+
+ // 2. Compute SHAKE256(dom4(F, C) || prefix || PH(M), 114).
+ var rPM [hashSize]byte
+ H.Reset()
+
+ writeDom(&H, ctx, preHash)
+
+ _, _ = H.Write(prefix)
+ _, _ = H.Write(PHM)
+ _, _ = H.Read(rPM[:])
+
+ // 3. Compute the point [r]B.
+ r := &goldilocks.Scalar{}
+ r.FromBytes(rPM[:])
+ R := (&[paramB]byte{})[:]
+ if err := (goldilocks.Curve{}.ScalarBaseMult(r).ToBytes(R)); err != nil {
+ panic(err)
+ }
+ // 4. Compute SHAKE256(dom4(F, C) || R || A || PH(M), 114)
+ var hRAM [hashSize]byte
+ H.Reset()
+
+ writeDom(&H, ctx, preHash)
+
+ _, _ = H.Write(R)
+ _, _ = H.Write(privateKey[SeedSize:])
+ _, _ = H.Write(PHM)
+ _, _ = H.Read(hRAM[:])
+
+ // 5. Compute S = (r + k * s) mod order.
+ k := &goldilocks.Scalar{}
+ k.FromBytes(hRAM[:])
+ S := &goldilocks.Scalar{}
+ S.Mul(k, s)
+ S.Add(S, r)
+
+ // 6. The signature is the concatenation of R and S.
+ copy(signature[:paramB], R[:])
+ copy(signature[paramB:], S[:])
+}
+
+// Sign signs the message with privateKey and returns a signature.
+// This function supports the signature variant defined in RFC-8032: Ed448,
+// also known as the pure version of EdDSA.
+// It will panic if len(privateKey) is not PrivateKeySize.
+func Sign(priv PrivateKey, message []byte, ctx string) []byte {
+ signature := make([]byte, SignatureSize)
+ signAll(signature, priv, message, []byte(ctx), false)
+ return signature
+}
+
+// SignPh creates a signature of a message given a keypair.
+// This function supports the signature variant defined in RFC-8032: Ed448ph,
+// meaning it internally hashes the message using SHAKE-256.
+// Context could be passed to this function, which length should be no more than
+// 255. It can be empty.
+func SignPh(priv PrivateKey, message []byte, ctx string) []byte {
+ signature := make([]byte, SignatureSize)
+ signAll(signature, priv, message, []byte(ctx), true)
+ return signature
+}
+
+func verify(public PublicKey, message, signature, ctx []byte, preHash bool) bool {
+ if len(public) != PublicKeySize ||
+ len(signature) != SignatureSize ||
+ len(ctx) > ContextMaxSize ||
+ !isLessThanOrder(signature[paramB:]) {
+ return false
+ }
+
+ P, err := goldilocks.FromBytes(public)
+ if err != nil {
+ return false
+ }
+
+ H := sha3.NewShake256()
+ var PHM []byte
+
+ if preHash {
+ var h [64]byte
+ _, _ = H.Write(message)
+ _, _ = H.Read(h[:])
+ PHM = h[:]
+ H.Reset()
+ } else {
+ PHM = message
+ }
+
+ var hRAM [hashSize]byte
+ R := signature[:paramB]
+
+ writeDom(&H, ctx, preHash)
+
+ _, _ = H.Write(R)
+ _, _ = H.Write(public)
+ _, _ = H.Write(PHM)
+ _, _ = H.Read(hRAM[:])
+
+ k := &goldilocks.Scalar{}
+ k.FromBytes(hRAM[:])
+ S := &goldilocks.Scalar{}
+ S.FromBytes(signature[paramB:])
+
+ encR := (&[paramB]byte{})[:]
+ P.Neg()
+ _ = goldilocks.Curve{}.CombinedMult(S, k, P).ToBytes(encR)
+ return bytes.Equal(R, encR)
+}
+
+// VerifyAny returns true if the signature is valid. Failure cases are invalid
+// signature, or when the public key cannot be decoded.
+// This function supports all the two signature variants defined in RFC-8032,
+// namely Ed448 (or pure EdDSA) and Ed448Ph.
+// The opts.HashFunc() must return zero, this can be achieved by passing
+// crypto.Hash(0) as the value for opts.
+// Use a SignerOptions struct to pass a context string for signing.
+func VerifyAny(public PublicKey, message, signature []byte, opts crypto.SignerOpts) bool {
+ var ctx string
+ var scheme SchemeID
+ if o, ok := opts.(SignerOptions); ok {
+ ctx = o.Context
+ scheme = o.Scheme
+ }
+
+ switch true {
+ case scheme == ED448 && opts.HashFunc() == crypto.Hash(0):
+ return Verify(public, message, signature, ctx)
+ case scheme == ED448Ph && opts.HashFunc() == crypto.Hash(0):
+ return VerifyPh(public, message, signature, ctx)
+ default:
+ return false
+ }
+}
+
+// Verify returns true if the signature is valid. Failure cases are invalid
+// signature, or when the public key cannot be decoded.
+// This function supports the signature variant defined in RFC-8032: Ed448,
+// also known as the pure version of EdDSA.
+func Verify(public PublicKey, message, signature []byte, ctx string) bool {
+ return verify(public, message, signature, []byte(ctx), false)
+}
+
+// VerifyPh returns true if the signature is valid. Failure cases are invalid
+// signature, or when the public key cannot be decoded.
+// This function supports the signature variant defined in RFC-8032: Ed448ph,
+// meaning it internally hashes the message using SHAKE-256.
+// Context could be passed to this function, which length should be no more than
+// 255. It can be empty.
+func VerifyPh(public PublicKey, message, signature []byte, ctx string) bool {
+ return verify(public, message, signature, []byte(ctx), true)
+}
+
+func deriveSecretScalar(s *goldilocks.Scalar, h []byte) {
+ h[0] &= 0xFC // The two least significant bits of the first octet are cleared,
+ h[paramB-1] = 0x00 // all eight bits the last octet are cleared, and
+ h[paramB-2] |= 0x80 // the highest bit of the second to last octet is set.
+ s.FromBytes(h[:paramB])
+}
+
+// isLessThanOrder returns true if 0 <= x < order and if the last byte of x is zero.
+func isLessThanOrder(x []byte) bool {
+ order := goldilocks.Curve{}.Order()
+ i := len(order) - 1
+ for i > 0 && x[i] == order[i] {
+ i--
+ }
+ return x[paramB-1] == 0 && x[i] < order[i]
+}
+
+func writeDom(h io.Writer, ctx []byte, preHash bool) {
+ dom4 := "SigEd448"
+ _, _ = h.Write([]byte(dom4))
+
+ if preHash {
+ _, _ = h.Write([]byte{byte(0x01), byte(len(ctx))})
+ } else {
+ _, _ = h.Write([]byte{byte(0x00), byte(len(ctx))})
+ }
+ _, _ = h.Write(ctx)
+}
diff --git a/vendor/github.com/cloudflare/circl/sign/ed448/signapi.go b/vendor/github.com/cloudflare/circl/sign/ed448/signapi.go
new file mode 100644
index 0000000000000000000000000000000000000000..22da8bc0a570508794652fa4b9530bfa3b3ec6ea
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/sign/ed448/signapi.go
@@ -0,0 +1,87 @@
+package ed448
+
+import (
+ "crypto/rand"
+ "encoding/asn1"
+
+ "github.com/cloudflare/circl/sign"
+)
+
+var sch sign.Scheme = &scheme{}
+
+// Scheme returns a signature interface.
+func Scheme() sign.Scheme { return sch }
+
+type scheme struct{}
+
+func (*scheme) Name() string { return "Ed448" }
+func (*scheme) PublicKeySize() int { return PublicKeySize }
+func (*scheme) PrivateKeySize() int { return PrivateKeySize }
+func (*scheme) SignatureSize() int { return SignatureSize }
+func (*scheme) SeedSize() int { return SeedSize }
+func (*scheme) TLSIdentifier() uint { return 0x0808 }
+func (*scheme) SupportsContext() bool { return true }
+func (*scheme) Oid() asn1.ObjectIdentifier {
+ return asn1.ObjectIdentifier{1, 3, 101, 113}
+}
+
+func (*scheme) GenerateKey() (sign.PublicKey, sign.PrivateKey, error) {
+ return GenerateKey(rand.Reader)
+}
+
+func (*scheme) Sign(
+ sk sign.PrivateKey,
+ message []byte,
+ opts *sign.SignatureOpts,
+) []byte {
+ priv, ok := sk.(PrivateKey)
+ if !ok {
+ panic(sign.ErrTypeMismatch)
+ }
+ ctx := ""
+ if opts != nil {
+ ctx = opts.Context
+ }
+ return Sign(priv, message, ctx)
+}
+
+func (*scheme) Verify(
+ pk sign.PublicKey,
+ message, signature []byte,
+ opts *sign.SignatureOpts,
+) bool {
+ pub, ok := pk.(PublicKey)
+ if !ok {
+ panic(sign.ErrTypeMismatch)
+ }
+ ctx := ""
+ if opts != nil {
+ ctx = opts.Context
+ }
+ return Verify(pub, message, signature, ctx)
+}
+
+func (*scheme) DeriveKey(seed []byte) (sign.PublicKey, sign.PrivateKey) {
+ privateKey := NewKeyFromSeed(seed)
+ publicKey := make(PublicKey, PublicKeySize)
+ copy(publicKey, privateKey[SeedSize:])
+ return publicKey, privateKey
+}
+
+func (*scheme) UnmarshalBinaryPublicKey(buf []byte) (sign.PublicKey, error) {
+ if len(buf) < PublicKeySize {
+ return nil, sign.ErrPubKeySize
+ }
+ pub := make(PublicKey, PublicKeySize)
+ copy(pub, buf[:PublicKeySize])
+ return pub, nil
+}
+
+func (*scheme) UnmarshalBinaryPrivateKey(buf []byte) (sign.PrivateKey, error) {
+ if len(buf) < PrivateKeySize {
+ return nil, sign.ErrPrivKeySize
+ }
+ priv := make(PrivateKey, PrivateKeySize)
+ copy(priv, buf[:PrivateKeySize])
+ return priv, nil
+}
diff --git a/vendor/github.com/cloudflare/circl/sign/sign.go b/vendor/github.com/cloudflare/circl/sign/sign.go
new file mode 100644
index 0000000000000000000000000000000000000000..13b20fa4b04ae55517e1953b5f85997de858f734
--- /dev/null
+++ b/vendor/github.com/cloudflare/circl/sign/sign.go
@@ -0,0 +1,110 @@
+// Package sign provides unified interfaces for signature schemes.
+//
+// A register of schemes is available in the package
+//
+// github.com/cloudflare/circl/sign/schemes
+package sign
+
+import (
+ "crypto"
+ "encoding"
+ "errors"
+)
+
+type SignatureOpts struct {
+ // If non-empty, includes the given context in the signature if supported
+ // and will cause an error during signing otherwise.
+ Context string
+}
+
+// A public key is used to verify a signature set by the corresponding private
+// key.
+type PublicKey interface {
+ // Returns the signature scheme for this public key.
+ Scheme() Scheme
+ Equal(crypto.PublicKey) bool
+ encoding.BinaryMarshaler
+ crypto.PublicKey
+}
+
+// A private key allows one to create signatures.
+type PrivateKey interface {
+ // Returns the signature scheme for this private key.
+ Scheme() Scheme
+ Equal(crypto.PrivateKey) bool
+ // For compatibility with Go standard library
+ crypto.Signer
+ crypto.PrivateKey
+ encoding.BinaryMarshaler
+}
+
+// A Scheme represents a specific instance of a signature scheme.
+type Scheme interface {
+ // Name of the scheme.
+ Name() string
+
+ // GenerateKey creates a new key-pair.
+ GenerateKey() (PublicKey, PrivateKey, error)
+
+ // Creates a signature using the PrivateKey on the given message and
+ // returns the signature. opts are additional options which can be nil.
+ //
+ // Panics if key is nil or wrong type or opts context is not supported.
+ Sign(sk PrivateKey, message []byte, opts *SignatureOpts) []byte
+
+ // Checks whether the given signature is a valid signature set by
+ // the private key corresponding to the given public key on the
+ // given message. opts are additional options which can be nil.
+ //
+ // Panics if key is nil or wrong type or opts context is not supported.
+ Verify(pk PublicKey, message []byte, signature []byte, opts *SignatureOpts) bool
+
+ // Deterministically derives a keypair from a seed. If you're unsure,
+ // you're better off using GenerateKey().
+ //
+ // Panics if seed is not of length SeedSize().
+ DeriveKey(seed []byte) (PublicKey, PrivateKey)
+
+ // Unmarshals a PublicKey from the provided buffer.
+ UnmarshalBinaryPublicKey([]byte) (PublicKey, error)
+
+ // Unmarshals a PublicKey from the provided buffer.
+ UnmarshalBinaryPrivateKey([]byte) (PrivateKey, error)
+
+ // Size of binary marshalled public keys.
+ PublicKeySize() int
+
+ // Size of binary marshalled public keys.
+ PrivateKeySize() int
+
+ // Size of signatures.
+ SignatureSize() int
+
+ // Size of seeds.
+ SeedSize() int
+
+ // Returns whether contexts are supported.
+ SupportsContext() bool
+}
+
+var (
+ // ErrTypeMismatch is the error used if types of, for instance, private
+ // and public keys don't match.
+ ErrTypeMismatch = errors.New("types mismatch")
+
+ // ErrSeedSize is the error used if the provided seed is of the wrong
+ // size.
+ ErrSeedSize = errors.New("wrong seed size")
+
+ // ErrPubKeySize is the error used if the provided public key is of
+ // the wrong size.
+ ErrPubKeySize = errors.New("wrong size for public key")
+
+ // ErrPrivKeySize is the error used if the provided private key is of
+ // the wrong size.
+ ErrPrivKeySize = errors.New("wrong size for private key")
+
+ // ErrContextNotSupported is the error used if a context is not
+ // supported.
+ ErrContextNotSupported = errors.New("context not supported")
+)
diff --git a/vendor/golang.org/x/crypto/LICENSE b/vendor/golang.org/x/crypto/LICENSE
index 6a66aea5eafe0ca6a688840c47219556c552488e..2a7cf70da6e498df9c11ab6a5eaa2ddd7af34da4 100644
--- a/vendor/golang.org/x/crypto/LICENSE
+++ b/vendor/golang.org/x/crypto/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2009 The Go Authors. All rights reserved.
+Copyright 2009 The Go Authors.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
@@ -10,7 +10,7 @@ notice, this list of conditions and the following disclaimer.
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
- * Neither the name of Google Inc. nor the names of its
+ * Neither the name of Google LLC nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
diff --git a/vendor/golang.org/x/crypto/argon2/argon2.go b/vendor/golang.org/x/crypto/argon2/argon2.go
new file mode 100644
index 0000000000000000000000000000000000000000..29f0a2de4514b64d229aeac296112728a27310bd
--- /dev/null
+++ b/vendor/golang.org/x/crypto/argon2/argon2.go
@@ -0,0 +1,283 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package argon2 implements the key derivation function Argon2.
+// Argon2 was selected as the winner of the Password Hashing Competition and can
+// be used to derive cryptographic keys from passwords.
+//
+// For a detailed specification of Argon2 see [1].
+//
+// If you aren't sure which function you need, use Argon2id (IDKey) and
+// the parameter recommendations for your scenario.
+//
+// # Argon2i
+//
+// Argon2i (implemented by Key) is the side-channel resistant version of Argon2.
+// It uses data-independent memory access, which is preferred for password
+// hashing and password-based key derivation. Argon2i requires more passes over
+// memory than Argon2id to protect from trade-off attacks. The recommended
+// parameters (taken from [2]) for non-interactive operations are time=3 and to
+// use the maximum available memory.
+//
+// # Argon2id
+//
+// Argon2id (implemented by IDKey) is a hybrid version of Argon2 combining
+// Argon2i and Argon2d. It uses data-independent memory access for the first
+// half of the first iteration over the memory and data-dependent memory access
+// for the rest. Argon2id is side-channel resistant and provides better brute-
+// force cost savings due to time-memory tradeoffs than Argon2i. The recommended
+// parameters for non-interactive operations (taken from [2]) are time=1 and to
+// use the maximum available memory.
+//
+// [1] https://github.com/P-H-C/phc-winner-argon2/blob/master/argon2-specs.pdf
+// [2] https://tools.ietf.org/html/draft-irtf-cfrg-argon2-03#section-9.3
+package argon2
+
+import (
+ "encoding/binary"
+ "sync"
+
+ "golang.org/x/crypto/blake2b"
+)
+
+// The Argon2 version implemented by this package.
+const Version = 0x13
+
+const (
+ argon2d = iota
+ argon2i
+ argon2id
+)
+
+// Key derives a key from the password, salt, and cost parameters using Argon2i
+// returning a byte slice of length keyLen that can be used as cryptographic
+// key. The CPU cost and parallelism degree must be greater than zero.
+//
+// For example, you can get a derived key for e.g. AES-256 (which needs a
+// 32-byte key) by doing:
+//
+// key := argon2.Key([]byte("some password"), salt, 3, 32*1024, 4, 32)
+//
+// The draft RFC recommends[2] time=3, and memory=32*1024 is a sensible number.
+// If using that amount of memory (32 MB) is not possible in some contexts then
+// the time parameter can be increased to compensate.
+//
+// The time parameter specifies the number of passes over the memory and the
+// memory parameter specifies the size of the memory in KiB. For example
+// memory=32*1024 sets the memory cost to ~32 MB. The number of threads can be
+// adjusted to the number of available CPUs. The cost parameters should be
+// increased as memory latency and CPU parallelism increases. Remember to get a
+// good random salt.
+func Key(password, salt []byte, time, memory uint32, threads uint8, keyLen uint32) []byte {
+ return deriveKey(argon2i, password, salt, nil, nil, time, memory, threads, keyLen)
+}
+
+// IDKey derives a key from the password, salt, and cost parameters using
+// Argon2id returning a byte slice of length keyLen that can be used as
+// cryptographic key. The CPU cost and parallelism degree must be greater than
+// zero.
+//
+// For example, you can get a derived key for e.g. AES-256 (which needs a
+// 32-byte key) by doing:
+//
+// key := argon2.IDKey([]byte("some password"), salt, 1, 64*1024, 4, 32)
+//
+// The draft RFC recommends[2] time=1, and memory=64*1024 is a sensible number.
+// If using that amount of memory (64 MB) is not possible in some contexts then
+// the time parameter can be increased to compensate.
+//
+// The time parameter specifies the number of passes over the memory and the
+// memory parameter specifies the size of the memory in KiB. For example
+// memory=64*1024 sets the memory cost to ~64 MB. The number of threads can be
+// adjusted to the numbers of available CPUs. The cost parameters should be
+// increased as memory latency and CPU parallelism increases. Remember to get a
+// good random salt.
+func IDKey(password, salt []byte, time, memory uint32, threads uint8, keyLen uint32) []byte {
+ return deriveKey(argon2id, password, salt, nil, nil, time, memory, threads, keyLen)
+}
+
+func deriveKey(mode int, password, salt, secret, data []byte, time, memory uint32, threads uint8, keyLen uint32) []byte {
+ if time < 1 {
+ panic("argon2: number of rounds too small")
+ }
+ if threads < 1 {
+ panic("argon2: parallelism degree too low")
+ }
+ h0 := initHash(password, salt, secret, data, time, memory, uint32(threads), keyLen, mode)
+
+ memory = memory / (syncPoints * uint32(threads)) * (syncPoints * uint32(threads))
+ if memory < 2*syncPoints*uint32(threads) {
+ memory = 2 * syncPoints * uint32(threads)
+ }
+ B := initBlocks(&h0, memory, uint32(threads))
+ processBlocks(B, time, memory, uint32(threads), mode)
+ return extractKey(B, memory, uint32(threads), keyLen)
+}
+
+const (
+ blockLength = 128
+ syncPoints = 4
+)
+
+type block [blockLength]uint64
+
+func initHash(password, salt, key, data []byte, time, memory, threads, keyLen uint32, mode int) [blake2b.Size + 8]byte {
+ var (
+ h0 [blake2b.Size + 8]byte
+ params [24]byte
+ tmp [4]byte
+ )
+
+ b2, _ := blake2b.New512(nil)
+ binary.LittleEndian.PutUint32(params[0:4], threads)
+ binary.LittleEndian.PutUint32(params[4:8], keyLen)
+ binary.LittleEndian.PutUint32(params[8:12], memory)
+ binary.LittleEndian.PutUint32(params[12:16], time)
+ binary.LittleEndian.PutUint32(params[16:20], uint32(Version))
+ binary.LittleEndian.PutUint32(params[20:24], uint32(mode))
+ b2.Write(params[:])
+ binary.LittleEndian.PutUint32(tmp[:], uint32(len(password)))
+ b2.Write(tmp[:])
+ b2.Write(password)
+ binary.LittleEndian.PutUint32(tmp[:], uint32(len(salt)))
+ b2.Write(tmp[:])
+ b2.Write(salt)
+ binary.LittleEndian.PutUint32(tmp[:], uint32(len(key)))
+ b2.Write(tmp[:])
+ b2.Write(key)
+ binary.LittleEndian.PutUint32(tmp[:], uint32(len(data)))
+ b2.Write(tmp[:])
+ b2.Write(data)
+ b2.Sum(h0[:0])
+ return h0
+}
+
+func initBlocks(h0 *[blake2b.Size + 8]byte, memory, threads uint32) []block {
+ var block0 [1024]byte
+ B := make([]block, memory)
+ for lane := uint32(0); lane < threads; lane++ {
+ j := lane * (memory / threads)
+ binary.LittleEndian.PutUint32(h0[blake2b.Size+4:], lane)
+
+ binary.LittleEndian.PutUint32(h0[blake2b.Size:], 0)
+ blake2bHash(block0[:], h0[:])
+ for i := range B[j+0] {
+ B[j+0][i] = binary.LittleEndian.Uint64(block0[i*8:])
+ }
+
+ binary.LittleEndian.PutUint32(h0[blake2b.Size:], 1)
+ blake2bHash(block0[:], h0[:])
+ for i := range B[j+1] {
+ B[j+1][i] = binary.LittleEndian.Uint64(block0[i*8:])
+ }
+ }
+ return B
+}
+
+func processBlocks(B []block, time, memory, threads uint32, mode int) {
+ lanes := memory / threads
+ segments := lanes / syncPoints
+
+ processSegment := func(n, slice, lane uint32, wg *sync.WaitGroup) {
+ var addresses, in, zero block
+ if mode == argon2i || (mode == argon2id && n == 0 && slice < syncPoints/2) {
+ in[0] = uint64(n)
+ in[1] = uint64(lane)
+ in[2] = uint64(slice)
+ in[3] = uint64(memory)
+ in[4] = uint64(time)
+ in[5] = uint64(mode)
+ }
+
+ index := uint32(0)
+ if n == 0 && slice == 0 {
+ index = 2 // we have already generated the first two blocks
+ if mode == argon2i || mode == argon2id {
+ in[6]++
+ processBlock(&addresses, &in, &zero)
+ processBlock(&addresses, &addresses, &zero)
+ }
+ }
+
+ offset := lane*lanes + slice*segments + index
+ var random uint64
+ for index < segments {
+ prev := offset - 1
+ if index == 0 && slice == 0 {
+ prev += lanes // last block in lane
+ }
+ if mode == argon2i || (mode == argon2id && n == 0 && slice < syncPoints/2) {
+ if index%blockLength == 0 {
+ in[6]++
+ processBlock(&addresses, &in, &zero)
+ processBlock(&addresses, &addresses, &zero)
+ }
+ random = addresses[index%blockLength]
+ } else {
+ random = B[prev][0]
+ }
+ newOffset := indexAlpha(random, lanes, segments, threads, n, slice, lane, index)
+ processBlockXOR(&B[offset], &B[prev], &B[newOffset])
+ index, offset = index+1, offset+1
+ }
+ wg.Done()
+ }
+
+ for n := uint32(0); n < time; n++ {
+ for slice := uint32(0); slice < syncPoints; slice++ {
+ var wg sync.WaitGroup
+ for lane := uint32(0); lane < threads; lane++ {
+ wg.Add(1)
+ go processSegment(n, slice, lane, &wg)
+ }
+ wg.Wait()
+ }
+ }
+
+}
+
+func extractKey(B []block, memory, threads, keyLen uint32) []byte {
+ lanes := memory / threads
+ for lane := uint32(0); lane < threads-1; lane++ {
+ for i, v := range B[(lane*lanes)+lanes-1] {
+ B[memory-1][i] ^= v
+ }
+ }
+
+ var block [1024]byte
+ for i, v := range B[memory-1] {
+ binary.LittleEndian.PutUint64(block[i*8:], v)
+ }
+ key := make([]byte, keyLen)
+ blake2bHash(key, block[:])
+ return key
+}
+
+func indexAlpha(rand uint64, lanes, segments, threads, n, slice, lane, index uint32) uint32 {
+ refLane := uint32(rand>>32) % threads
+ if n == 0 && slice == 0 {
+ refLane = lane
+ }
+ m, s := 3*segments, ((slice+1)%syncPoints)*segments
+ if lane == refLane {
+ m += index
+ }
+ if n == 0 {
+ m, s = slice*segments, 0
+ if slice == 0 || lane == refLane {
+ m += index
+ }
+ }
+ if index == 0 || lane == refLane {
+ m--
+ }
+ return phi(rand, uint64(m), uint64(s), refLane, lanes)
+}
+
+func phi(rand, m, s uint64, lane, lanes uint32) uint32 {
+ p := rand & 0xFFFFFFFF
+ p = (p * p) >> 32
+ p = (p * m) >> 32
+ return lane*lanes + uint32((s+m-(p+1))%uint64(lanes))
+}
diff --git a/vendor/golang.org/x/crypto/argon2/blake2b.go b/vendor/golang.org/x/crypto/argon2/blake2b.go
new file mode 100644
index 0000000000000000000000000000000000000000..10f46948dc1053083178c9818fc15408ad19e488
--- /dev/null
+++ b/vendor/golang.org/x/crypto/argon2/blake2b.go
@@ -0,0 +1,53 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package argon2
+
+import (
+ "encoding/binary"
+ "hash"
+
+ "golang.org/x/crypto/blake2b"
+)
+
+// blake2bHash computes an arbitrary long hash value of in
+// and writes the hash to out.
+func blake2bHash(out []byte, in []byte) {
+ var b2 hash.Hash
+ if n := len(out); n < blake2b.Size {
+ b2, _ = blake2b.New(n, nil)
+ } else {
+ b2, _ = blake2b.New512(nil)
+ }
+
+ var buffer [blake2b.Size]byte
+ binary.LittleEndian.PutUint32(buffer[:4], uint32(len(out)))
+ b2.Write(buffer[:4])
+ b2.Write(in)
+
+ if len(out) <= blake2b.Size {
+ b2.Sum(out[:0])
+ return
+ }
+
+ outLen := len(out)
+ b2.Sum(buffer[:0])
+ b2.Reset()
+ copy(out, buffer[:32])
+ out = out[32:]
+ for len(out) > blake2b.Size {
+ b2.Write(buffer[:])
+ b2.Sum(buffer[:0])
+ copy(out, buffer[:32])
+ out = out[32:]
+ b2.Reset()
+ }
+
+ if outLen%blake2b.Size > 0 { // outLen > 64
+ r := ((outLen + 31) / 32) - 2 // ⌈τ /32⌉-2
+ b2, _ = blake2b.New(outLen-32*r, nil)
+ }
+ b2.Write(buffer[:])
+ b2.Sum(out[:0])
+}
diff --git a/vendor/golang.org/x/crypto/argon2/blamka_amd64.go b/vendor/golang.org/x/crypto/argon2/blamka_amd64.go
new file mode 100644
index 0000000000000000000000000000000000000000..063e7784f867419c0343c175fc2cf66c3e873cb5
--- /dev/null
+++ b/vendor/golang.org/x/crypto/argon2/blamka_amd64.go
@@ -0,0 +1,60 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build amd64 && gc && !purego
+
+package argon2
+
+import "golang.org/x/sys/cpu"
+
+func init() {
+ useSSE4 = cpu.X86.HasSSE41
+}
+
+//go:noescape
+func mixBlocksSSE2(out, a, b, c *block)
+
+//go:noescape
+func xorBlocksSSE2(out, a, b, c *block)
+
+//go:noescape
+func blamkaSSE4(b *block)
+
+func processBlockSSE(out, in1, in2 *block, xor bool) {
+ var t block
+ mixBlocksSSE2(&t, in1, in2, &t)
+ if useSSE4 {
+ blamkaSSE4(&t)
+ } else {
+ for i := 0; i < blockLength; i += 16 {
+ blamkaGeneric(
+ &t[i+0], &t[i+1], &t[i+2], &t[i+3],
+ &t[i+4], &t[i+5], &t[i+6], &t[i+7],
+ &t[i+8], &t[i+9], &t[i+10], &t[i+11],
+ &t[i+12], &t[i+13], &t[i+14], &t[i+15],
+ )
+ }
+ for i := 0; i < blockLength/8; i += 2 {
+ blamkaGeneric(
+ &t[i], &t[i+1], &t[16+i], &t[16+i+1],
+ &t[32+i], &t[32+i+1], &t[48+i], &t[48+i+1],
+ &t[64+i], &t[64+i+1], &t[80+i], &t[80+i+1],
+ &t[96+i], &t[96+i+1], &t[112+i], &t[112+i+1],
+ )
+ }
+ }
+ if xor {
+ xorBlocksSSE2(out, in1, in2, &t)
+ } else {
+ mixBlocksSSE2(out, in1, in2, &t)
+ }
+}
+
+func processBlock(out, in1, in2 *block) {
+ processBlockSSE(out, in1, in2, false)
+}
+
+func processBlockXOR(out, in1, in2 *block) {
+ processBlockSSE(out, in1, in2, true)
+}
diff --git a/vendor/golang.org/x/crypto/argon2/blamka_amd64.s b/vendor/golang.org/x/crypto/argon2/blamka_amd64.s
new file mode 100644
index 0000000000000000000000000000000000000000..c3895478ed0c5560ee9c06b873cc1b46971544c8
--- /dev/null
+++ b/vendor/golang.org/x/crypto/argon2/blamka_amd64.s
@@ -0,0 +1,2791 @@
+// Code generated by command: go run blamka_amd64.go -out ../blamka_amd64.s -pkg argon2. DO NOT EDIT.
+
+//go:build amd64 && gc && !purego
+
+#include "textflag.h"
+
+// func blamkaSSE4(b *block)
+// Requires: SSE2, SSSE3
+TEXT ·blamkaSSE4(SB), NOSPLIT, $0-8
+ MOVQ b+0(FP), AX
+ MOVOU ·c40<>+0(SB), X10
+ MOVOU ·c48<>+0(SB), X11
+ MOVOU (AX), X0
+ MOVOU 16(AX), X1
+ MOVOU 32(AX), X2
+ MOVOU 48(AX), X3
+ MOVOU 64(AX), X4
+ MOVOU 80(AX), X5
+ MOVOU 96(AX), X6
+ MOVOU 112(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, (AX)
+ MOVOU X1, 16(AX)
+ MOVOU X2, 32(AX)
+ MOVOU X3, 48(AX)
+ MOVOU X4, 64(AX)
+ MOVOU X5, 80(AX)
+ MOVOU X6, 96(AX)
+ MOVOU X7, 112(AX)
+ MOVOU 128(AX), X0
+ MOVOU 144(AX), X1
+ MOVOU 160(AX), X2
+ MOVOU 176(AX), X3
+ MOVOU 192(AX), X4
+ MOVOU 208(AX), X5
+ MOVOU 224(AX), X6
+ MOVOU 240(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, 128(AX)
+ MOVOU X1, 144(AX)
+ MOVOU X2, 160(AX)
+ MOVOU X3, 176(AX)
+ MOVOU X4, 192(AX)
+ MOVOU X5, 208(AX)
+ MOVOU X6, 224(AX)
+ MOVOU X7, 240(AX)
+ MOVOU 256(AX), X0
+ MOVOU 272(AX), X1
+ MOVOU 288(AX), X2
+ MOVOU 304(AX), X3
+ MOVOU 320(AX), X4
+ MOVOU 336(AX), X5
+ MOVOU 352(AX), X6
+ MOVOU 368(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, 256(AX)
+ MOVOU X1, 272(AX)
+ MOVOU X2, 288(AX)
+ MOVOU X3, 304(AX)
+ MOVOU X4, 320(AX)
+ MOVOU X5, 336(AX)
+ MOVOU X6, 352(AX)
+ MOVOU X7, 368(AX)
+ MOVOU 384(AX), X0
+ MOVOU 400(AX), X1
+ MOVOU 416(AX), X2
+ MOVOU 432(AX), X3
+ MOVOU 448(AX), X4
+ MOVOU 464(AX), X5
+ MOVOU 480(AX), X6
+ MOVOU 496(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, 384(AX)
+ MOVOU X1, 400(AX)
+ MOVOU X2, 416(AX)
+ MOVOU X3, 432(AX)
+ MOVOU X4, 448(AX)
+ MOVOU X5, 464(AX)
+ MOVOU X6, 480(AX)
+ MOVOU X7, 496(AX)
+ MOVOU 512(AX), X0
+ MOVOU 528(AX), X1
+ MOVOU 544(AX), X2
+ MOVOU 560(AX), X3
+ MOVOU 576(AX), X4
+ MOVOU 592(AX), X5
+ MOVOU 608(AX), X6
+ MOVOU 624(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, 512(AX)
+ MOVOU X1, 528(AX)
+ MOVOU X2, 544(AX)
+ MOVOU X3, 560(AX)
+ MOVOU X4, 576(AX)
+ MOVOU X5, 592(AX)
+ MOVOU X6, 608(AX)
+ MOVOU X7, 624(AX)
+ MOVOU 640(AX), X0
+ MOVOU 656(AX), X1
+ MOVOU 672(AX), X2
+ MOVOU 688(AX), X3
+ MOVOU 704(AX), X4
+ MOVOU 720(AX), X5
+ MOVOU 736(AX), X6
+ MOVOU 752(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, 640(AX)
+ MOVOU X1, 656(AX)
+ MOVOU X2, 672(AX)
+ MOVOU X3, 688(AX)
+ MOVOU X4, 704(AX)
+ MOVOU X5, 720(AX)
+ MOVOU X6, 736(AX)
+ MOVOU X7, 752(AX)
+ MOVOU 768(AX), X0
+ MOVOU 784(AX), X1
+ MOVOU 800(AX), X2
+ MOVOU 816(AX), X3
+ MOVOU 832(AX), X4
+ MOVOU 848(AX), X5
+ MOVOU 864(AX), X6
+ MOVOU 880(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, 768(AX)
+ MOVOU X1, 784(AX)
+ MOVOU X2, 800(AX)
+ MOVOU X3, 816(AX)
+ MOVOU X4, 832(AX)
+ MOVOU X5, 848(AX)
+ MOVOU X6, 864(AX)
+ MOVOU X7, 880(AX)
+ MOVOU 896(AX), X0
+ MOVOU 912(AX), X1
+ MOVOU 928(AX), X2
+ MOVOU 944(AX), X3
+ MOVOU 960(AX), X4
+ MOVOU 976(AX), X5
+ MOVOU 992(AX), X6
+ MOVOU 1008(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, 896(AX)
+ MOVOU X1, 912(AX)
+ MOVOU X2, 928(AX)
+ MOVOU X3, 944(AX)
+ MOVOU X4, 960(AX)
+ MOVOU X5, 976(AX)
+ MOVOU X6, 992(AX)
+ MOVOU X7, 1008(AX)
+ MOVOU (AX), X0
+ MOVOU 128(AX), X1
+ MOVOU 256(AX), X2
+ MOVOU 384(AX), X3
+ MOVOU 512(AX), X4
+ MOVOU 640(AX), X5
+ MOVOU 768(AX), X6
+ MOVOU 896(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, (AX)
+ MOVOU X1, 128(AX)
+ MOVOU X2, 256(AX)
+ MOVOU X3, 384(AX)
+ MOVOU X4, 512(AX)
+ MOVOU X5, 640(AX)
+ MOVOU X6, 768(AX)
+ MOVOU X7, 896(AX)
+ MOVOU 16(AX), X0
+ MOVOU 144(AX), X1
+ MOVOU 272(AX), X2
+ MOVOU 400(AX), X3
+ MOVOU 528(AX), X4
+ MOVOU 656(AX), X5
+ MOVOU 784(AX), X6
+ MOVOU 912(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, 16(AX)
+ MOVOU X1, 144(AX)
+ MOVOU X2, 272(AX)
+ MOVOU X3, 400(AX)
+ MOVOU X4, 528(AX)
+ MOVOU X5, 656(AX)
+ MOVOU X6, 784(AX)
+ MOVOU X7, 912(AX)
+ MOVOU 32(AX), X0
+ MOVOU 160(AX), X1
+ MOVOU 288(AX), X2
+ MOVOU 416(AX), X3
+ MOVOU 544(AX), X4
+ MOVOU 672(AX), X5
+ MOVOU 800(AX), X6
+ MOVOU 928(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, 32(AX)
+ MOVOU X1, 160(AX)
+ MOVOU X2, 288(AX)
+ MOVOU X3, 416(AX)
+ MOVOU X4, 544(AX)
+ MOVOU X5, 672(AX)
+ MOVOU X6, 800(AX)
+ MOVOU X7, 928(AX)
+ MOVOU 48(AX), X0
+ MOVOU 176(AX), X1
+ MOVOU 304(AX), X2
+ MOVOU 432(AX), X3
+ MOVOU 560(AX), X4
+ MOVOU 688(AX), X5
+ MOVOU 816(AX), X6
+ MOVOU 944(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, 48(AX)
+ MOVOU X1, 176(AX)
+ MOVOU X2, 304(AX)
+ MOVOU X3, 432(AX)
+ MOVOU X4, 560(AX)
+ MOVOU X5, 688(AX)
+ MOVOU X6, 816(AX)
+ MOVOU X7, 944(AX)
+ MOVOU 64(AX), X0
+ MOVOU 192(AX), X1
+ MOVOU 320(AX), X2
+ MOVOU 448(AX), X3
+ MOVOU 576(AX), X4
+ MOVOU 704(AX), X5
+ MOVOU 832(AX), X6
+ MOVOU 960(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, 64(AX)
+ MOVOU X1, 192(AX)
+ MOVOU X2, 320(AX)
+ MOVOU X3, 448(AX)
+ MOVOU X4, 576(AX)
+ MOVOU X5, 704(AX)
+ MOVOU X6, 832(AX)
+ MOVOU X7, 960(AX)
+ MOVOU 80(AX), X0
+ MOVOU 208(AX), X1
+ MOVOU 336(AX), X2
+ MOVOU 464(AX), X3
+ MOVOU 592(AX), X4
+ MOVOU 720(AX), X5
+ MOVOU 848(AX), X6
+ MOVOU 976(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, 80(AX)
+ MOVOU X1, 208(AX)
+ MOVOU X2, 336(AX)
+ MOVOU X3, 464(AX)
+ MOVOU X4, 592(AX)
+ MOVOU X5, 720(AX)
+ MOVOU X6, 848(AX)
+ MOVOU X7, 976(AX)
+ MOVOU 96(AX), X0
+ MOVOU 224(AX), X1
+ MOVOU 352(AX), X2
+ MOVOU 480(AX), X3
+ MOVOU 608(AX), X4
+ MOVOU 736(AX), X5
+ MOVOU 864(AX), X6
+ MOVOU 992(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, 96(AX)
+ MOVOU X1, 224(AX)
+ MOVOU X2, 352(AX)
+ MOVOU X3, 480(AX)
+ MOVOU X4, 608(AX)
+ MOVOU X5, 736(AX)
+ MOVOU X6, 864(AX)
+ MOVOU X7, 992(AX)
+ MOVOU 112(AX), X0
+ MOVOU 240(AX), X1
+ MOVOU 368(AX), X2
+ MOVOU 496(AX), X3
+ MOVOU 624(AX), X4
+ MOVOU 752(AX), X5
+ MOVOU 880(AX), X6
+ MOVOU 1008(AX), X7
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFD $0xb1, X6, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ PSHUFB X10, X2
+ MOVO X0, X8
+ PMULULQ X2, X8
+ PADDQ X2, X0
+ PADDQ X8, X0
+ PADDQ X8, X0
+ PXOR X0, X6
+ PSHUFB X11, X6
+ MOVO X4, X8
+ PMULULQ X6, X8
+ PADDQ X6, X4
+ PADDQ X8, X4
+ PADDQ X8, X4
+ PXOR X4, X2
+ MOVO X2, X8
+ PADDQ X2, X8
+ PSRLQ $0x3f, X2
+ PXOR X8, X2
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFD $0xb1, X7, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ PSHUFB X10, X3
+ MOVO X1, X8
+ PMULULQ X3, X8
+ PADDQ X3, X1
+ PADDQ X8, X1
+ PADDQ X8, X1
+ PXOR X1, X7
+ PSHUFB X11, X7
+ MOVO X5, X8
+ PMULULQ X7, X8
+ PADDQ X7, X5
+ PADDQ X8, X5
+ PADDQ X8, X5
+ PXOR X5, X3
+ MOVO X3, X8
+ PADDQ X3, X8
+ PSRLQ $0x3f, X3
+ PXOR X8, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU X0, 112(AX)
+ MOVOU X1, 240(AX)
+ MOVOU X2, 368(AX)
+ MOVOU X3, 496(AX)
+ MOVOU X4, 624(AX)
+ MOVOU X5, 752(AX)
+ MOVOU X6, 880(AX)
+ MOVOU X7, 1008(AX)
+ RET
+
+DATA ·c40<>+0(SB)/8, $0x0201000706050403
+DATA ·c40<>+8(SB)/8, $0x0a09080f0e0d0c0b
+GLOBL ·c40<>(SB), RODATA|NOPTR, $16
+
+DATA ·c48<>+0(SB)/8, $0x0100070605040302
+DATA ·c48<>+8(SB)/8, $0x09080f0e0d0c0b0a
+GLOBL ·c48<>(SB), RODATA|NOPTR, $16
+
+// func mixBlocksSSE2(out *block, a *block, b *block, c *block)
+// Requires: SSE2
+TEXT ·mixBlocksSSE2(SB), NOSPLIT, $0-32
+ MOVQ out+0(FP), DX
+ MOVQ a+8(FP), AX
+ MOVQ b+16(FP), BX
+ MOVQ c+24(FP), CX
+ MOVQ $0x00000080, DI
+
+loop:
+ MOVOU (AX), X0
+ MOVOU (BX), X1
+ MOVOU (CX), X2
+ PXOR X1, X0
+ PXOR X2, X0
+ MOVOU X0, (DX)
+ ADDQ $0x10, AX
+ ADDQ $0x10, BX
+ ADDQ $0x10, CX
+ ADDQ $0x10, DX
+ SUBQ $0x02, DI
+ JA loop
+ RET
+
+// func xorBlocksSSE2(out *block, a *block, b *block, c *block)
+// Requires: SSE2
+TEXT ·xorBlocksSSE2(SB), NOSPLIT, $0-32
+ MOVQ out+0(FP), DX
+ MOVQ a+8(FP), AX
+ MOVQ b+16(FP), BX
+ MOVQ c+24(FP), CX
+ MOVQ $0x00000080, DI
+
+loop:
+ MOVOU (AX), X0
+ MOVOU (BX), X1
+ MOVOU (CX), X2
+ MOVOU (DX), X3
+ PXOR X1, X0
+ PXOR X2, X0
+ PXOR X3, X0
+ MOVOU X0, (DX)
+ ADDQ $0x10, AX
+ ADDQ $0x10, BX
+ ADDQ $0x10, CX
+ ADDQ $0x10, DX
+ SUBQ $0x02, DI
+ JA loop
+ RET
diff --git a/vendor/golang.org/x/crypto/argon2/blamka_generic.go b/vendor/golang.org/x/crypto/argon2/blamka_generic.go
new file mode 100644
index 0000000000000000000000000000000000000000..a481b2243f855fda59f2d0cb3092061d36d14eb9
--- /dev/null
+++ b/vendor/golang.org/x/crypto/argon2/blamka_generic.go
@@ -0,0 +1,163 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package argon2
+
+var useSSE4 bool
+
+func processBlockGeneric(out, in1, in2 *block, xor bool) {
+ var t block
+ for i := range t {
+ t[i] = in1[i] ^ in2[i]
+ }
+ for i := 0; i < blockLength; i += 16 {
+ blamkaGeneric(
+ &t[i+0], &t[i+1], &t[i+2], &t[i+3],
+ &t[i+4], &t[i+5], &t[i+6], &t[i+7],
+ &t[i+8], &t[i+9], &t[i+10], &t[i+11],
+ &t[i+12], &t[i+13], &t[i+14], &t[i+15],
+ )
+ }
+ for i := 0; i < blockLength/8; i += 2 {
+ blamkaGeneric(
+ &t[i], &t[i+1], &t[16+i], &t[16+i+1],
+ &t[32+i], &t[32+i+1], &t[48+i], &t[48+i+1],
+ &t[64+i], &t[64+i+1], &t[80+i], &t[80+i+1],
+ &t[96+i], &t[96+i+1], &t[112+i], &t[112+i+1],
+ )
+ }
+ if xor {
+ for i := range t {
+ out[i] ^= in1[i] ^ in2[i] ^ t[i]
+ }
+ } else {
+ for i := range t {
+ out[i] = in1[i] ^ in2[i] ^ t[i]
+ }
+ }
+}
+
+func blamkaGeneric(t00, t01, t02, t03, t04, t05, t06, t07, t08, t09, t10, t11, t12, t13, t14, t15 *uint64) {
+ v00, v01, v02, v03 := *t00, *t01, *t02, *t03
+ v04, v05, v06, v07 := *t04, *t05, *t06, *t07
+ v08, v09, v10, v11 := *t08, *t09, *t10, *t11
+ v12, v13, v14, v15 := *t12, *t13, *t14, *t15
+
+ v00 += v04 + 2*uint64(uint32(v00))*uint64(uint32(v04))
+ v12 ^= v00
+ v12 = v12>>32 | v12<<32
+ v08 += v12 + 2*uint64(uint32(v08))*uint64(uint32(v12))
+ v04 ^= v08
+ v04 = v04>>24 | v04<<40
+
+ v00 += v04 + 2*uint64(uint32(v00))*uint64(uint32(v04))
+ v12 ^= v00
+ v12 = v12>>16 | v12<<48
+ v08 += v12 + 2*uint64(uint32(v08))*uint64(uint32(v12))
+ v04 ^= v08
+ v04 = v04>>63 | v04<<1
+
+ v01 += v05 + 2*uint64(uint32(v01))*uint64(uint32(v05))
+ v13 ^= v01
+ v13 = v13>>32 | v13<<32
+ v09 += v13 + 2*uint64(uint32(v09))*uint64(uint32(v13))
+ v05 ^= v09
+ v05 = v05>>24 | v05<<40
+
+ v01 += v05 + 2*uint64(uint32(v01))*uint64(uint32(v05))
+ v13 ^= v01
+ v13 = v13>>16 | v13<<48
+ v09 += v13 + 2*uint64(uint32(v09))*uint64(uint32(v13))
+ v05 ^= v09
+ v05 = v05>>63 | v05<<1
+
+ v02 += v06 + 2*uint64(uint32(v02))*uint64(uint32(v06))
+ v14 ^= v02
+ v14 = v14>>32 | v14<<32
+ v10 += v14 + 2*uint64(uint32(v10))*uint64(uint32(v14))
+ v06 ^= v10
+ v06 = v06>>24 | v06<<40
+
+ v02 += v06 + 2*uint64(uint32(v02))*uint64(uint32(v06))
+ v14 ^= v02
+ v14 = v14>>16 | v14<<48
+ v10 += v14 + 2*uint64(uint32(v10))*uint64(uint32(v14))
+ v06 ^= v10
+ v06 = v06>>63 | v06<<1
+
+ v03 += v07 + 2*uint64(uint32(v03))*uint64(uint32(v07))
+ v15 ^= v03
+ v15 = v15>>32 | v15<<32
+ v11 += v15 + 2*uint64(uint32(v11))*uint64(uint32(v15))
+ v07 ^= v11
+ v07 = v07>>24 | v07<<40
+
+ v03 += v07 + 2*uint64(uint32(v03))*uint64(uint32(v07))
+ v15 ^= v03
+ v15 = v15>>16 | v15<<48
+ v11 += v15 + 2*uint64(uint32(v11))*uint64(uint32(v15))
+ v07 ^= v11
+ v07 = v07>>63 | v07<<1
+
+ v00 += v05 + 2*uint64(uint32(v00))*uint64(uint32(v05))
+ v15 ^= v00
+ v15 = v15>>32 | v15<<32
+ v10 += v15 + 2*uint64(uint32(v10))*uint64(uint32(v15))
+ v05 ^= v10
+ v05 = v05>>24 | v05<<40
+
+ v00 += v05 + 2*uint64(uint32(v00))*uint64(uint32(v05))
+ v15 ^= v00
+ v15 = v15>>16 | v15<<48
+ v10 += v15 + 2*uint64(uint32(v10))*uint64(uint32(v15))
+ v05 ^= v10
+ v05 = v05>>63 | v05<<1
+
+ v01 += v06 + 2*uint64(uint32(v01))*uint64(uint32(v06))
+ v12 ^= v01
+ v12 = v12>>32 | v12<<32
+ v11 += v12 + 2*uint64(uint32(v11))*uint64(uint32(v12))
+ v06 ^= v11
+ v06 = v06>>24 | v06<<40
+
+ v01 += v06 + 2*uint64(uint32(v01))*uint64(uint32(v06))
+ v12 ^= v01
+ v12 = v12>>16 | v12<<48
+ v11 += v12 + 2*uint64(uint32(v11))*uint64(uint32(v12))
+ v06 ^= v11
+ v06 = v06>>63 | v06<<1
+
+ v02 += v07 + 2*uint64(uint32(v02))*uint64(uint32(v07))
+ v13 ^= v02
+ v13 = v13>>32 | v13<<32
+ v08 += v13 + 2*uint64(uint32(v08))*uint64(uint32(v13))
+ v07 ^= v08
+ v07 = v07>>24 | v07<<40
+
+ v02 += v07 + 2*uint64(uint32(v02))*uint64(uint32(v07))
+ v13 ^= v02
+ v13 = v13>>16 | v13<<48
+ v08 += v13 + 2*uint64(uint32(v08))*uint64(uint32(v13))
+ v07 ^= v08
+ v07 = v07>>63 | v07<<1
+
+ v03 += v04 + 2*uint64(uint32(v03))*uint64(uint32(v04))
+ v14 ^= v03
+ v14 = v14>>32 | v14<<32
+ v09 += v14 + 2*uint64(uint32(v09))*uint64(uint32(v14))
+ v04 ^= v09
+ v04 = v04>>24 | v04<<40
+
+ v03 += v04 + 2*uint64(uint32(v03))*uint64(uint32(v04))
+ v14 ^= v03
+ v14 = v14>>16 | v14<<48
+ v09 += v14 + 2*uint64(uint32(v09))*uint64(uint32(v14))
+ v04 ^= v09
+ v04 = v04>>63 | v04<<1
+
+ *t00, *t01, *t02, *t03 = v00, v01, v02, v03
+ *t04, *t05, *t06, *t07 = v04, v05, v06, v07
+ *t08, *t09, *t10, *t11 = v08, v09, v10, v11
+ *t12, *t13, *t14, *t15 = v12, v13, v14, v15
+}
diff --git a/vendor/golang.org/x/crypto/argon2/blamka_ref.go b/vendor/golang.org/x/crypto/argon2/blamka_ref.go
new file mode 100644
index 0000000000000000000000000000000000000000..16d58c650eb5e3d245cc1089f657e36bc3b88e49
--- /dev/null
+++ b/vendor/golang.org/x/crypto/argon2/blamka_ref.go
@@ -0,0 +1,15 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !amd64 || purego || !gc
+
+package argon2
+
+func processBlock(out, in1, in2 *block) {
+ processBlockGeneric(out, in1, in2, false)
+}
+
+func processBlockXOR(out, in1, in2 *block) {
+ processBlockGeneric(out, in1, in2, true)
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b.go b/vendor/golang.org/x/crypto/blake2b/blake2b.go
new file mode 100644
index 0000000000000000000000000000000000000000..d2e98d4295bdb83774fee0bb36ac25dc18548f25
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b.go
@@ -0,0 +1,291 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package blake2b implements the BLAKE2b hash algorithm defined by RFC 7693
+// and the extendable output function (XOF) BLAKE2Xb.
+//
+// BLAKE2b is optimized for 64-bit platforms—including NEON-enabled ARMs—and
+// produces digests of any size between 1 and 64 bytes.
+// For a detailed specification of BLAKE2b see https://blake2.net/blake2.pdf
+// and for BLAKE2Xb see https://blake2.net/blake2x.pdf
+//
+// If you aren't sure which function you need, use BLAKE2b (Sum512 or New512).
+// If you need a secret-key MAC (message authentication code), use the New512
+// function with a non-nil key.
+//
+// BLAKE2X is a construction to compute hash values larger than 64 bytes. It
+// can produce hash values between 0 and 4 GiB.
+package blake2b
+
+import (
+ "encoding/binary"
+ "errors"
+ "hash"
+)
+
+const (
+ // The blocksize of BLAKE2b in bytes.
+ BlockSize = 128
+ // The hash size of BLAKE2b-512 in bytes.
+ Size = 64
+ // The hash size of BLAKE2b-384 in bytes.
+ Size384 = 48
+ // The hash size of BLAKE2b-256 in bytes.
+ Size256 = 32
+)
+
+var (
+ useAVX2 bool
+ useAVX bool
+ useSSE4 bool
+)
+
+var (
+ errKeySize = errors.New("blake2b: invalid key size")
+ errHashSize = errors.New("blake2b: invalid hash size")
+)
+
+var iv = [8]uint64{
+ 0x6a09e667f3bcc908, 0xbb67ae8584caa73b, 0x3c6ef372fe94f82b, 0xa54ff53a5f1d36f1,
+ 0x510e527fade682d1, 0x9b05688c2b3e6c1f, 0x1f83d9abfb41bd6b, 0x5be0cd19137e2179,
+}
+
+// Sum512 returns the BLAKE2b-512 checksum of the data.
+func Sum512(data []byte) [Size]byte {
+ var sum [Size]byte
+ checkSum(&sum, Size, data)
+ return sum
+}
+
+// Sum384 returns the BLAKE2b-384 checksum of the data.
+func Sum384(data []byte) [Size384]byte {
+ var sum [Size]byte
+ var sum384 [Size384]byte
+ checkSum(&sum, Size384, data)
+ copy(sum384[:], sum[:Size384])
+ return sum384
+}
+
+// Sum256 returns the BLAKE2b-256 checksum of the data.
+func Sum256(data []byte) [Size256]byte {
+ var sum [Size]byte
+ var sum256 [Size256]byte
+ checkSum(&sum, Size256, data)
+ copy(sum256[:], sum[:Size256])
+ return sum256
+}
+
+// New512 returns a new hash.Hash computing the BLAKE2b-512 checksum. A non-nil
+// key turns the hash into a MAC. The key must be between zero and 64 bytes long.
+func New512(key []byte) (hash.Hash, error) { return newDigest(Size, key) }
+
+// New384 returns a new hash.Hash computing the BLAKE2b-384 checksum. A non-nil
+// key turns the hash into a MAC. The key must be between zero and 64 bytes long.
+func New384(key []byte) (hash.Hash, error) { return newDigest(Size384, key) }
+
+// New256 returns a new hash.Hash computing the BLAKE2b-256 checksum. A non-nil
+// key turns the hash into a MAC. The key must be between zero and 64 bytes long.
+func New256(key []byte) (hash.Hash, error) { return newDigest(Size256, key) }
+
+// New returns a new hash.Hash computing the BLAKE2b checksum with a custom length.
+// A non-nil key turns the hash into a MAC. The key must be between zero and 64 bytes long.
+// The hash size can be a value between 1 and 64 but it is highly recommended to use
+// values equal or greater than:
+// - 32 if BLAKE2b is used as a hash function (The key is zero bytes long).
+// - 16 if BLAKE2b is used as a MAC function (The key is at least 16 bytes long).
+// When the key is nil, the returned hash.Hash implements BinaryMarshaler
+// and BinaryUnmarshaler for state (de)serialization as documented by hash.Hash.
+func New(size int, key []byte) (hash.Hash, error) { return newDigest(size, key) }
+
+func newDigest(hashSize int, key []byte) (*digest, error) {
+ if hashSize < 1 || hashSize > Size {
+ return nil, errHashSize
+ }
+ if len(key) > Size {
+ return nil, errKeySize
+ }
+ d := &digest{
+ size: hashSize,
+ keyLen: len(key),
+ }
+ copy(d.key[:], key)
+ d.Reset()
+ return d, nil
+}
+
+func checkSum(sum *[Size]byte, hashSize int, data []byte) {
+ h := iv
+ h[0] ^= uint64(hashSize) | (1 << 16) | (1 << 24)
+ var c [2]uint64
+
+ if length := len(data); length > BlockSize {
+ n := length &^ (BlockSize - 1)
+ if length == n {
+ n -= BlockSize
+ }
+ hashBlocks(&h, &c, 0, data[:n])
+ data = data[n:]
+ }
+
+ var block [BlockSize]byte
+ offset := copy(block[:], data)
+ remaining := uint64(BlockSize - offset)
+ if c[0] < remaining {
+ c[1]--
+ }
+ c[0] -= remaining
+
+ hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:])
+
+ for i, v := range h[:(hashSize+7)/8] {
+ binary.LittleEndian.PutUint64(sum[8*i:], v)
+ }
+}
+
+type digest struct {
+ h [8]uint64
+ c [2]uint64
+ size int
+ block [BlockSize]byte
+ offset int
+
+ key [BlockSize]byte
+ keyLen int
+}
+
+const (
+ magic = "b2b"
+ marshaledSize = len(magic) + 8*8 + 2*8 + 1 + BlockSize + 1
+)
+
+func (d *digest) MarshalBinary() ([]byte, error) {
+ if d.keyLen != 0 {
+ return nil, errors.New("crypto/blake2b: cannot marshal MACs")
+ }
+ b := make([]byte, 0, marshaledSize)
+ b = append(b, magic...)
+ for i := 0; i < 8; i++ {
+ b = appendUint64(b, d.h[i])
+ }
+ b = appendUint64(b, d.c[0])
+ b = appendUint64(b, d.c[1])
+ // Maximum value for size is 64
+ b = append(b, byte(d.size))
+ b = append(b, d.block[:]...)
+ b = append(b, byte(d.offset))
+ return b, nil
+}
+
+func (d *digest) UnmarshalBinary(b []byte) error {
+ if len(b) < len(magic) || string(b[:len(magic)]) != magic {
+ return errors.New("crypto/blake2b: invalid hash state identifier")
+ }
+ if len(b) != marshaledSize {
+ return errors.New("crypto/blake2b: invalid hash state size")
+ }
+ b = b[len(magic):]
+ for i := 0; i < 8; i++ {
+ b, d.h[i] = consumeUint64(b)
+ }
+ b, d.c[0] = consumeUint64(b)
+ b, d.c[1] = consumeUint64(b)
+ d.size = int(b[0])
+ b = b[1:]
+ copy(d.block[:], b[:BlockSize])
+ b = b[BlockSize:]
+ d.offset = int(b[0])
+ return nil
+}
+
+func (d *digest) BlockSize() int { return BlockSize }
+
+func (d *digest) Size() int { return d.size }
+
+func (d *digest) Reset() {
+ d.h = iv
+ d.h[0] ^= uint64(d.size) | (uint64(d.keyLen) << 8) | (1 << 16) | (1 << 24)
+ d.offset, d.c[0], d.c[1] = 0, 0, 0
+ if d.keyLen > 0 {
+ d.block = d.key
+ d.offset = BlockSize
+ }
+}
+
+func (d *digest) Write(p []byte) (n int, err error) {
+ n = len(p)
+
+ if d.offset > 0 {
+ remaining := BlockSize - d.offset
+ if n <= remaining {
+ d.offset += copy(d.block[d.offset:], p)
+ return
+ }
+ copy(d.block[d.offset:], p[:remaining])
+ hashBlocks(&d.h, &d.c, 0, d.block[:])
+ d.offset = 0
+ p = p[remaining:]
+ }
+
+ if length := len(p); length > BlockSize {
+ nn := length &^ (BlockSize - 1)
+ if length == nn {
+ nn -= BlockSize
+ }
+ hashBlocks(&d.h, &d.c, 0, p[:nn])
+ p = p[nn:]
+ }
+
+ if len(p) > 0 {
+ d.offset += copy(d.block[:], p)
+ }
+
+ return
+}
+
+func (d *digest) Sum(sum []byte) []byte {
+ var hash [Size]byte
+ d.finalize(&hash)
+ return append(sum, hash[:d.size]...)
+}
+
+func (d *digest) finalize(hash *[Size]byte) {
+ var block [BlockSize]byte
+ copy(block[:], d.block[:d.offset])
+ remaining := uint64(BlockSize - d.offset)
+
+ c := d.c
+ if c[0] < remaining {
+ c[1]--
+ }
+ c[0] -= remaining
+
+ h := d.h
+ hashBlocks(&h, &c, 0xFFFFFFFFFFFFFFFF, block[:])
+
+ for i, v := range h {
+ binary.LittleEndian.PutUint64(hash[8*i:], v)
+ }
+}
+
+func appendUint64(b []byte, x uint64) []byte {
+ var a [8]byte
+ binary.BigEndian.PutUint64(a[:], x)
+ return append(b, a[:]...)
+}
+
+func appendUint32(b []byte, x uint32) []byte {
+ var a [4]byte
+ binary.BigEndian.PutUint32(a[:], x)
+ return append(b, a[:]...)
+}
+
+func consumeUint64(b []byte) ([]byte, uint64) {
+ x := binary.BigEndian.Uint64(b)
+ return b[8:], x
+}
+
+func consumeUint32(b []byte) ([]byte, uint32) {
+ x := binary.BigEndian.Uint32(b)
+ return b[4:], x
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
new file mode 100644
index 0000000000000000000000000000000000000000..199c21d27aad4d119d9ae197705fc3d10694afe3
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.go
@@ -0,0 +1,37 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build amd64 && gc && !purego
+
+package blake2b
+
+import "golang.org/x/sys/cpu"
+
+func init() {
+ useAVX2 = cpu.X86.HasAVX2
+ useAVX = cpu.X86.HasAVX
+ useSSE4 = cpu.X86.HasSSE41
+}
+
+//go:noescape
+func hashBlocksAVX2(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+
+//go:noescape
+func hashBlocksAVX(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+
+//go:noescape
+func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+
+func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
+ switch {
+ case useAVX2:
+ hashBlocksAVX2(h, c, flag, blocks)
+ case useAVX:
+ hashBlocksAVX(h, c, flag, blocks)
+ case useSSE4:
+ hashBlocksSSE4(h, c, flag, blocks)
+ default:
+ hashBlocksGeneric(h, c, flag, blocks)
+ }
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
new file mode 100644
index 0000000000000000000000000000000000000000..f75162e039c10a29690c25dc895343c7aa1c6a3a
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2bAVX2_amd64.s
@@ -0,0 +1,4559 @@
+// Code generated by command: go run blake2bAVX2_amd64_asm.go -out ../../blake2bAVX2_amd64.s -pkg blake2b. DO NOT EDIT.
+
+//go:build amd64 && gc && !purego
+
+#include "textflag.h"
+
+// func hashBlocksAVX2(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+// Requires: AVX, AVX2
+TEXT ·hashBlocksAVX2(SB), NOSPLIT, $320-48
+ MOVQ h+0(FP), AX
+ MOVQ c+8(FP), BX
+ MOVQ flag+16(FP), CX
+ MOVQ blocks_base+24(FP), SI
+ MOVQ blocks_len+32(FP), DI
+ MOVQ SP, DX
+ ADDQ $+31, DX
+ ANDQ $-32, DX
+ MOVQ CX, 16(DX)
+ XORQ CX, CX
+ MOVQ CX, 24(DX)
+ VMOVDQU ·AVX2_c40<>+0(SB), Y4
+ VMOVDQU ·AVX2_c48<>+0(SB), Y5
+ VMOVDQU (AX), Y8
+ VMOVDQU 32(AX), Y9
+ VMOVDQU ·AVX2_iv0<>+0(SB), Y6
+ VMOVDQU ·AVX2_iv1<>+0(SB), Y7
+ MOVQ (BX), R8
+ MOVQ 8(BX), R9
+ MOVQ R9, 8(DX)
+
+loop:
+ ADDQ $0x80, R8
+ MOVQ R8, (DX)
+ CMPQ R8, $0x80
+ JGE noinc
+ INCQ R9
+ MOVQ R9, 8(DX)
+
+noinc:
+ VMOVDQA Y8, Y0
+ VMOVDQA Y9, Y1
+ VMOVDQA Y6, Y2
+ VPXOR (DX), Y7, Y3
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x26
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x20
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x10
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x30
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y12, Y12
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x08
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x28
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x18
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x38
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y13, Y13
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x40
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x60
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x50
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x70
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y14, Y14
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x48
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x68
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x58
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x78
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y15, Y15
+ VMOVDQA Y12, 32(DX)
+ VMOVDQA Y13, 64(DX)
+ VMOVDQA Y14, 96(DX)
+ VMOVDQA Y15, 128(DX)
+ VPADDQ Y12, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y13, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x93
+ VPADDQ Y14, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y15, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x93
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x70
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x48
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x20
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x68
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y12, Y12
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x50
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x78
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x40
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x30
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y13, Y13
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x58
+ VPSHUFD $0x4e, (SI), X14
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x28
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y14, Y14
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x60
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x38
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x10
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x18
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y15, Y15
+ VMOVDQA Y12, 160(DX)
+ VMOVDQA Y13, 192(DX)
+ VMOVDQA Y14, 224(DX)
+ VMOVDQA Y15, 256(DX)
+ VPADDQ Y12, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y13, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x93
+ VPADDQ Y14, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y15, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x93
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x28
+ VMOVDQU 88(SI), X12
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x78
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y12, Y12
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x40
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x10
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x2e
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x68
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y13, Y13
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x50
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x38
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x18
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x48
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y14, Y14
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x70
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x08
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x30
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x20
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y15, Y15
+ VPADDQ Y12, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y13, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x93
+ VPADDQ Y14, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y15, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x93
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x38
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x68
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x18
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x58
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y12, Y12
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x48
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x60
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x08
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x70
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y13, Y13
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x10
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x20
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x28
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x78
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y14, Y14
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x30
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x1e
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x50
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x40
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y15, Y15
+ VPADDQ Y12, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y13, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x93
+ VPADDQ Y14, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y15, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x93
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x48
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x10
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x28
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x50
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y12, Y12
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x2e
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x20
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x38
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x78
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y13, Y13
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x70
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x30
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x58
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x18
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y14, Y14
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x08
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x40
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x60
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x68
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y15, Y15
+ VPADDQ Y12, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y13, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x93
+ VPADDQ Y14, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y15, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x93
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x10
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x1e
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x30
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x40
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y12, Y12
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x60
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x58
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x50
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x18
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y13, Y13
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x20
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x78
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x38
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x08
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y14, Y14
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x68
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x70
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x28
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x48
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y15, Y15
+ VPADDQ Y12, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y13, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x93
+ VPADDQ Y14, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y15, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x93
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x60
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x70
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x08
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x20
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y12, Y12
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x28
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x68
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x78
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x50
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y13, Y13
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x36
+ VPSHUFD $0x4e, 64(SI), X11
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x30
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y14, Y14
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x38
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x10
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x18
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x58
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y15, Y15
+ VPADDQ Y12, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y13, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x93
+ VPADDQ Y14, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y15, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x93
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x68
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x60
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x38
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x18
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y12, Y12
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x58
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x08
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x70
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x48
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y13, Y13
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x28
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x40
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x78
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x10
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y14, Y14
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x3e
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x30
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x20
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x50
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y15, Y15
+ VPADDQ Y12, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y13, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x93
+ VPADDQ Y14, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y15, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x93
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x30
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x58
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x70
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x1e
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y12, Y12
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x78
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x18
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x48
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x40
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y13, Y13
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x08
+ VMOVDQU 96(SI), X14
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x50
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y14, Y14
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x10
+ VMOVDQU 32(SI), X11
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x38
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y15, Y15
+ VPADDQ Y12, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y13, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x93
+ VPADDQ Y14, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y15, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x93
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x50
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x38
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x40
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x08
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y12, Y12
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x10
+ VPSHUFD $0x4e, 40(SI), X11
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x20
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y13, Y13
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x78
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x18
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x48
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x5e
+ BYTE $0x68
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y14, Y14
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x58
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x5e
+ BYTE $0x60
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x70
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0xa1
+ BYTE $0x22
+ BYTE $0x1e
+ BYTE $0x01
+ VINSERTI128 $0x01, X11, Y15, Y15
+ VPADDQ Y12, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y13, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x93
+ VPADDQ Y14, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ Y15, Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x93
+ VPADDQ 32(DX), Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ 64(DX), Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x93
+ VPADDQ 96(DX), Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ 128(DX), Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x93
+ VPADDQ 160(DX), Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ 192(DX), Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x93
+ VPADDQ 224(DX), Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFD $-79, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPSHUFB Y4, Y1, Y1
+ VPADDQ 256(DX), Y0, Y0
+ VPADDQ Y1, Y0, Y0
+ VPXOR Y0, Y3, Y3
+ VPSHUFB Y5, Y3, Y3
+ VPADDQ Y3, Y2, Y2
+ VPXOR Y2, Y1, Y1
+ VPADDQ Y1, Y1, Y10
+ VPSRLQ $0x3f, Y1, Y1
+ VPXOR Y10, Y1, Y1
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xdb
+ BYTE $0x39
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xd2
+ BYTE $0x4e
+ BYTE $0xc4
+ BYTE $0xe3
+ BYTE $0xfd
+ BYTE $0x00
+ BYTE $0xc9
+ BYTE $0x93
+ VPXOR Y0, Y8, Y8
+ VPXOR Y1, Y9, Y9
+ VPXOR Y2, Y8, Y8
+ VPXOR Y3, Y9, Y9
+ LEAQ 128(SI), SI
+ SUBQ $0x80, DI
+ JNE loop
+ MOVQ R8, (BX)
+ MOVQ R9, 8(BX)
+ VMOVDQU Y8, (AX)
+ VMOVDQU Y9, 32(AX)
+ VZEROUPPER
+ RET
+
+DATA ·AVX2_c40<>+0(SB)/8, $0x0201000706050403
+DATA ·AVX2_c40<>+8(SB)/8, $0x0a09080f0e0d0c0b
+DATA ·AVX2_c40<>+16(SB)/8, $0x0201000706050403
+DATA ·AVX2_c40<>+24(SB)/8, $0x0a09080f0e0d0c0b
+GLOBL ·AVX2_c40<>(SB), RODATA|NOPTR, $32
+
+DATA ·AVX2_c48<>+0(SB)/8, $0x0100070605040302
+DATA ·AVX2_c48<>+8(SB)/8, $0x09080f0e0d0c0b0a
+DATA ·AVX2_c48<>+16(SB)/8, $0x0100070605040302
+DATA ·AVX2_c48<>+24(SB)/8, $0x09080f0e0d0c0b0a
+GLOBL ·AVX2_c48<>(SB), RODATA|NOPTR, $32
+
+DATA ·AVX2_iv0<>+0(SB)/8, $0x6a09e667f3bcc908
+DATA ·AVX2_iv0<>+8(SB)/8, $0xbb67ae8584caa73b
+DATA ·AVX2_iv0<>+16(SB)/8, $0x3c6ef372fe94f82b
+DATA ·AVX2_iv0<>+24(SB)/8, $0xa54ff53a5f1d36f1
+GLOBL ·AVX2_iv0<>(SB), RODATA|NOPTR, $32
+
+DATA ·AVX2_iv1<>+0(SB)/8, $0x510e527fade682d1
+DATA ·AVX2_iv1<>+8(SB)/8, $0x9b05688c2b3e6c1f
+DATA ·AVX2_iv1<>+16(SB)/8, $0x1f83d9abfb41bd6b
+DATA ·AVX2_iv1<>+24(SB)/8, $0x5be0cd19137e2179
+GLOBL ·AVX2_iv1<>(SB), RODATA|NOPTR, $32
+
+// func hashBlocksAVX(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+// Requires: AVX, SSE2
+TEXT ·hashBlocksAVX(SB), NOSPLIT, $288-48
+ MOVQ h+0(FP), AX
+ MOVQ c+8(FP), BX
+ MOVQ flag+16(FP), CX
+ MOVQ blocks_base+24(FP), SI
+ MOVQ blocks_len+32(FP), DI
+ MOVQ SP, R10
+ ADDQ $0x0f, R10
+ ANDQ $-16, R10
+ VMOVDQU ·AVX_c40<>+0(SB), X0
+ VMOVDQU ·AVX_c48<>+0(SB), X1
+ VMOVDQA X0, X8
+ VMOVDQA X1, X9
+ VMOVDQU ·AVX_iv3<>+0(SB), X0
+ VMOVDQA X0, (R10)
+ XORQ CX, (R10)
+ VMOVDQU (AX), X10
+ VMOVDQU 16(AX), X11
+ VMOVDQU 32(AX), X2
+ VMOVDQU 48(AX), X3
+ MOVQ (BX), R8
+ MOVQ 8(BX), R9
+
+loop:
+ ADDQ $0x80, R8
+ CMPQ R8, $0x80
+ JGE noinc
+ INCQ R9
+
+noinc:
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0xf9
+ BYTE $0x6e
+ BYTE $0xf8
+ BYTE $0xc4
+ BYTE $0x43
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0xf9
+ BYTE $0x01
+ VMOVDQA X10, X0
+ VMOVDQA X11, X1
+ VMOVDQU ·AVX_iv0<>+0(SB), X4
+ VMOVDQU ·AVX_iv1<>+0(SB), X5
+ VMOVDQU ·AVX_iv2<>+0(SB), X6
+ VPXOR X15, X6, X6
+ VMOVDQA (R10), X7
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x26
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x20
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x08
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x28
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x10
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x30
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x18
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x38
+ BYTE $0x01
+ VMOVDQA X12, 16(R10)
+ VMOVDQA X13, 32(R10)
+ VMOVDQA X14, 48(R10)
+ VMOVDQA X15, 64(R10)
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X6, X13
+ VMOVDQA X2, X14
+ VMOVDQA X4, X6
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x11
+ BYTE $0x6c
+ BYTE $0xfd
+ VMOVDQA X5, X4
+ VMOVDQA X6, X5
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x69
+ BYTE $0x6d
+ BYTE $0xd7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x40
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x60
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x48
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x68
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x50
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x70
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x58
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x78
+ BYTE $0x01
+ VMOVDQA X12, 80(R10)
+ VMOVDQA X13, 96(R10)
+ VMOVDQA X14, 112(R10)
+ VMOVDQA X15, 128(R10)
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X2, X13
+ VMOVDQA X4, X14
+ BYTE $0xc5
+ BYTE $0x69
+ BYTE $0x6c
+ BYTE $0xfa
+ VMOVDQA X5, X4
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xd7
+ VMOVDQA X14, X5
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ VMOVDQA X6, X14
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x49
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x70
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x48
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x50
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x78
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x20
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x68
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x40
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x30
+ BYTE $0x01
+ VMOVDQA X12, 144(R10)
+ VMOVDQA X13, 160(R10)
+ VMOVDQA X14, 176(R10)
+ VMOVDQA X15, 192(R10)
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X6, X13
+ VMOVDQA X2, X14
+ VMOVDQA X4, X6
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x11
+ BYTE $0x6c
+ BYTE $0xfd
+ VMOVDQA X5, X4
+ VMOVDQA X6, X5
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x69
+ BYTE $0x6d
+ BYTE $0xd7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xdf
+ VPSHUFD $0x4e, (SI), X12
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x58
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x60
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x38
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x28
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x10
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x18
+ BYTE $0x01
+ VMOVDQA X12, 208(R10)
+ VMOVDQA X13, 224(R10)
+ VMOVDQA X14, 240(R10)
+ VMOVDQA X15, 256(R10)
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X2, X13
+ VMOVDQA X4, X14
+ BYTE $0xc5
+ BYTE $0x69
+ BYTE $0x6c
+ BYTE $0xfa
+ VMOVDQA X5, X4
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xd7
+ VMOVDQA X14, X5
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ VMOVDQA X6, X14
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x49
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xff
+ VMOVDQU 88(SI), X12
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x28
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x40
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x10
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x78
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x36
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x68
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X6, X13
+ VMOVDQA X2, X14
+ VMOVDQA X4, X6
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x11
+ BYTE $0x6c
+ BYTE $0xfd
+ VMOVDQA X5, X4
+ VMOVDQA X6, X5
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x69
+ BYTE $0x6d
+ BYTE $0xd7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x50
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x38
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x70
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x08
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x18
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x48
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x30
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x20
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X2, X13
+ VMOVDQA X4, X14
+ BYTE $0xc5
+ BYTE $0x69
+ BYTE $0x6c
+ BYTE $0xfa
+ VMOVDQA X5, X4
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xd7
+ VMOVDQA X14, X5
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ VMOVDQA X6, X14
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x49
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x38
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x68
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x48
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x60
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x18
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x58
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x08
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x70
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X6, X13
+ VMOVDQA X2, X14
+ VMOVDQA X4, X6
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x11
+ BYTE $0x6c
+ BYTE $0xfd
+ VMOVDQA X5, X4
+ VMOVDQA X6, X5
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x69
+ BYTE $0x6d
+ BYTE $0xd7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x10
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x20
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x30
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x3e
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x28
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x78
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x50
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x40
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X2, X13
+ VMOVDQA X4, X14
+ BYTE $0xc5
+ BYTE $0x69
+ BYTE $0x6c
+ BYTE $0xfa
+ VMOVDQA X5, X4
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xd7
+ VMOVDQA X14, X5
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ VMOVDQA X6, X14
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x49
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x48
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x10
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x36
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x20
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x28
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x50
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x38
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x78
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X6, X13
+ VMOVDQA X2, X14
+ VMOVDQA X4, X6
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x11
+ BYTE $0x6c
+ BYTE $0xfd
+ VMOVDQA X5, X4
+ VMOVDQA X6, X5
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x69
+ BYTE $0x6d
+ BYTE $0xd7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x70
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x30
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x08
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x40
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x58
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x18
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x60
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x68
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X2, X13
+ VMOVDQA X4, X14
+ BYTE $0xc5
+ BYTE $0x69
+ BYTE $0x6c
+ BYTE $0xfa
+ VMOVDQA X5, X4
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xd7
+ VMOVDQA X14, X5
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ VMOVDQA X6, X14
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x49
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x10
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x2e
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x60
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x58
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x30
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x40
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x50
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x18
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X6, X13
+ VMOVDQA X2, X14
+ VMOVDQA X4, X6
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x11
+ BYTE $0x6c
+ BYTE $0xfd
+ VMOVDQA X5, X4
+ VMOVDQA X6, X5
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x69
+ BYTE $0x6d
+ BYTE $0xd7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x20
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x78
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x68
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x70
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x38
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x08
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x28
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x48
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X2, X13
+ VMOVDQA X4, X14
+ BYTE $0xc5
+ BYTE $0x69
+ BYTE $0x6c
+ BYTE $0xfa
+ VMOVDQA X5, X4
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xd7
+ VMOVDQA X14, X5
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ VMOVDQA X6, X14
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x49
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x60
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x70
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x28
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x68
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x08
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x20
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x78
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x50
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X6, X13
+ VMOVDQA X2, X14
+ VMOVDQA X4, X6
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x11
+ BYTE $0x6c
+ BYTE $0xfd
+ VMOVDQA X5, X4
+ VMOVDQA X6, X5
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x69
+ BYTE $0x6d
+ BYTE $0xd7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xdf
+ MOVQ (SI), X12
+ VPSHUFD $0x4e, 64(SI), X13
+ MOVQ 56(SI), X14
+ MOVQ 16(SI), X15
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x30
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x18
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x58
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X2, X13
+ VMOVDQA X4, X14
+ BYTE $0xc5
+ BYTE $0x69
+ BYTE $0x6c
+ BYTE $0xfa
+ VMOVDQA X5, X4
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xd7
+ VMOVDQA X14, X5
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ VMOVDQA X6, X14
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x49
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x68
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x60
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x58
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x08
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x38
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x18
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x70
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x48
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X6, X13
+ VMOVDQA X2, X14
+ VMOVDQA X4, X6
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x11
+ BYTE $0x6c
+ BYTE $0xfd
+ VMOVDQA X5, X4
+ VMOVDQA X6, X5
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x69
+ BYTE $0x6d
+ BYTE $0xd7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xdf
+ MOVQ 40(SI), X12
+ MOVQ 64(SI), X13
+ MOVQ (SI), X14
+ MOVQ 48(SI), X15
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x78
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x10
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x20
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x50
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X2, X13
+ VMOVDQA X4, X14
+ BYTE $0xc5
+ BYTE $0x69
+ BYTE $0x6c
+ BYTE $0xfa
+ VMOVDQA X5, X4
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xd7
+ VMOVDQA X14, X5
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ VMOVDQA X6, X14
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x49
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xff
+ MOVQ 48(SI), X12
+ MOVQ 88(SI), X13
+ MOVQ 120(SI), X14
+ MOVQ 24(SI), X15
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x70
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x2e
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x48
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x40
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X6, X13
+ VMOVDQA X2, X14
+ VMOVDQA X4, X6
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x11
+ BYTE $0x6c
+ BYTE $0xfd
+ VMOVDQA X5, X4
+ VMOVDQA X6, X5
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x69
+ BYTE $0x6d
+ BYTE $0xd7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xdf
+ VMOVDQU 96(SI), X12
+ MOVQ 8(SI), X13
+ MOVQ 16(SI), X14
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x50
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x38
+ BYTE $0x01
+ VMOVDQU 32(SI), X15
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X2, X13
+ VMOVDQA X4, X14
+ BYTE $0xc5
+ BYTE $0x69
+ BYTE $0x6c
+ BYTE $0xfa
+ VMOVDQA X5, X4
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xd7
+ VMOVDQA X14, X5
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ VMOVDQA X6, X14
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x49
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x66
+ BYTE $0x50
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x6e
+ BYTE $0x38
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x76
+ BYTE $0x10
+ BYTE $0xc5
+ BYTE $0x7a
+ BYTE $0x7e
+ BYTE $0x7e
+ BYTE $0x30
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x40
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x08
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x20
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x7e
+ BYTE $0x28
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X6, X13
+ VMOVDQA X2, X14
+ VMOVDQA X4, X6
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x11
+ BYTE $0x6c
+ BYTE $0xfd
+ VMOVDQA X5, X4
+ VMOVDQA X6, X5
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x69
+ BYTE $0x6d
+ BYTE $0xd7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xdf
+ MOVQ 120(SI), X12
+ MOVQ 24(SI), X13
+ MOVQ 88(SI), X14
+ MOVQ 96(SI), X15
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x99
+ BYTE $0x22
+ BYTE $0x66
+ BYTE $0x48
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x91
+ BYTE $0x22
+ BYTE $0x6e
+ BYTE $0x68
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x89
+ BYTE $0x22
+ BYTE $0x76
+ BYTE $0x70
+ BYTE $0x01
+ BYTE $0xc4
+ BYTE $0x63
+ BYTE $0x81
+ BYTE $0x22
+ BYTE $0x3e
+ BYTE $0x01
+ VPADDQ X12, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X13, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ X14, X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ X15, X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X2, X13
+ VMOVDQA X4, X14
+ BYTE $0xc5
+ BYTE $0x69
+ BYTE $0x6c
+ BYTE $0xfa
+ VMOVDQA X5, X4
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xd7
+ VMOVDQA X14, X5
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ VMOVDQA X6, X14
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x49
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xff
+ VPADDQ 16(R10), X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ 32(R10), X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ 48(R10), X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ 64(R10), X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X6, X13
+ VMOVDQA X2, X14
+ VMOVDQA X4, X6
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x11
+ BYTE $0x6c
+ BYTE $0xfd
+ VMOVDQA X5, X4
+ VMOVDQA X6, X5
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x69
+ BYTE $0x6d
+ BYTE $0xd7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xdf
+ VPADDQ 80(R10), X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ 96(R10), X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ 112(R10), X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ 128(R10), X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X2, X13
+ VMOVDQA X4, X14
+ BYTE $0xc5
+ BYTE $0x69
+ BYTE $0x6c
+ BYTE $0xfa
+ VMOVDQA X5, X4
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xd7
+ VMOVDQA X14, X5
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ VMOVDQA X6, X14
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x49
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xff
+ VPADDQ 144(R10), X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ 160(R10), X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ 176(R10), X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ 192(R10), X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X6, X13
+ VMOVDQA X2, X14
+ VMOVDQA X4, X6
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x11
+ BYTE $0x6c
+ BYTE $0xfd
+ VMOVDQA X5, X4
+ VMOVDQA X6, X5
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xff
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x69
+ BYTE $0x6d
+ BYTE $0xd7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xdf
+ VPADDQ 208(R10), X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ 224(R10), X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFD $-79, X6, X6
+ VPSHUFD $-79, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPSHUFB X8, X2, X2
+ VPSHUFB X8, X3, X3
+ VPADDQ 240(R10), X0, X0
+ VPADDQ X2, X0, X0
+ VPADDQ 256(R10), X1, X1
+ VPADDQ X3, X1, X1
+ VPXOR X0, X6, X6
+ VPXOR X1, X7, X7
+ VPSHUFB X9, X6, X6
+ VPSHUFB X9, X7, X7
+ VPADDQ X6, X4, X4
+ VPADDQ X7, X5, X5
+ VPXOR X4, X2, X2
+ VPXOR X5, X3, X3
+ VPADDQ X2, X2, X15
+ VPSRLQ $0x3f, X2, X2
+ VPXOR X15, X2, X2
+ VPADDQ X3, X3, X15
+ VPSRLQ $0x3f, X3, X3
+ VPXOR X15, X3, X3
+ VMOVDQA X2, X13
+ VMOVDQA X4, X14
+ BYTE $0xc5
+ BYTE $0x69
+ BYTE $0x6c
+ BYTE $0xfa
+ VMOVDQA X5, X4
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x61
+ BYTE $0x6d
+ BYTE $0xd7
+ VMOVDQA X14, X5
+ BYTE $0xc5
+ BYTE $0x61
+ BYTE $0x6c
+ BYTE $0xfb
+ VMOVDQA X6, X14
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x11
+ BYTE $0x6d
+ BYTE $0xdf
+ BYTE $0xc5
+ BYTE $0x41
+ BYTE $0x6c
+ BYTE $0xff
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x49
+ BYTE $0x6d
+ BYTE $0xf7
+ BYTE $0xc4
+ BYTE $0x41
+ BYTE $0x09
+ BYTE $0x6c
+ BYTE $0xfe
+ BYTE $0xc4
+ BYTE $0xc1
+ BYTE $0x41
+ BYTE $0x6d
+ BYTE $0xff
+ VMOVDQU 32(AX), X14
+ VMOVDQU 48(AX), X15
+ VPXOR X0, X10, X10
+ VPXOR X1, X11, X11
+ VPXOR X2, X14, X14
+ VPXOR X3, X15, X15
+ VPXOR X4, X10, X10
+ VPXOR X5, X11, X11
+ VPXOR X6, X14, X2
+ VPXOR X7, X15, X3
+ VMOVDQU X2, 32(AX)
+ VMOVDQU X3, 48(AX)
+ LEAQ 128(SI), SI
+ SUBQ $0x80, DI
+ JNE loop
+ VMOVDQU X10, (AX)
+ VMOVDQU X11, 16(AX)
+ MOVQ R8, (BX)
+ MOVQ R9, 8(BX)
+ VZEROUPPER
+ RET
+
+DATA ·AVX_c40<>+0(SB)/8, $0x0201000706050403
+DATA ·AVX_c40<>+8(SB)/8, $0x0a09080f0e0d0c0b
+GLOBL ·AVX_c40<>(SB), RODATA|NOPTR, $16
+
+DATA ·AVX_c48<>+0(SB)/8, $0x0100070605040302
+DATA ·AVX_c48<>+8(SB)/8, $0x09080f0e0d0c0b0a
+GLOBL ·AVX_c48<>(SB), RODATA|NOPTR, $16
+
+DATA ·AVX_iv3<>+0(SB)/8, $0x1f83d9abfb41bd6b
+DATA ·AVX_iv3<>+8(SB)/8, $0x5be0cd19137e2179
+GLOBL ·AVX_iv3<>(SB), RODATA|NOPTR, $16
+
+DATA ·AVX_iv0<>+0(SB)/8, $0x6a09e667f3bcc908
+DATA ·AVX_iv0<>+8(SB)/8, $0xbb67ae8584caa73b
+GLOBL ·AVX_iv0<>(SB), RODATA|NOPTR, $16
+
+DATA ·AVX_iv1<>+0(SB)/8, $0x3c6ef372fe94f82b
+DATA ·AVX_iv1<>+8(SB)/8, $0xa54ff53a5f1d36f1
+GLOBL ·AVX_iv1<>(SB), RODATA|NOPTR, $16
+
+DATA ·AVX_iv2<>+0(SB)/8, $0x510e527fade682d1
+DATA ·AVX_iv2<>+8(SB)/8, $0x9b05688c2b3e6c1f
+GLOBL ·AVX_iv2<>(SB), RODATA|NOPTR, $16
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
new file mode 100644
index 0000000000000000000000000000000000000000..9a0ce2124462f63b5b72532a12a999769ef9f2bd
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_amd64.s
@@ -0,0 +1,1441 @@
+// Code generated by command: go run blake2b_amd64_asm.go -out ../../blake2b_amd64.s -pkg blake2b. DO NOT EDIT.
+
+//go:build amd64 && gc && !purego
+
+#include "textflag.h"
+
+// func hashBlocksSSE4(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte)
+// Requires: SSE2, SSE4.1, SSSE3
+TEXT ·hashBlocksSSE4(SB), NOSPLIT, $288-48
+ MOVQ h+0(FP), AX
+ MOVQ c+8(FP), BX
+ MOVQ flag+16(FP), CX
+ MOVQ blocks_base+24(FP), SI
+ MOVQ blocks_len+32(FP), DI
+ MOVQ SP, R10
+ ADDQ $0x0f, R10
+ ANDQ $-16, R10
+ MOVOU ·iv3<>+0(SB), X0
+ MOVO X0, (R10)
+ XORQ CX, (R10)
+ MOVOU ·c40<>+0(SB), X13
+ MOVOU ·c48<>+0(SB), X14
+ MOVOU (AX), X12
+ MOVOU 16(AX), X15
+ MOVQ (BX), R8
+ MOVQ 8(BX), R9
+
+loop:
+ ADDQ $0x80, R8
+ CMPQ R8, $0x80
+ JGE noinc
+ INCQ R9
+
+noinc:
+ MOVQ R8, X8
+ PINSRQ $0x01, R9, X8
+ MOVO X12, X0
+ MOVO X15, X1
+ MOVOU 32(AX), X2
+ MOVOU 48(AX), X3
+ MOVOU ·iv0<>+0(SB), X4
+ MOVOU ·iv1<>+0(SB), X5
+ MOVOU ·iv2<>+0(SB), X6
+ PXOR X8, X6
+ MOVO (R10), X7
+ MOVQ (SI), X8
+ PINSRQ $0x01, 16(SI), X8
+ MOVQ 32(SI), X9
+ PINSRQ $0x01, 48(SI), X9
+ MOVQ 8(SI), X10
+ PINSRQ $0x01, 24(SI), X10
+ MOVQ 40(SI), X11
+ PINSRQ $0x01, 56(SI), X11
+ MOVO X8, 16(R10)
+ MOVO X9, 32(R10)
+ MOVO X10, 48(R10)
+ MOVO X11, 64(R10)
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVQ 64(SI), X8
+ PINSRQ $0x01, 80(SI), X8
+ MOVQ 96(SI), X9
+ PINSRQ $0x01, 112(SI), X9
+ MOVQ 72(SI), X10
+ PINSRQ $0x01, 88(SI), X10
+ MOVQ 104(SI), X11
+ PINSRQ $0x01, 120(SI), X11
+ MOVO X8, 80(R10)
+ MOVO X9, 96(R10)
+ MOVO X10, 112(R10)
+ MOVO X11, 128(R10)
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVQ 112(SI), X8
+ PINSRQ $0x01, 32(SI), X8
+ MOVQ 72(SI), X9
+ PINSRQ $0x01, 104(SI), X9
+ MOVQ 80(SI), X10
+ PINSRQ $0x01, 64(SI), X10
+ MOVQ 120(SI), X11
+ PINSRQ $0x01, 48(SI), X11
+ MOVO X8, 144(R10)
+ MOVO X9, 160(R10)
+ MOVO X10, 176(R10)
+ MOVO X11, 192(R10)
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVQ 8(SI), X8
+ PINSRQ $0x01, (SI), X8
+ MOVQ 88(SI), X9
+ PINSRQ $0x01, 40(SI), X9
+ MOVQ 96(SI), X10
+ PINSRQ $0x01, 16(SI), X10
+ MOVQ 56(SI), X11
+ PINSRQ $0x01, 24(SI), X11
+ MOVO X8, 208(R10)
+ MOVO X9, 224(R10)
+ MOVO X10, 240(R10)
+ MOVO X11, 256(R10)
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVQ 88(SI), X8
+ PINSRQ $0x01, 96(SI), X8
+ MOVQ 40(SI), X9
+ PINSRQ $0x01, 120(SI), X9
+ MOVQ 64(SI), X10
+ PINSRQ $0x01, (SI), X10
+ MOVQ 16(SI), X11
+ PINSRQ $0x01, 104(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVQ 80(SI), X8
+ PINSRQ $0x01, 24(SI), X8
+ MOVQ 56(SI), X9
+ PINSRQ $0x01, 72(SI), X9
+ MOVQ 112(SI), X10
+ PINSRQ $0x01, 48(SI), X10
+ MOVQ 8(SI), X11
+ PINSRQ $0x01, 32(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVQ 56(SI), X8
+ PINSRQ $0x01, 24(SI), X8
+ MOVQ 104(SI), X9
+ PINSRQ $0x01, 88(SI), X9
+ MOVQ 72(SI), X10
+ PINSRQ $0x01, 8(SI), X10
+ MOVQ 96(SI), X11
+ PINSRQ $0x01, 112(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVQ 16(SI), X8
+ PINSRQ $0x01, 40(SI), X8
+ MOVQ 32(SI), X9
+ PINSRQ $0x01, 120(SI), X9
+ MOVQ 48(SI), X10
+ PINSRQ $0x01, 80(SI), X10
+ MOVQ (SI), X11
+ PINSRQ $0x01, 64(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVQ 72(SI), X8
+ PINSRQ $0x01, 40(SI), X8
+ MOVQ 16(SI), X9
+ PINSRQ $0x01, 80(SI), X9
+ MOVQ (SI), X10
+ PINSRQ $0x01, 56(SI), X10
+ MOVQ 32(SI), X11
+ PINSRQ $0x01, 120(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVQ 112(SI), X8
+ PINSRQ $0x01, 88(SI), X8
+ MOVQ 48(SI), X9
+ PINSRQ $0x01, 24(SI), X9
+ MOVQ 8(SI), X10
+ PINSRQ $0x01, 96(SI), X10
+ MOVQ 64(SI), X11
+ PINSRQ $0x01, 104(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVQ 16(SI), X8
+ PINSRQ $0x01, 48(SI), X8
+ MOVQ (SI), X9
+ PINSRQ $0x01, 64(SI), X9
+ MOVQ 96(SI), X10
+ PINSRQ $0x01, 80(SI), X10
+ MOVQ 88(SI), X11
+ PINSRQ $0x01, 24(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVQ 32(SI), X8
+ PINSRQ $0x01, 56(SI), X8
+ MOVQ 120(SI), X9
+ PINSRQ $0x01, 8(SI), X9
+ MOVQ 104(SI), X10
+ PINSRQ $0x01, 40(SI), X10
+ MOVQ 112(SI), X11
+ PINSRQ $0x01, 72(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVQ 96(SI), X8
+ PINSRQ $0x01, 8(SI), X8
+ MOVQ 112(SI), X9
+ PINSRQ $0x01, 32(SI), X9
+ MOVQ 40(SI), X10
+ PINSRQ $0x01, 120(SI), X10
+ MOVQ 104(SI), X11
+ PINSRQ $0x01, 80(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVQ (SI), X8
+ PINSRQ $0x01, 48(SI), X8
+ MOVQ 72(SI), X9
+ PINSRQ $0x01, 64(SI), X9
+ MOVQ 56(SI), X10
+ PINSRQ $0x01, 24(SI), X10
+ MOVQ 16(SI), X11
+ PINSRQ $0x01, 88(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVQ 104(SI), X8
+ PINSRQ $0x01, 56(SI), X8
+ MOVQ 96(SI), X9
+ PINSRQ $0x01, 24(SI), X9
+ MOVQ 88(SI), X10
+ PINSRQ $0x01, 112(SI), X10
+ MOVQ 8(SI), X11
+ PINSRQ $0x01, 72(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVQ 40(SI), X8
+ PINSRQ $0x01, 120(SI), X8
+ MOVQ 64(SI), X9
+ PINSRQ $0x01, 16(SI), X9
+ MOVQ (SI), X10
+ PINSRQ $0x01, 32(SI), X10
+ MOVQ 48(SI), X11
+ PINSRQ $0x01, 80(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVQ 48(SI), X8
+ PINSRQ $0x01, 112(SI), X8
+ MOVQ 88(SI), X9
+ PINSRQ $0x01, (SI), X9
+ MOVQ 120(SI), X10
+ PINSRQ $0x01, 72(SI), X10
+ MOVQ 24(SI), X11
+ PINSRQ $0x01, 64(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVQ 96(SI), X8
+ PINSRQ $0x01, 104(SI), X8
+ MOVQ 8(SI), X9
+ PINSRQ $0x01, 80(SI), X9
+ MOVQ 16(SI), X10
+ PINSRQ $0x01, 56(SI), X10
+ MOVQ 32(SI), X11
+ PINSRQ $0x01, 40(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVQ 80(SI), X8
+ PINSRQ $0x01, 64(SI), X8
+ MOVQ 56(SI), X9
+ PINSRQ $0x01, 8(SI), X9
+ MOVQ 16(SI), X10
+ PINSRQ $0x01, 32(SI), X10
+ MOVQ 48(SI), X11
+ PINSRQ $0x01, 40(SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ MOVQ 120(SI), X8
+ PINSRQ $0x01, 72(SI), X8
+ MOVQ 24(SI), X9
+ PINSRQ $0x01, 104(SI), X9
+ MOVQ 88(SI), X10
+ PINSRQ $0x01, 112(SI), X10
+ MOVQ 96(SI), X11
+ PINSRQ $0x01, (SI), X11
+ PADDQ X8, X0
+ PADDQ X9, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ X10, X0
+ PADDQ X11, X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ PADDQ 16(R10), X0
+ PADDQ 32(R10), X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ 48(R10), X0
+ PADDQ 64(R10), X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ PADDQ 80(R10), X0
+ PADDQ 96(R10), X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ 112(R10), X0
+ PADDQ 128(R10), X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ PADDQ 144(R10), X0
+ PADDQ 160(R10), X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ 176(R10), X0
+ PADDQ 192(R10), X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X6, X8
+ PUNPCKLQDQ X6, X9
+ PUNPCKHQDQ X7, X6
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X7, X9
+ MOVO X8, X7
+ MOVO X2, X8
+ PUNPCKHQDQ X9, X7
+ PUNPCKLQDQ X3, X9
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X3
+ PADDQ 208(R10), X0
+ PADDQ 224(R10), X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFD $0xb1, X6, X6
+ PSHUFD $0xb1, X7, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ PSHUFB X13, X2
+ PSHUFB X13, X3
+ PADDQ 240(R10), X0
+ PADDQ 256(R10), X1
+ PADDQ X2, X0
+ PADDQ X3, X1
+ PXOR X0, X6
+ PXOR X1, X7
+ PSHUFB X14, X6
+ PSHUFB X14, X7
+ PADDQ X6, X4
+ PADDQ X7, X5
+ PXOR X4, X2
+ PXOR X5, X3
+ MOVOU X2, X11
+ PADDQ X2, X11
+ PSRLQ $0x3f, X2
+ PXOR X11, X2
+ MOVOU X3, X11
+ PADDQ X3, X11
+ PSRLQ $0x3f, X3
+ PXOR X11, X3
+ MOVO X4, X8
+ MOVO X5, X4
+ MOVO X8, X5
+ MOVO X2, X8
+ PUNPCKLQDQ X2, X9
+ PUNPCKHQDQ X3, X2
+ PUNPCKHQDQ X9, X2
+ PUNPCKLQDQ X3, X9
+ MOVO X8, X3
+ MOVO X6, X8
+ PUNPCKHQDQ X9, X3
+ PUNPCKLQDQ X7, X9
+ PUNPCKHQDQ X9, X6
+ PUNPCKLQDQ X8, X9
+ PUNPCKHQDQ X9, X7
+ MOVOU 32(AX), X10
+ MOVOU 48(AX), X11
+ PXOR X0, X12
+ PXOR X1, X15
+ PXOR X2, X10
+ PXOR X3, X11
+ PXOR X4, X12
+ PXOR X5, X15
+ PXOR X6, X10
+ PXOR X7, X11
+ MOVOU X10, 32(AX)
+ MOVOU X11, 48(AX)
+ LEAQ 128(SI), SI
+ SUBQ $0x80, DI
+ JNE loop
+ MOVOU X12, (AX)
+ MOVOU X15, 16(AX)
+ MOVQ R8, (BX)
+ MOVQ R9, 8(BX)
+ RET
+
+DATA ·iv3<>+0(SB)/8, $0x1f83d9abfb41bd6b
+DATA ·iv3<>+8(SB)/8, $0x5be0cd19137e2179
+GLOBL ·iv3<>(SB), RODATA|NOPTR, $16
+
+DATA ·c40<>+0(SB)/8, $0x0201000706050403
+DATA ·c40<>+8(SB)/8, $0x0a09080f0e0d0c0b
+GLOBL ·c40<>(SB), RODATA|NOPTR, $16
+
+DATA ·c48<>+0(SB)/8, $0x0100070605040302
+DATA ·c48<>+8(SB)/8, $0x09080f0e0d0c0b0a
+GLOBL ·c48<>(SB), RODATA|NOPTR, $16
+
+DATA ·iv0<>+0(SB)/8, $0x6a09e667f3bcc908
+DATA ·iv0<>+8(SB)/8, $0xbb67ae8584caa73b
+GLOBL ·iv0<>(SB), RODATA|NOPTR, $16
+
+DATA ·iv1<>+0(SB)/8, $0x3c6ef372fe94f82b
+DATA ·iv1<>+8(SB)/8, $0xa54ff53a5f1d36f1
+GLOBL ·iv1<>(SB), RODATA|NOPTR, $16
+
+DATA ·iv2<>+0(SB)/8, $0x510e527fade682d1
+DATA ·iv2<>+8(SB)/8, $0x9b05688c2b3e6c1f
+GLOBL ·iv2<>(SB), RODATA|NOPTR, $16
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_generic.go b/vendor/golang.org/x/crypto/blake2b/blake2b_generic.go
new file mode 100644
index 0000000000000000000000000000000000000000..3168a8aa3c834ae3c7b6ff5194f3f95b40bed61b
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_generic.go
@@ -0,0 +1,182 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package blake2b
+
+import (
+ "encoding/binary"
+ "math/bits"
+)
+
+// the precomputed values for BLAKE2b
+// there are 12 16-byte arrays - one for each round
+// the entries are calculated from the sigma constants.
+var precomputed = [12][16]byte{
+ {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15},
+ {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3},
+ {11, 12, 5, 15, 8, 0, 2, 13, 10, 3, 7, 9, 14, 6, 1, 4},
+ {7, 3, 13, 11, 9, 1, 12, 14, 2, 5, 4, 15, 6, 10, 0, 8},
+ {9, 5, 2, 10, 0, 7, 4, 15, 14, 11, 6, 3, 1, 12, 8, 13},
+ {2, 6, 0, 8, 12, 10, 11, 3, 4, 7, 15, 1, 13, 5, 14, 9},
+ {12, 1, 14, 4, 5, 15, 13, 10, 0, 6, 9, 8, 7, 3, 2, 11},
+ {13, 7, 12, 3, 11, 14, 1, 9, 5, 15, 8, 2, 0, 4, 6, 10},
+ {6, 14, 11, 0, 15, 9, 3, 8, 12, 13, 1, 10, 2, 7, 4, 5},
+ {10, 8, 7, 1, 2, 4, 6, 5, 15, 9, 3, 13, 11, 14, 12, 0},
+ {0, 2, 4, 6, 1, 3, 5, 7, 8, 10, 12, 14, 9, 11, 13, 15}, // equal to the first
+ {14, 4, 9, 13, 10, 8, 15, 6, 1, 0, 11, 5, 12, 2, 7, 3}, // equal to the second
+}
+
+func hashBlocksGeneric(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
+ var m [16]uint64
+ c0, c1 := c[0], c[1]
+
+ for i := 0; i < len(blocks); {
+ c0 += BlockSize
+ if c0 < BlockSize {
+ c1++
+ }
+
+ v0, v1, v2, v3, v4, v5, v6, v7 := h[0], h[1], h[2], h[3], h[4], h[5], h[6], h[7]
+ v8, v9, v10, v11, v12, v13, v14, v15 := iv[0], iv[1], iv[2], iv[3], iv[4], iv[5], iv[6], iv[7]
+ v12 ^= c0
+ v13 ^= c1
+ v14 ^= flag
+
+ for j := range m {
+ m[j] = binary.LittleEndian.Uint64(blocks[i:])
+ i += 8
+ }
+
+ for j := range precomputed {
+ s := &(precomputed[j])
+
+ v0 += m[s[0]]
+ v0 += v4
+ v12 ^= v0
+ v12 = bits.RotateLeft64(v12, -32)
+ v8 += v12
+ v4 ^= v8
+ v4 = bits.RotateLeft64(v4, -24)
+ v1 += m[s[1]]
+ v1 += v5
+ v13 ^= v1
+ v13 = bits.RotateLeft64(v13, -32)
+ v9 += v13
+ v5 ^= v9
+ v5 = bits.RotateLeft64(v5, -24)
+ v2 += m[s[2]]
+ v2 += v6
+ v14 ^= v2
+ v14 = bits.RotateLeft64(v14, -32)
+ v10 += v14
+ v6 ^= v10
+ v6 = bits.RotateLeft64(v6, -24)
+ v3 += m[s[3]]
+ v3 += v7
+ v15 ^= v3
+ v15 = bits.RotateLeft64(v15, -32)
+ v11 += v15
+ v7 ^= v11
+ v7 = bits.RotateLeft64(v7, -24)
+
+ v0 += m[s[4]]
+ v0 += v4
+ v12 ^= v0
+ v12 = bits.RotateLeft64(v12, -16)
+ v8 += v12
+ v4 ^= v8
+ v4 = bits.RotateLeft64(v4, -63)
+ v1 += m[s[5]]
+ v1 += v5
+ v13 ^= v1
+ v13 = bits.RotateLeft64(v13, -16)
+ v9 += v13
+ v5 ^= v9
+ v5 = bits.RotateLeft64(v5, -63)
+ v2 += m[s[6]]
+ v2 += v6
+ v14 ^= v2
+ v14 = bits.RotateLeft64(v14, -16)
+ v10 += v14
+ v6 ^= v10
+ v6 = bits.RotateLeft64(v6, -63)
+ v3 += m[s[7]]
+ v3 += v7
+ v15 ^= v3
+ v15 = bits.RotateLeft64(v15, -16)
+ v11 += v15
+ v7 ^= v11
+ v7 = bits.RotateLeft64(v7, -63)
+
+ v0 += m[s[8]]
+ v0 += v5
+ v15 ^= v0
+ v15 = bits.RotateLeft64(v15, -32)
+ v10 += v15
+ v5 ^= v10
+ v5 = bits.RotateLeft64(v5, -24)
+ v1 += m[s[9]]
+ v1 += v6
+ v12 ^= v1
+ v12 = bits.RotateLeft64(v12, -32)
+ v11 += v12
+ v6 ^= v11
+ v6 = bits.RotateLeft64(v6, -24)
+ v2 += m[s[10]]
+ v2 += v7
+ v13 ^= v2
+ v13 = bits.RotateLeft64(v13, -32)
+ v8 += v13
+ v7 ^= v8
+ v7 = bits.RotateLeft64(v7, -24)
+ v3 += m[s[11]]
+ v3 += v4
+ v14 ^= v3
+ v14 = bits.RotateLeft64(v14, -32)
+ v9 += v14
+ v4 ^= v9
+ v4 = bits.RotateLeft64(v4, -24)
+
+ v0 += m[s[12]]
+ v0 += v5
+ v15 ^= v0
+ v15 = bits.RotateLeft64(v15, -16)
+ v10 += v15
+ v5 ^= v10
+ v5 = bits.RotateLeft64(v5, -63)
+ v1 += m[s[13]]
+ v1 += v6
+ v12 ^= v1
+ v12 = bits.RotateLeft64(v12, -16)
+ v11 += v12
+ v6 ^= v11
+ v6 = bits.RotateLeft64(v6, -63)
+ v2 += m[s[14]]
+ v2 += v7
+ v13 ^= v2
+ v13 = bits.RotateLeft64(v13, -16)
+ v8 += v13
+ v7 ^= v8
+ v7 = bits.RotateLeft64(v7, -63)
+ v3 += m[s[15]]
+ v3 += v4
+ v14 ^= v3
+ v14 = bits.RotateLeft64(v14, -16)
+ v9 += v14
+ v4 ^= v9
+ v4 = bits.RotateLeft64(v4, -63)
+
+ }
+
+ h[0] ^= v0 ^ v8
+ h[1] ^= v1 ^ v9
+ h[2] ^= v2 ^ v10
+ h[3] ^= v3 ^ v11
+ h[4] ^= v4 ^ v12
+ h[5] ^= v5 ^ v13
+ h[6] ^= v6 ^ v14
+ h[7] ^= v7 ^ v15
+ }
+ c[0], c[1] = c0, c1
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go b/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
new file mode 100644
index 0000000000000000000000000000000000000000..6e28668cd1989034c58e25d270b5749cbfe26c95
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2b_ref.go
@@ -0,0 +1,11 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !amd64 || purego || !gc
+
+package blake2b
+
+func hashBlocks(h *[8]uint64, c *[2]uint64, flag uint64, blocks []byte) {
+ hashBlocksGeneric(h, c, flag, blocks)
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/blake2x.go b/vendor/golang.org/x/crypto/blake2b/blake2x.go
new file mode 100644
index 0000000000000000000000000000000000000000..52c414db0e64d77e877835a7da8d5aad51004243
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/blake2x.go
@@ -0,0 +1,177 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package blake2b
+
+import (
+ "encoding/binary"
+ "errors"
+ "io"
+)
+
+// XOF defines the interface to hash functions that
+// support arbitrary-length output.
+type XOF interface {
+ // Write absorbs more data into the hash's state. It panics if called
+ // after Read.
+ io.Writer
+
+ // Read reads more output from the hash. It returns io.EOF if the limit
+ // has been reached.
+ io.Reader
+
+ // Clone returns a copy of the XOF in its current state.
+ Clone() XOF
+
+ // Reset resets the XOF to its initial state.
+ Reset()
+}
+
+// OutputLengthUnknown can be used as the size argument to NewXOF to indicate
+// the length of the output is not known in advance.
+const OutputLengthUnknown = 0
+
+// magicUnknownOutputLength is a magic value for the output size that indicates
+// an unknown number of output bytes.
+const magicUnknownOutputLength = (1 << 32) - 1
+
+// maxOutputLength is the absolute maximum number of bytes to produce when the
+// number of output bytes is unknown.
+const maxOutputLength = (1 << 32) * 64
+
+// NewXOF creates a new variable-output-length hash. The hash either produce a
+// known number of bytes (1 <= size < 2**32-1), or an unknown number of bytes
+// (size == OutputLengthUnknown). In the latter case, an absolute limit of
+// 256GiB applies.
+//
+// A non-nil key turns the hash into a MAC. The key must between
+// zero and 32 bytes long.
+func NewXOF(size uint32, key []byte) (XOF, error) {
+ if len(key) > Size {
+ return nil, errKeySize
+ }
+ if size == magicUnknownOutputLength {
+ // 2^32-1 indicates an unknown number of bytes and thus isn't a
+ // valid length.
+ return nil, errors.New("blake2b: XOF length too large")
+ }
+ if size == OutputLengthUnknown {
+ size = magicUnknownOutputLength
+ }
+ x := &xof{
+ d: digest{
+ size: Size,
+ keyLen: len(key),
+ },
+ length: size,
+ }
+ copy(x.d.key[:], key)
+ x.Reset()
+ return x, nil
+}
+
+type xof struct {
+ d digest
+ length uint32
+ remaining uint64
+ cfg, root, block [Size]byte
+ offset int
+ nodeOffset uint32
+ readMode bool
+}
+
+func (x *xof) Write(p []byte) (n int, err error) {
+ if x.readMode {
+ panic("blake2b: write to XOF after read")
+ }
+ return x.d.Write(p)
+}
+
+func (x *xof) Clone() XOF {
+ clone := *x
+ return &clone
+}
+
+func (x *xof) Reset() {
+ x.cfg[0] = byte(Size)
+ binary.LittleEndian.PutUint32(x.cfg[4:], uint32(Size)) // leaf length
+ binary.LittleEndian.PutUint32(x.cfg[12:], x.length) // XOF length
+ x.cfg[17] = byte(Size) // inner hash size
+
+ x.d.Reset()
+ x.d.h[1] ^= uint64(x.length) << 32
+
+ x.remaining = uint64(x.length)
+ if x.remaining == magicUnknownOutputLength {
+ x.remaining = maxOutputLength
+ }
+ x.offset, x.nodeOffset = 0, 0
+ x.readMode = false
+}
+
+func (x *xof) Read(p []byte) (n int, err error) {
+ if !x.readMode {
+ x.d.finalize(&x.root)
+ x.readMode = true
+ }
+
+ if x.remaining == 0 {
+ return 0, io.EOF
+ }
+
+ n = len(p)
+ if uint64(n) > x.remaining {
+ n = int(x.remaining)
+ p = p[:n]
+ }
+
+ if x.offset > 0 {
+ blockRemaining := Size - x.offset
+ if n < blockRemaining {
+ x.offset += copy(p, x.block[x.offset:])
+ x.remaining -= uint64(n)
+ return
+ }
+ copy(p, x.block[x.offset:])
+ p = p[blockRemaining:]
+ x.offset = 0
+ x.remaining -= uint64(blockRemaining)
+ }
+
+ for len(p) >= Size {
+ binary.LittleEndian.PutUint32(x.cfg[8:], x.nodeOffset)
+ x.nodeOffset++
+
+ x.d.initConfig(&x.cfg)
+ x.d.Write(x.root[:])
+ x.d.finalize(&x.block)
+
+ copy(p, x.block[:])
+ p = p[Size:]
+ x.remaining -= uint64(Size)
+ }
+
+ if todo := len(p); todo > 0 {
+ if x.remaining < uint64(Size) {
+ x.cfg[0] = byte(x.remaining)
+ }
+ binary.LittleEndian.PutUint32(x.cfg[8:], x.nodeOffset)
+ x.nodeOffset++
+
+ x.d.initConfig(&x.cfg)
+ x.d.Write(x.root[:])
+ x.d.finalize(&x.block)
+
+ x.offset = copy(p, x.block[:todo])
+ x.remaining -= uint64(todo)
+ }
+ return
+}
+
+func (d *digest) initConfig(cfg *[Size]byte) {
+ d.offset, d.c[0], d.c[1] = 0, 0, 0
+ for i := range d.h {
+ d.h[i] = iv[i] ^ binary.LittleEndian.Uint64(cfg[i*8:])
+ }
+}
diff --git a/vendor/golang.org/x/crypto/blake2b/register.go b/vendor/golang.org/x/crypto/blake2b/register.go
new file mode 100644
index 0000000000000000000000000000000000000000..54e446e1d2ce77eeabeaf021a56c01ba8883f832
--- /dev/null
+++ b/vendor/golang.org/x/crypto/blake2b/register.go
@@ -0,0 +1,30 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package blake2b
+
+import (
+ "crypto"
+ "hash"
+)
+
+func init() {
+ newHash256 := func() hash.Hash {
+ h, _ := New256(nil)
+ return h
+ }
+ newHash384 := func() hash.Hash {
+ h, _ := New384(nil)
+ return h
+ }
+
+ newHash512 := func() hash.Hash {
+ h, _ := New512(nil)
+ return h
+ }
+
+ crypto.RegisterHash(crypto.BLAKE2b_256, newHash256)
+ crypto.RegisterHash(crypto.BLAKE2b_384, newHash384)
+ crypto.RegisterHash(crypto.BLAKE2b_512, newHash512)
+}
diff --git a/vendor/golang.org/x/crypto/cast5/cast5.go b/vendor/golang.org/x/crypto/cast5/cast5.go
index 425e8eecb06bebf17a96d889c5e53b7c313be126..016e90215cdf6cf85b1a55704e32833683a7677e 100644
--- a/vendor/golang.org/x/crypto/cast5/cast5.go
+++ b/vendor/golang.org/x/crypto/cast5/cast5.go
@@ -11,7 +11,7 @@
// Deprecated: any new system should use AES (from crypto/aes, if necessary in
// an AEAD mode like crypto/cipher.NewGCM) or XChaCha20-Poly1305 (from
// golang.org/x/crypto/chacha20poly1305).
-package cast5 // import "golang.org/x/crypto/cast5"
+package cast5
import (
"errors"
diff --git a/vendor/golang.org/x/crypto/hkdf/hkdf.go b/vendor/golang.org/x/crypto/hkdf/hkdf.go
new file mode 100644
index 0000000000000000000000000000000000000000..3bee66294ecfc645331ff3e1d3505ef0043983ad
--- /dev/null
+++ b/vendor/golang.org/x/crypto/hkdf/hkdf.go
@@ -0,0 +1,95 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package hkdf implements the HMAC-based Extract-and-Expand Key Derivation
+// Function (HKDF) as defined in RFC 5869.
+//
+// HKDF is a cryptographic key derivation function (KDF) with the goal of
+// expanding limited input keying material into one or more cryptographically
+// strong secret keys.
+package hkdf
+
+import (
+ "crypto/hmac"
+ "errors"
+ "hash"
+ "io"
+)
+
+// Extract generates a pseudorandom key for use with Expand from an input secret
+// and an optional independent salt.
+//
+// Only use this function if you need to reuse the extracted key with multiple
+// Expand invocations and different context values. Most common scenarios,
+// including the generation of multiple keys, should use New instead.
+func Extract(hash func() hash.Hash, secret, salt []byte) []byte {
+ if salt == nil {
+ salt = make([]byte, hash().Size())
+ }
+ extractor := hmac.New(hash, salt)
+ extractor.Write(secret)
+ return extractor.Sum(nil)
+}
+
+type hkdf struct {
+ expander hash.Hash
+ size int
+
+ info []byte
+ counter byte
+
+ prev []byte
+ buf []byte
+}
+
+func (f *hkdf) Read(p []byte) (int, error) {
+ // Check whether enough data can be generated
+ need := len(p)
+ remains := len(f.buf) + int(255-f.counter+1)*f.size
+ if remains < need {
+ return 0, errors.New("hkdf: entropy limit reached")
+ }
+ // Read any leftover from the buffer
+ n := copy(p, f.buf)
+ p = p[n:]
+
+ // Fill the rest of the buffer
+ for len(p) > 0 {
+ if f.counter > 1 {
+ f.expander.Reset()
+ }
+ f.expander.Write(f.prev)
+ f.expander.Write(f.info)
+ f.expander.Write([]byte{f.counter})
+ f.prev = f.expander.Sum(f.prev[:0])
+ f.counter++
+
+ // Copy the new batch into p
+ f.buf = f.prev
+ n = copy(p, f.buf)
+ p = p[n:]
+ }
+ // Save leftovers for next run
+ f.buf = f.buf[n:]
+
+ return need, nil
+}
+
+// Expand returns a Reader, from which keys can be read, using the given
+// pseudorandom key and optional context info, skipping the extraction step.
+//
+// The pseudorandomKey should have been generated by Extract, or be a uniformly
+// random or pseudorandom cryptographically strong key. See RFC 5869, Section
+// 3.3. Most common scenarios will want to use New instead.
+func Expand(hash func() hash.Hash, pseudorandomKey, info []byte) io.Reader {
+ expander := hmac.New(hash, pseudorandomKey)
+ return &hkdf{expander, expander.Size(), info, 1, nil, nil}
+}
+
+// New returns a Reader, from which keys can be read, using the given hash,
+// secret, salt and context info. Salt and info can be nil.
+func New(hash func() hash.Hash, secret, salt, info []byte) io.Reader {
+ prk := Extract(hash, secret, salt)
+ return Expand(hash, prk, info)
+}
diff --git a/vendor/golang.org/x/crypto/openpgp/armor/armor.go b/vendor/golang.org/x/crypto/openpgp/armor/armor.go
index 8907183ec0ab9c7f78a6d9ac3391a0cab501b5b8..e664d127cb2adb9b9b215edbc3e0b05ab5bd4986 100644
--- a/vendor/golang.org/x/crypto/openpgp/armor/armor.go
+++ b/vendor/golang.org/x/crypto/openpgp/armor/armor.go
@@ -10,14 +10,15 @@
// for their specific task. If you are required to interoperate with OpenPGP
// systems and need a maintained package, consider a community fork.
// See https://golang.org/issue/44226.
-package armor // import "golang.org/x/crypto/openpgp/armor"
+package armor
import (
"bufio"
"bytes"
"encoding/base64"
- "golang.org/x/crypto/openpgp/errors"
"io"
+
+ "golang.org/x/crypto/openpgp/errors"
)
// A Block represents an OpenPGP armored structure.
diff --git a/vendor/golang.org/x/crypto/openpgp/clearsign/clearsign.go b/vendor/golang.org/x/crypto/openpgp/clearsign/clearsign.go
index 644b2e078bc9c8d556bc5fc82fd7a1de0828f14f..cea48efdcd267a45bc12b5013ea58316955c678f 100644
--- a/vendor/golang.org/x/crypto/openpgp/clearsign/clearsign.go
+++ b/vendor/golang.org/x/crypto/openpgp/clearsign/clearsign.go
@@ -13,7 +13,7 @@
// for their specific task. If you are required to interoperate with OpenPGP
// systems and need a maintained package, consider a community fork.
// See https://golang.org/issue/44226.
-package clearsign // import "golang.org/x/crypto/openpgp/clearsign"
+package clearsign
import (
"bufio"
diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
index 743b35a1204f5ff659fa40d09e4714932e5c5420..f922bdbcaa795df03301e2a10f299c8875f0f117 100644
--- a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
+++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
@@ -16,7 +16,7 @@
// https://golang.org/issue/44226), and ElGamal in the OpenPGP ecosystem has
// compatibility and security issues (see https://eprint.iacr.org/2021/923).
// Moreover, this package doesn't protect against side-channel attacks.
-package elgamal // import "golang.org/x/crypto/openpgp/elgamal"
+package elgamal
import (
"crypto/rand"
diff --git a/vendor/golang.org/x/crypto/openpgp/errors/errors.go b/vendor/golang.org/x/crypto/openpgp/errors/errors.go
index 1d7a0ea05adf179b86ad609c43c96c83b7950648..a328749471a6d692ebf42c7c8d97a58566296315 100644
--- a/vendor/golang.org/x/crypto/openpgp/errors/errors.go
+++ b/vendor/golang.org/x/crypto/openpgp/errors/errors.go
@@ -9,7 +9,7 @@
// for their specific task. If you are required to interoperate with OpenPGP
// systems and need a maintained package, consider a community fork.
// See https://golang.org/issue/44226.
-package errors // import "golang.org/x/crypto/openpgp/errors"
+package errors
import (
"strconv"
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
index 0a19794a8e49c1969a8c63cb0bca02f1db60300c..a84a1a214e2099776746e1c10ecc7057eb7c8064 100644
--- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go
+++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
@@ -10,7 +10,7 @@
// for their specific task. If you are required to interoperate with OpenPGP
// systems and need a maintained package, consider a community fork.
// See https://golang.org/issue/44226.
-package packet // import "golang.org/x/crypto/openpgp/packet"
+package packet
import (
"bufio"
diff --git a/vendor/golang.org/x/crypto/openpgp/read.go b/vendor/golang.org/x/crypto/openpgp/read.go
index 48a893146858cafafb9251f938b876679db82067..cff3db91969a994081ac08099e73a3b3bb67a324 100644
--- a/vendor/golang.org/x/crypto/openpgp/read.go
+++ b/vendor/golang.org/x/crypto/openpgp/read.go
@@ -9,7 +9,7 @@
// for their specific task. If you are required to interoperate with OpenPGP
// systems and need a maintained package, consider a community fork.
// See https://golang.org/issue/44226.
-package openpgp // import "golang.org/x/crypto/openpgp"
+package openpgp
import (
"crypto"
diff --git a/vendor/golang.org/x/crypto/openpgp/s2k/s2k.go b/vendor/golang.org/x/crypto/openpgp/s2k/s2k.go
index f53244a1c7b53898b103503e108c59cc878dab77..fa1a9190795730c8f52fd8f9e5b3eaaeb95f711b 100644
--- a/vendor/golang.org/x/crypto/openpgp/s2k/s2k.go
+++ b/vendor/golang.org/x/crypto/openpgp/s2k/s2k.go
@@ -10,7 +10,7 @@
// for their specific task. If you are required to interoperate with OpenPGP
// systems and need a maintained package, consider a community fork.
// See https://golang.org/issue/44226.
-package s2k // import "golang.org/x/crypto/openpgp/s2k"
+package s2k
import (
"crypto"
diff --git a/vendor/golang.org/x/crypto/sha3/doc.go b/vendor/golang.org/x/crypto/sha3/doc.go
new file mode 100644
index 0000000000000000000000000000000000000000..bbf391fe6e5909ea10b516d9821c09811fb9dad9
--- /dev/null
+++ b/vendor/golang.org/x/crypto/sha3/doc.go
@@ -0,0 +1,66 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package sha3 implements the SHA-3 fixed-output-length hash functions and
+// the SHAKE variable-output-length hash functions defined by FIPS-202.
+//
+// All types in this package also implement [encoding.BinaryMarshaler],
+// [encoding.BinaryAppender] and [encoding.BinaryUnmarshaler] to marshal and
+// unmarshal the internal state of the hash.
+//
+// Both types of hash function use the "sponge" construction and the Keccak
+// permutation. For a detailed specification see http://keccak.noekeon.org/
+//
+// # Guidance
+//
+// If you aren't sure what function you need, use SHAKE256 with at least 64
+// bytes of output. The SHAKE instances are faster than the SHA3 instances;
+// the latter have to allocate memory to conform to the hash.Hash interface.
+//
+// If you need a secret-key MAC (message authentication code), prepend the
+// secret key to the input, hash with SHAKE256 and read at least 32 bytes of
+// output.
+//
+// # Security strengths
+//
+// The SHA3-x (x equals 224, 256, 384, or 512) functions have a security
+// strength against preimage attacks of x bits. Since they only produce "x"
+// bits of output, their collision-resistance is only "x/2" bits.
+//
+// The SHAKE-256 and -128 functions have a generic security strength of 256 and
+// 128 bits against all attacks, provided that at least 2x bits of their output
+// is used. Requesting more than 64 or 32 bytes of output, respectively, does
+// not increase the collision-resistance of the SHAKE functions.
+//
+// # The sponge construction
+//
+// A sponge builds a pseudo-random function from a public pseudo-random
+// permutation, by applying the permutation to a state of "rate + capacity"
+// bytes, but hiding "capacity" of the bytes.
+//
+// A sponge starts out with a zero state. To hash an input using a sponge, up
+// to "rate" bytes of the input are XORed into the sponge's state. The sponge
+// is then "full" and the permutation is applied to "empty" it. This process is
+// repeated until all the input has been "absorbed". The input is then padded.
+// The digest is "squeezed" from the sponge in the same way, except that output
+// is copied out instead of input being XORed in.
+//
+// A sponge is parameterized by its generic security strength, which is equal
+// to half its capacity; capacity + rate is equal to the permutation's width.
+// Since the KeccakF-1600 permutation is 1600 bits (200 bytes) wide, this means
+// that the security strength of a sponge instance is equal to (1600 - bitrate) / 2.
+//
+// # Recommendations
+//
+// The SHAKE functions are recommended for most new uses. They can produce
+// output of arbitrary length. SHAKE256, with an output length of at least
+// 64 bytes, provides 256-bit security against all attacks. The Keccak team
+// recommends it for most applications upgrading from SHA2-512. (NIST chose a
+// much stronger, but much slower, sponge instance for SHA3-512.)
+//
+// The SHA-3 functions are "drop-in" replacements for the SHA-2 functions.
+// They produce output of the same length, with the same security strengths
+// against all attacks. This means, in particular, that SHA3-256 only has
+// 128-bit collision resistance, because its output length is 32 bytes.
+package sha3
diff --git a/vendor/golang.org/x/crypto/sha3/hashes.go b/vendor/golang.org/x/crypto/sha3/hashes.go
new file mode 100644
index 0000000000000000000000000000000000000000..31fffbe04408af272ff1c800215e51acead39eaf
--- /dev/null
+++ b/vendor/golang.org/x/crypto/sha3/hashes.go
@@ -0,0 +1,128 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package sha3
+
+// This file provides functions for creating instances of the SHA-3
+// and SHAKE hash functions, as well as utility functions for hashing
+// bytes.
+
+import (
+ "crypto"
+ "hash"
+)
+
+// New224 creates a new SHA3-224 hash.
+// Its generic security strength is 224 bits against preimage attacks,
+// and 112 bits against collision attacks.
+func New224() hash.Hash {
+ return new224()
+}
+
+// New256 creates a new SHA3-256 hash.
+// Its generic security strength is 256 bits against preimage attacks,
+// and 128 bits against collision attacks.
+func New256() hash.Hash {
+ return new256()
+}
+
+// New384 creates a new SHA3-384 hash.
+// Its generic security strength is 384 bits against preimage attacks,
+// and 192 bits against collision attacks.
+func New384() hash.Hash {
+ return new384()
+}
+
+// New512 creates a new SHA3-512 hash.
+// Its generic security strength is 512 bits against preimage attacks,
+// and 256 bits against collision attacks.
+func New512() hash.Hash {
+ return new512()
+}
+
+func init() {
+ crypto.RegisterHash(crypto.SHA3_224, New224)
+ crypto.RegisterHash(crypto.SHA3_256, New256)
+ crypto.RegisterHash(crypto.SHA3_384, New384)
+ crypto.RegisterHash(crypto.SHA3_512, New512)
+}
+
+const (
+ dsbyteSHA3 = 0b00000110
+ dsbyteKeccak = 0b00000001
+ dsbyteShake = 0b00011111
+ dsbyteCShake = 0b00000100
+
+ // rateK[c] is the rate in bytes for Keccak[c] where c is the capacity in
+ // bits. Given the sponge size is 1600 bits, the rate is 1600 - c bits.
+ rateK256 = (1600 - 256) / 8
+ rateK448 = (1600 - 448) / 8
+ rateK512 = (1600 - 512) / 8
+ rateK768 = (1600 - 768) / 8
+ rateK1024 = (1600 - 1024) / 8
+)
+
+func new224Generic() *state {
+ return &state{rate: rateK448, outputLen: 28, dsbyte: dsbyteSHA3}
+}
+
+func new256Generic() *state {
+ return &state{rate: rateK512, outputLen: 32, dsbyte: dsbyteSHA3}
+}
+
+func new384Generic() *state {
+ return &state{rate: rateK768, outputLen: 48, dsbyte: dsbyteSHA3}
+}
+
+func new512Generic() *state {
+ return &state{rate: rateK1024, outputLen: 64, dsbyte: dsbyteSHA3}
+}
+
+// NewLegacyKeccak256 creates a new Keccak-256 hash.
+//
+// Only use this function if you require compatibility with an existing cryptosystem
+// that uses non-standard padding. All other users should use New256 instead.
+func NewLegacyKeccak256() hash.Hash {
+ return &state{rate: rateK512, outputLen: 32, dsbyte: dsbyteKeccak}
+}
+
+// NewLegacyKeccak512 creates a new Keccak-512 hash.
+//
+// Only use this function if you require compatibility with an existing cryptosystem
+// that uses non-standard padding. All other users should use New512 instead.
+func NewLegacyKeccak512() hash.Hash {
+ return &state{rate: rateK1024, outputLen: 64, dsbyte: dsbyteKeccak}
+}
+
+// Sum224 returns the SHA3-224 digest of the data.
+func Sum224(data []byte) (digest [28]byte) {
+ h := New224()
+ h.Write(data)
+ h.Sum(digest[:0])
+ return
+}
+
+// Sum256 returns the SHA3-256 digest of the data.
+func Sum256(data []byte) (digest [32]byte) {
+ h := New256()
+ h.Write(data)
+ h.Sum(digest[:0])
+ return
+}
+
+// Sum384 returns the SHA3-384 digest of the data.
+func Sum384(data []byte) (digest [48]byte) {
+ h := New384()
+ h.Write(data)
+ h.Sum(digest[:0])
+ return
+}
+
+// Sum512 returns the SHA3-512 digest of the data.
+func Sum512(data []byte) (digest [64]byte) {
+ h := New512()
+ h.Write(data)
+ h.Sum(digest[:0])
+ return
+}
diff --git a/vendor/golang.org/x/crypto/sha3/hashes_noasm.go b/vendor/golang.org/x/crypto/sha3/hashes_noasm.go
new file mode 100644
index 0000000000000000000000000000000000000000..9d85fb621446d27556f0e04a77daa0557796f006
--- /dev/null
+++ b/vendor/golang.org/x/crypto/sha3/hashes_noasm.go
@@ -0,0 +1,23 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !gc || purego || !s390x
+
+package sha3
+
+func new224() *state {
+ return new224Generic()
+}
+
+func new256() *state {
+ return new256Generic()
+}
+
+func new384() *state {
+ return new384Generic()
+}
+
+func new512() *state {
+ return new512Generic()
+}
diff --git a/vendor/golang.org/x/crypto/sha3/keccakf.go b/vendor/golang.org/x/crypto/sha3/keccakf.go
new file mode 100644
index 0000000000000000000000000000000000000000..ce48b1dd3eddb88bd6153d0b927fbe44cde2eda4
--- /dev/null
+++ b/vendor/golang.org/x/crypto/sha3/keccakf.go
@@ -0,0 +1,414 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !amd64 || purego || !gc
+
+package sha3
+
+import "math/bits"
+
+// rc stores the round constants for use in the ι step.
+var rc = [24]uint64{
+ 0x0000000000000001,
+ 0x0000000000008082,
+ 0x800000000000808A,
+ 0x8000000080008000,
+ 0x000000000000808B,
+ 0x0000000080000001,
+ 0x8000000080008081,
+ 0x8000000000008009,
+ 0x000000000000008A,
+ 0x0000000000000088,
+ 0x0000000080008009,
+ 0x000000008000000A,
+ 0x000000008000808B,
+ 0x800000000000008B,
+ 0x8000000000008089,
+ 0x8000000000008003,
+ 0x8000000000008002,
+ 0x8000000000000080,
+ 0x000000000000800A,
+ 0x800000008000000A,
+ 0x8000000080008081,
+ 0x8000000000008080,
+ 0x0000000080000001,
+ 0x8000000080008008,
+}
+
+// keccakF1600 applies the Keccak permutation to a 1600b-wide
+// state represented as a slice of 25 uint64s.
+func keccakF1600(a *[25]uint64) {
+ // Implementation translated from Keccak-inplace.c
+ // in the keccak reference code.
+ var t, bc0, bc1, bc2, bc3, bc4, d0, d1, d2, d3, d4 uint64
+
+ for i := 0; i < 24; i += 4 {
+ // Combines the 5 steps in each round into 2 steps.
+ // Unrolls 4 rounds per loop and spreads some steps across rounds.
+
+ // Round 1
+ bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
+ bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
+ bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
+ bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
+ bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
+ d0 = bc4 ^ (bc1<<1 | bc1>>63)
+ d1 = bc0 ^ (bc2<<1 | bc2>>63)
+ d2 = bc1 ^ (bc3<<1 | bc3>>63)
+ d3 = bc2 ^ (bc4<<1 | bc4>>63)
+ d4 = bc3 ^ (bc0<<1 | bc0>>63)
+
+ bc0 = a[0] ^ d0
+ t = a[6] ^ d1
+ bc1 = bits.RotateLeft64(t, 44)
+ t = a[12] ^ d2
+ bc2 = bits.RotateLeft64(t, 43)
+ t = a[18] ^ d3
+ bc3 = bits.RotateLeft64(t, 21)
+ t = a[24] ^ d4
+ bc4 = bits.RotateLeft64(t, 14)
+ a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i]
+ a[6] = bc1 ^ (bc3 &^ bc2)
+ a[12] = bc2 ^ (bc4 &^ bc3)
+ a[18] = bc3 ^ (bc0 &^ bc4)
+ a[24] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[10] ^ d0
+ bc2 = bits.RotateLeft64(t, 3)
+ t = a[16] ^ d1
+ bc3 = bits.RotateLeft64(t, 45)
+ t = a[22] ^ d2
+ bc4 = bits.RotateLeft64(t, 61)
+ t = a[3] ^ d3
+ bc0 = bits.RotateLeft64(t, 28)
+ t = a[9] ^ d4
+ bc1 = bits.RotateLeft64(t, 20)
+ a[10] = bc0 ^ (bc2 &^ bc1)
+ a[16] = bc1 ^ (bc3 &^ bc2)
+ a[22] = bc2 ^ (bc4 &^ bc3)
+ a[3] = bc3 ^ (bc0 &^ bc4)
+ a[9] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[20] ^ d0
+ bc4 = bits.RotateLeft64(t, 18)
+ t = a[1] ^ d1
+ bc0 = bits.RotateLeft64(t, 1)
+ t = a[7] ^ d2
+ bc1 = bits.RotateLeft64(t, 6)
+ t = a[13] ^ d3
+ bc2 = bits.RotateLeft64(t, 25)
+ t = a[19] ^ d4
+ bc3 = bits.RotateLeft64(t, 8)
+ a[20] = bc0 ^ (bc2 &^ bc1)
+ a[1] = bc1 ^ (bc3 &^ bc2)
+ a[7] = bc2 ^ (bc4 &^ bc3)
+ a[13] = bc3 ^ (bc0 &^ bc4)
+ a[19] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[5] ^ d0
+ bc1 = bits.RotateLeft64(t, 36)
+ t = a[11] ^ d1
+ bc2 = bits.RotateLeft64(t, 10)
+ t = a[17] ^ d2
+ bc3 = bits.RotateLeft64(t, 15)
+ t = a[23] ^ d3
+ bc4 = bits.RotateLeft64(t, 56)
+ t = a[4] ^ d4
+ bc0 = bits.RotateLeft64(t, 27)
+ a[5] = bc0 ^ (bc2 &^ bc1)
+ a[11] = bc1 ^ (bc3 &^ bc2)
+ a[17] = bc2 ^ (bc4 &^ bc3)
+ a[23] = bc3 ^ (bc0 &^ bc4)
+ a[4] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[15] ^ d0
+ bc3 = bits.RotateLeft64(t, 41)
+ t = a[21] ^ d1
+ bc4 = bits.RotateLeft64(t, 2)
+ t = a[2] ^ d2
+ bc0 = bits.RotateLeft64(t, 62)
+ t = a[8] ^ d3
+ bc1 = bits.RotateLeft64(t, 55)
+ t = a[14] ^ d4
+ bc2 = bits.RotateLeft64(t, 39)
+ a[15] = bc0 ^ (bc2 &^ bc1)
+ a[21] = bc1 ^ (bc3 &^ bc2)
+ a[2] = bc2 ^ (bc4 &^ bc3)
+ a[8] = bc3 ^ (bc0 &^ bc4)
+ a[14] = bc4 ^ (bc1 &^ bc0)
+
+ // Round 2
+ bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
+ bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
+ bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
+ bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
+ bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
+ d0 = bc4 ^ (bc1<<1 | bc1>>63)
+ d1 = bc0 ^ (bc2<<1 | bc2>>63)
+ d2 = bc1 ^ (bc3<<1 | bc3>>63)
+ d3 = bc2 ^ (bc4<<1 | bc4>>63)
+ d4 = bc3 ^ (bc0<<1 | bc0>>63)
+
+ bc0 = a[0] ^ d0
+ t = a[16] ^ d1
+ bc1 = bits.RotateLeft64(t, 44)
+ t = a[7] ^ d2
+ bc2 = bits.RotateLeft64(t, 43)
+ t = a[23] ^ d3
+ bc3 = bits.RotateLeft64(t, 21)
+ t = a[14] ^ d4
+ bc4 = bits.RotateLeft64(t, 14)
+ a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+1]
+ a[16] = bc1 ^ (bc3 &^ bc2)
+ a[7] = bc2 ^ (bc4 &^ bc3)
+ a[23] = bc3 ^ (bc0 &^ bc4)
+ a[14] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[20] ^ d0
+ bc2 = bits.RotateLeft64(t, 3)
+ t = a[11] ^ d1
+ bc3 = bits.RotateLeft64(t, 45)
+ t = a[2] ^ d2
+ bc4 = bits.RotateLeft64(t, 61)
+ t = a[18] ^ d3
+ bc0 = bits.RotateLeft64(t, 28)
+ t = a[9] ^ d4
+ bc1 = bits.RotateLeft64(t, 20)
+ a[20] = bc0 ^ (bc2 &^ bc1)
+ a[11] = bc1 ^ (bc3 &^ bc2)
+ a[2] = bc2 ^ (bc4 &^ bc3)
+ a[18] = bc3 ^ (bc0 &^ bc4)
+ a[9] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[15] ^ d0
+ bc4 = bits.RotateLeft64(t, 18)
+ t = a[6] ^ d1
+ bc0 = bits.RotateLeft64(t, 1)
+ t = a[22] ^ d2
+ bc1 = bits.RotateLeft64(t, 6)
+ t = a[13] ^ d3
+ bc2 = bits.RotateLeft64(t, 25)
+ t = a[4] ^ d4
+ bc3 = bits.RotateLeft64(t, 8)
+ a[15] = bc0 ^ (bc2 &^ bc1)
+ a[6] = bc1 ^ (bc3 &^ bc2)
+ a[22] = bc2 ^ (bc4 &^ bc3)
+ a[13] = bc3 ^ (bc0 &^ bc4)
+ a[4] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[10] ^ d0
+ bc1 = bits.RotateLeft64(t, 36)
+ t = a[1] ^ d1
+ bc2 = bits.RotateLeft64(t, 10)
+ t = a[17] ^ d2
+ bc3 = bits.RotateLeft64(t, 15)
+ t = a[8] ^ d3
+ bc4 = bits.RotateLeft64(t, 56)
+ t = a[24] ^ d4
+ bc0 = bits.RotateLeft64(t, 27)
+ a[10] = bc0 ^ (bc2 &^ bc1)
+ a[1] = bc1 ^ (bc3 &^ bc2)
+ a[17] = bc2 ^ (bc4 &^ bc3)
+ a[8] = bc3 ^ (bc0 &^ bc4)
+ a[24] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[5] ^ d0
+ bc3 = bits.RotateLeft64(t, 41)
+ t = a[21] ^ d1
+ bc4 = bits.RotateLeft64(t, 2)
+ t = a[12] ^ d2
+ bc0 = bits.RotateLeft64(t, 62)
+ t = a[3] ^ d3
+ bc1 = bits.RotateLeft64(t, 55)
+ t = a[19] ^ d4
+ bc2 = bits.RotateLeft64(t, 39)
+ a[5] = bc0 ^ (bc2 &^ bc1)
+ a[21] = bc1 ^ (bc3 &^ bc2)
+ a[12] = bc2 ^ (bc4 &^ bc3)
+ a[3] = bc3 ^ (bc0 &^ bc4)
+ a[19] = bc4 ^ (bc1 &^ bc0)
+
+ // Round 3
+ bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
+ bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
+ bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
+ bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
+ bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
+ d0 = bc4 ^ (bc1<<1 | bc1>>63)
+ d1 = bc0 ^ (bc2<<1 | bc2>>63)
+ d2 = bc1 ^ (bc3<<1 | bc3>>63)
+ d3 = bc2 ^ (bc4<<1 | bc4>>63)
+ d4 = bc3 ^ (bc0<<1 | bc0>>63)
+
+ bc0 = a[0] ^ d0
+ t = a[11] ^ d1
+ bc1 = bits.RotateLeft64(t, 44)
+ t = a[22] ^ d2
+ bc2 = bits.RotateLeft64(t, 43)
+ t = a[8] ^ d3
+ bc3 = bits.RotateLeft64(t, 21)
+ t = a[19] ^ d4
+ bc4 = bits.RotateLeft64(t, 14)
+ a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+2]
+ a[11] = bc1 ^ (bc3 &^ bc2)
+ a[22] = bc2 ^ (bc4 &^ bc3)
+ a[8] = bc3 ^ (bc0 &^ bc4)
+ a[19] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[15] ^ d0
+ bc2 = bits.RotateLeft64(t, 3)
+ t = a[1] ^ d1
+ bc3 = bits.RotateLeft64(t, 45)
+ t = a[12] ^ d2
+ bc4 = bits.RotateLeft64(t, 61)
+ t = a[23] ^ d3
+ bc0 = bits.RotateLeft64(t, 28)
+ t = a[9] ^ d4
+ bc1 = bits.RotateLeft64(t, 20)
+ a[15] = bc0 ^ (bc2 &^ bc1)
+ a[1] = bc1 ^ (bc3 &^ bc2)
+ a[12] = bc2 ^ (bc4 &^ bc3)
+ a[23] = bc3 ^ (bc0 &^ bc4)
+ a[9] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[5] ^ d0
+ bc4 = bits.RotateLeft64(t, 18)
+ t = a[16] ^ d1
+ bc0 = bits.RotateLeft64(t, 1)
+ t = a[2] ^ d2
+ bc1 = bits.RotateLeft64(t, 6)
+ t = a[13] ^ d3
+ bc2 = bits.RotateLeft64(t, 25)
+ t = a[24] ^ d4
+ bc3 = bits.RotateLeft64(t, 8)
+ a[5] = bc0 ^ (bc2 &^ bc1)
+ a[16] = bc1 ^ (bc3 &^ bc2)
+ a[2] = bc2 ^ (bc4 &^ bc3)
+ a[13] = bc3 ^ (bc0 &^ bc4)
+ a[24] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[20] ^ d0
+ bc1 = bits.RotateLeft64(t, 36)
+ t = a[6] ^ d1
+ bc2 = bits.RotateLeft64(t, 10)
+ t = a[17] ^ d2
+ bc3 = bits.RotateLeft64(t, 15)
+ t = a[3] ^ d3
+ bc4 = bits.RotateLeft64(t, 56)
+ t = a[14] ^ d4
+ bc0 = bits.RotateLeft64(t, 27)
+ a[20] = bc0 ^ (bc2 &^ bc1)
+ a[6] = bc1 ^ (bc3 &^ bc2)
+ a[17] = bc2 ^ (bc4 &^ bc3)
+ a[3] = bc3 ^ (bc0 &^ bc4)
+ a[14] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[10] ^ d0
+ bc3 = bits.RotateLeft64(t, 41)
+ t = a[21] ^ d1
+ bc4 = bits.RotateLeft64(t, 2)
+ t = a[7] ^ d2
+ bc0 = bits.RotateLeft64(t, 62)
+ t = a[18] ^ d3
+ bc1 = bits.RotateLeft64(t, 55)
+ t = a[4] ^ d4
+ bc2 = bits.RotateLeft64(t, 39)
+ a[10] = bc0 ^ (bc2 &^ bc1)
+ a[21] = bc1 ^ (bc3 &^ bc2)
+ a[7] = bc2 ^ (bc4 &^ bc3)
+ a[18] = bc3 ^ (bc0 &^ bc4)
+ a[4] = bc4 ^ (bc1 &^ bc0)
+
+ // Round 4
+ bc0 = a[0] ^ a[5] ^ a[10] ^ a[15] ^ a[20]
+ bc1 = a[1] ^ a[6] ^ a[11] ^ a[16] ^ a[21]
+ bc2 = a[2] ^ a[7] ^ a[12] ^ a[17] ^ a[22]
+ bc3 = a[3] ^ a[8] ^ a[13] ^ a[18] ^ a[23]
+ bc4 = a[4] ^ a[9] ^ a[14] ^ a[19] ^ a[24]
+ d0 = bc4 ^ (bc1<<1 | bc1>>63)
+ d1 = bc0 ^ (bc2<<1 | bc2>>63)
+ d2 = bc1 ^ (bc3<<1 | bc3>>63)
+ d3 = bc2 ^ (bc4<<1 | bc4>>63)
+ d4 = bc3 ^ (bc0<<1 | bc0>>63)
+
+ bc0 = a[0] ^ d0
+ t = a[1] ^ d1
+ bc1 = bits.RotateLeft64(t, 44)
+ t = a[2] ^ d2
+ bc2 = bits.RotateLeft64(t, 43)
+ t = a[3] ^ d3
+ bc3 = bits.RotateLeft64(t, 21)
+ t = a[4] ^ d4
+ bc4 = bits.RotateLeft64(t, 14)
+ a[0] = bc0 ^ (bc2 &^ bc1) ^ rc[i+3]
+ a[1] = bc1 ^ (bc3 &^ bc2)
+ a[2] = bc2 ^ (bc4 &^ bc3)
+ a[3] = bc3 ^ (bc0 &^ bc4)
+ a[4] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[5] ^ d0
+ bc2 = bits.RotateLeft64(t, 3)
+ t = a[6] ^ d1
+ bc3 = bits.RotateLeft64(t, 45)
+ t = a[7] ^ d2
+ bc4 = bits.RotateLeft64(t, 61)
+ t = a[8] ^ d3
+ bc0 = bits.RotateLeft64(t, 28)
+ t = a[9] ^ d4
+ bc1 = bits.RotateLeft64(t, 20)
+ a[5] = bc0 ^ (bc2 &^ bc1)
+ a[6] = bc1 ^ (bc3 &^ bc2)
+ a[7] = bc2 ^ (bc4 &^ bc3)
+ a[8] = bc3 ^ (bc0 &^ bc4)
+ a[9] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[10] ^ d0
+ bc4 = bits.RotateLeft64(t, 18)
+ t = a[11] ^ d1
+ bc0 = bits.RotateLeft64(t, 1)
+ t = a[12] ^ d2
+ bc1 = bits.RotateLeft64(t, 6)
+ t = a[13] ^ d3
+ bc2 = bits.RotateLeft64(t, 25)
+ t = a[14] ^ d4
+ bc3 = bits.RotateLeft64(t, 8)
+ a[10] = bc0 ^ (bc2 &^ bc1)
+ a[11] = bc1 ^ (bc3 &^ bc2)
+ a[12] = bc2 ^ (bc4 &^ bc3)
+ a[13] = bc3 ^ (bc0 &^ bc4)
+ a[14] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[15] ^ d0
+ bc1 = bits.RotateLeft64(t, 36)
+ t = a[16] ^ d1
+ bc2 = bits.RotateLeft64(t, 10)
+ t = a[17] ^ d2
+ bc3 = bits.RotateLeft64(t, 15)
+ t = a[18] ^ d3
+ bc4 = bits.RotateLeft64(t, 56)
+ t = a[19] ^ d4
+ bc0 = bits.RotateLeft64(t, 27)
+ a[15] = bc0 ^ (bc2 &^ bc1)
+ a[16] = bc1 ^ (bc3 &^ bc2)
+ a[17] = bc2 ^ (bc4 &^ bc3)
+ a[18] = bc3 ^ (bc0 &^ bc4)
+ a[19] = bc4 ^ (bc1 &^ bc0)
+
+ t = a[20] ^ d0
+ bc3 = bits.RotateLeft64(t, 41)
+ t = a[21] ^ d1
+ bc4 = bits.RotateLeft64(t, 2)
+ t = a[22] ^ d2
+ bc0 = bits.RotateLeft64(t, 62)
+ t = a[23] ^ d3
+ bc1 = bits.RotateLeft64(t, 55)
+ t = a[24] ^ d4
+ bc2 = bits.RotateLeft64(t, 39)
+ a[20] = bc0 ^ (bc2 &^ bc1)
+ a[21] = bc1 ^ (bc3 &^ bc2)
+ a[22] = bc2 ^ (bc4 &^ bc3)
+ a[23] = bc3 ^ (bc0 &^ bc4)
+ a[24] = bc4 ^ (bc1 &^ bc0)
+ }
+}
diff --git a/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go b/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go
new file mode 100644
index 0000000000000000000000000000000000000000..b908696be58fb33f95e16a0eb6e9a0409b11bc88
--- /dev/null
+++ b/vendor/golang.org/x/crypto/sha3/keccakf_amd64.go
@@ -0,0 +1,13 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build amd64 && !purego && gc
+
+package sha3
+
+// This function is implemented in keccakf_amd64.s.
+
+//go:noescape
+
+func keccakF1600(a *[25]uint64)
diff --git a/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s b/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s
new file mode 100644
index 0000000000000000000000000000000000000000..99e2f16e9719377f8869b74a49727ab0db1bf7fb
--- /dev/null
+++ b/vendor/golang.org/x/crypto/sha3/keccakf_amd64.s
@@ -0,0 +1,5419 @@
+// Code generated by command: go run keccakf_amd64_asm.go -out ../keccakf_amd64.s -pkg sha3. DO NOT EDIT.
+
+//go:build amd64 && !purego && gc
+
+// func keccakF1600(a *[25]uint64)
+TEXT ·keccakF1600(SB), $200-8
+ MOVQ a+0(FP), DI
+
+ // Convert the user state into an internal state
+ NOTQ 8(DI)
+ NOTQ 16(DI)
+ NOTQ 64(DI)
+ NOTQ 96(DI)
+ NOTQ 136(DI)
+ NOTQ 160(DI)
+
+ // Execute the KeccakF permutation
+ MOVQ (DI), SI
+ MOVQ 8(DI), BP
+ MOVQ 32(DI), R15
+ XORQ 40(DI), SI
+ XORQ 48(DI), BP
+ XORQ 72(DI), R15
+ XORQ 80(DI), SI
+ XORQ 88(DI), BP
+ XORQ 112(DI), R15
+ XORQ 120(DI), SI
+ XORQ 128(DI), BP
+ XORQ 152(DI), R15
+ XORQ 160(DI), SI
+ XORQ 168(DI), BP
+ MOVQ 176(DI), DX
+ MOVQ 184(DI), R8
+ XORQ 192(DI), R15
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(DI), R12
+ XORQ 56(DI), DX
+ XORQ R15, BX
+ XORQ 96(DI), R12
+ XORQ 136(DI), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(DI), R13
+ XORQ 64(DI), R8
+ XORQ SI, CX
+ XORQ 104(DI), R13
+ XORQ 144(DI), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (DI), R10
+ MOVQ 48(DI), R11
+ XORQ R13, R9
+ MOVQ 96(DI), R12
+ MOVQ 144(DI), R13
+ MOVQ 192(DI), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x0000000000000001, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (SP)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(SP)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(SP)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(SP)
+ MOVQ R12, 8(SP)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(DI), R11
+ XORQ R9, R11
+ MOVQ 80(DI), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(DI), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(DI), R13
+ MOVQ 176(DI), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(SP)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(SP)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(SP)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(SP)
+
+ // Result k
+ MOVQ 8(DI), R10
+ MOVQ 56(DI), R11
+ MOVQ 104(DI), R12
+ MOVQ 152(DI), R13
+ MOVQ 160(DI), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(SP)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(SP)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(SP)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(SP)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(DI), R11
+ XORQ BX, R11
+ MOVQ 88(DI), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(DI), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(DI), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(DI), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(SP)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(SP)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(SP)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(SP)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(SP)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(DI), R10
+ MOVQ 64(DI), R11
+ MOVQ 112(DI), R12
+ XORQ DX, R10
+ MOVQ 120(DI), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(DI), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(SP)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(SP)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(SP)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(SP)
+ MOVQ R8, 184(SP)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(SP), R12
+ XORQ 56(SP), DX
+ XORQ R15, BX
+ XORQ 96(SP), R12
+ XORQ 136(SP), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(SP), R13
+ XORQ 64(SP), R8
+ XORQ SI, CX
+ XORQ 104(SP), R13
+ XORQ 144(SP), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (SP), R10
+ MOVQ 48(SP), R11
+ XORQ R13, R9
+ MOVQ 96(SP), R12
+ MOVQ 144(SP), R13
+ MOVQ 192(SP), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x0000000000008082, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (DI)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(DI)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(DI)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(DI)
+ MOVQ R12, 8(DI)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(SP), R11
+ XORQ R9, R11
+ MOVQ 80(SP), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(SP), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(SP), R13
+ MOVQ 176(SP), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(DI)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(DI)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(DI)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(DI)
+
+ // Result k
+ MOVQ 8(SP), R10
+ MOVQ 56(SP), R11
+ MOVQ 104(SP), R12
+ MOVQ 152(SP), R13
+ MOVQ 160(SP), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(DI)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(DI)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(DI)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(DI)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(SP), R11
+ XORQ BX, R11
+ MOVQ 88(SP), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(SP), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(SP), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(SP), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(DI)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(DI)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(DI)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(DI)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(DI)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(SP), R10
+ MOVQ 64(SP), R11
+ MOVQ 112(SP), R12
+ XORQ DX, R10
+ MOVQ 120(SP), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(SP), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(DI)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(DI)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(DI)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(DI)
+ MOVQ R8, 184(DI)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(DI), R12
+ XORQ 56(DI), DX
+ XORQ R15, BX
+ XORQ 96(DI), R12
+ XORQ 136(DI), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(DI), R13
+ XORQ 64(DI), R8
+ XORQ SI, CX
+ XORQ 104(DI), R13
+ XORQ 144(DI), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (DI), R10
+ MOVQ 48(DI), R11
+ XORQ R13, R9
+ MOVQ 96(DI), R12
+ MOVQ 144(DI), R13
+ MOVQ 192(DI), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x800000000000808a, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (SP)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(SP)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(SP)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(SP)
+ MOVQ R12, 8(SP)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(DI), R11
+ XORQ R9, R11
+ MOVQ 80(DI), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(DI), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(DI), R13
+ MOVQ 176(DI), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(SP)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(SP)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(SP)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(SP)
+
+ // Result k
+ MOVQ 8(DI), R10
+ MOVQ 56(DI), R11
+ MOVQ 104(DI), R12
+ MOVQ 152(DI), R13
+ MOVQ 160(DI), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(SP)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(SP)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(SP)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(SP)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(DI), R11
+ XORQ BX, R11
+ MOVQ 88(DI), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(DI), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(DI), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(DI), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(SP)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(SP)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(SP)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(SP)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(SP)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(DI), R10
+ MOVQ 64(DI), R11
+ MOVQ 112(DI), R12
+ XORQ DX, R10
+ MOVQ 120(DI), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(DI), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(SP)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(SP)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(SP)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(SP)
+ MOVQ R8, 184(SP)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(SP), R12
+ XORQ 56(SP), DX
+ XORQ R15, BX
+ XORQ 96(SP), R12
+ XORQ 136(SP), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(SP), R13
+ XORQ 64(SP), R8
+ XORQ SI, CX
+ XORQ 104(SP), R13
+ XORQ 144(SP), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (SP), R10
+ MOVQ 48(SP), R11
+ XORQ R13, R9
+ MOVQ 96(SP), R12
+ MOVQ 144(SP), R13
+ MOVQ 192(SP), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x8000000080008000, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (DI)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(DI)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(DI)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(DI)
+ MOVQ R12, 8(DI)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(SP), R11
+ XORQ R9, R11
+ MOVQ 80(SP), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(SP), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(SP), R13
+ MOVQ 176(SP), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(DI)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(DI)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(DI)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(DI)
+
+ // Result k
+ MOVQ 8(SP), R10
+ MOVQ 56(SP), R11
+ MOVQ 104(SP), R12
+ MOVQ 152(SP), R13
+ MOVQ 160(SP), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(DI)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(DI)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(DI)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(DI)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(SP), R11
+ XORQ BX, R11
+ MOVQ 88(SP), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(SP), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(SP), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(SP), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(DI)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(DI)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(DI)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(DI)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(DI)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(SP), R10
+ MOVQ 64(SP), R11
+ MOVQ 112(SP), R12
+ XORQ DX, R10
+ MOVQ 120(SP), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(SP), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(DI)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(DI)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(DI)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(DI)
+ MOVQ R8, 184(DI)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(DI), R12
+ XORQ 56(DI), DX
+ XORQ R15, BX
+ XORQ 96(DI), R12
+ XORQ 136(DI), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(DI), R13
+ XORQ 64(DI), R8
+ XORQ SI, CX
+ XORQ 104(DI), R13
+ XORQ 144(DI), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (DI), R10
+ MOVQ 48(DI), R11
+ XORQ R13, R9
+ MOVQ 96(DI), R12
+ MOVQ 144(DI), R13
+ MOVQ 192(DI), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x000000000000808b, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (SP)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(SP)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(SP)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(SP)
+ MOVQ R12, 8(SP)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(DI), R11
+ XORQ R9, R11
+ MOVQ 80(DI), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(DI), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(DI), R13
+ MOVQ 176(DI), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(SP)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(SP)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(SP)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(SP)
+
+ // Result k
+ MOVQ 8(DI), R10
+ MOVQ 56(DI), R11
+ MOVQ 104(DI), R12
+ MOVQ 152(DI), R13
+ MOVQ 160(DI), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(SP)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(SP)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(SP)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(SP)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(DI), R11
+ XORQ BX, R11
+ MOVQ 88(DI), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(DI), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(DI), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(DI), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(SP)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(SP)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(SP)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(SP)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(SP)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(DI), R10
+ MOVQ 64(DI), R11
+ MOVQ 112(DI), R12
+ XORQ DX, R10
+ MOVQ 120(DI), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(DI), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(SP)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(SP)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(SP)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(SP)
+ MOVQ R8, 184(SP)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(SP), R12
+ XORQ 56(SP), DX
+ XORQ R15, BX
+ XORQ 96(SP), R12
+ XORQ 136(SP), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(SP), R13
+ XORQ 64(SP), R8
+ XORQ SI, CX
+ XORQ 104(SP), R13
+ XORQ 144(SP), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (SP), R10
+ MOVQ 48(SP), R11
+ XORQ R13, R9
+ MOVQ 96(SP), R12
+ MOVQ 144(SP), R13
+ MOVQ 192(SP), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x0000000080000001, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (DI)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(DI)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(DI)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(DI)
+ MOVQ R12, 8(DI)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(SP), R11
+ XORQ R9, R11
+ MOVQ 80(SP), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(SP), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(SP), R13
+ MOVQ 176(SP), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(DI)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(DI)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(DI)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(DI)
+
+ // Result k
+ MOVQ 8(SP), R10
+ MOVQ 56(SP), R11
+ MOVQ 104(SP), R12
+ MOVQ 152(SP), R13
+ MOVQ 160(SP), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(DI)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(DI)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(DI)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(DI)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(SP), R11
+ XORQ BX, R11
+ MOVQ 88(SP), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(SP), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(SP), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(SP), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(DI)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(DI)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(DI)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(DI)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(DI)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(SP), R10
+ MOVQ 64(SP), R11
+ MOVQ 112(SP), R12
+ XORQ DX, R10
+ MOVQ 120(SP), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(SP), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(DI)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(DI)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(DI)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(DI)
+ MOVQ R8, 184(DI)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(DI), R12
+ XORQ 56(DI), DX
+ XORQ R15, BX
+ XORQ 96(DI), R12
+ XORQ 136(DI), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(DI), R13
+ XORQ 64(DI), R8
+ XORQ SI, CX
+ XORQ 104(DI), R13
+ XORQ 144(DI), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (DI), R10
+ MOVQ 48(DI), R11
+ XORQ R13, R9
+ MOVQ 96(DI), R12
+ MOVQ 144(DI), R13
+ MOVQ 192(DI), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x8000000080008081, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (SP)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(SP)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(SP)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(SP)
+ MOVQ R12, 8(SP)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(DI), R11
+ XORQ R9, R11
+ MOVQ 80(DI), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(DI), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(DI), R13
+ MOVQ 176(DI), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(SP)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(SP)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(SP)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(SP)
+
+ // Result k
+ MOVQ 8(DI), R10
+ MOVQ 56(DI), R11
+ MOVQ 104(DI), R12
+ MOVQ 152(DI), R13
+ MOVQ 160(DI), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(SP)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(SP)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(SP)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(SP)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(DI), R11
+ XORQ BX, R11
+ MOVQ 88(DI), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(DI), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(DI), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(DI), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(SP)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(SP)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(SP)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(SP)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(SP)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(DI), R10
+ MOVQ 64(DI), R11
+ MOVQ 112(DI), R12
+ XORQ DX, R10
+ MOVQ 120(DI), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(DI), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(SP)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(SP)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(SP)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(SP)
+ MOVQ R8, 184(SP)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(SP), R12
+ XORQ 56(SP), DX
+ XORQ R15, BX
+ XORQ 96(SP), R12
+ XORQ 136(SP), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(SP), R13
+ XORQ 64(SP), R8
+ XORQ SI, CX
+ XORQ 104(SP), R13
+ XORQ 144(SP), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (SP), R10
+ MOVQ 48(SP), R11
+ XORQ R13, R9
+ MOVQ 96(SP), R12
+ MOVQ 144(SP), R13
+ MOVQ 192(SP), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x8000000000008009, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (DI)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(DI)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(DI)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(DI)
+ MOVQ R12, 8(DI)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(SP), R11
+ XORQ R9, R11
+ MOVQ 80(SP), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(SP), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(SP), R13
+ MOVQ 176(SP), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(DI)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(DI)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(DI)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(DI)
+
+ // Result k
+ MOVQ 8(SP), R10
+ MOVQ 56(SP), R11
+ MOVQ 104(SP), R12
+ MOVQ 152(SP), R13
+ MOVQ 160(SP), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(DI)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(DI)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(DI)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(DI)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(SP), R11
+ XORQ BX, R11
+ MOVQ 88(SP), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(SP), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(SP), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(SP), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(DI)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(DI)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(DI)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(DI)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(DI)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(SP), R10
+ MOVQ 64(SP), R11
+ MOVQ 112(SP), R12
+ XORQ DX, R10
+ MOVQ 120(SP), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(SP), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(DI)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(DI)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(DI)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(DI)
+ MOVQ R8, 184(DI)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(DI), R12
+ XORQ 56(DI), DX
+ XORQ R15, BX
+ XORQ 96(DI), R12
+ XORQ 136(DI), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(DI), R13
+ XORQ 64(DI), R8
+ XORQ SI, CX
+ XORQ 104(DI), R13
+ XORQ 144(DI), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (DI), R10
+ MOVQ 48(DI), R11
+ XORQ R13, R9
+ MOVQ 96(DI), R12
+ MOVQ 144(DI), R13
+ MOVQ 192(DI), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x000000000000008a, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (SP)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(SP)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(SP)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(SP)
+ MOVQ R12, 8(SP)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(DI), R11
+ XORQ R9, R11
+ MOVQ 80(DI), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(DI), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(DI), R13
+ MOVQ 176(DI), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(SP)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(SP)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(SP)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(SP)
+
+ // Result k
+ MOVQ 8(DI), R10
+ MOVQ 56(DI), R11
+ MOVQ 104(DI), R12
+ MOVQ 152(DI), R13
+ MOVQ 160(DI), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(SP)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(SP)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(SP)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(SP)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(DI), R11
+ XORQ BX, R11
+ MOVQ 88(DI), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(DI), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(DI), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(DI), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(SP)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(SP)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(SP)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(SP)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(SP)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(DI), R10
+ MOVQ 64(DI), R11
+ MOVQ 112(DI), R12
+ XORQ DX, R10
+ MOVQ 120(DI), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(DI), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(SP)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(SP)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(SP)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(SP)
+ MOVQ R8, 184(SP)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(SP), R12
+ XORQ 56(SP), DX
+ XORQ R15, BX
+ XORQ 96(SP), R12
+ XORQ 136(SP), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(SP), R13
+ XORQ 64(SP), R8
+ XORQ SI, CX
+ XORQ 104(SP), R13
+ XORQ 144(SP), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (SP), R10
+ MOVQ 48(SP), R11
+ XORQ R13, R9
+ MOVQ 96(SP), R12
+ MOVQ 144(SP), R13
+ MOVQ 192(SP), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x0000000000000088, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (DI)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(DI)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(DI)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(DI)
+ MOVQ R12, 8(DI)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(SP), R11
+ XORQ R9, R11
+ MOVQ 80(SP), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(SP), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(SP), R13
+ MOVQ 176(SP), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(DI)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(DI)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(DI)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(DI)
+
+ // Result k
+ MOVQ 8(SP), R10
+ MOVQ 56(SP), R11
+ MOVQ 104(SP), R12
+ MOVQ 152(SP), R13
+ MOVQ 160(SP), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(DI)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(DI)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(DI)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(DI)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(SP), R11
+ XORQ BX, R11
+ MOVQ 88(SP), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(SP), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(SP), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(SP), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(DI)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(DI)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(DI)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(DI)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(DI)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(SP), R10
+ MOVQ 64(SP), R11
+ MOVQ 112(SP), R12
+ XORQ DX, R10
+ MOVQ 120(SP), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(SP), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(DI)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(DI)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(DI)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(DI)
+ MOVQ R8, 184(DI)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(DI), R12
+ XORQ 56(DI), DX
+ XORQ R15, BX
+ XORQ 96(DI), R12
+ XORQ 136(DI), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(DI), R13
+ XORQ 64(DI), R8
+ XORQ SI, CX
+ XORQ 104(DI), R13
+ XORQ 144(DI), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (DI), R10
+ MOVQ 48(DI), R11
+ XORQ R13, R9
+ MOVQ 96(DI), R12
+ MOVQ 144(DI), R13
+ MOVQ 192(DI), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x0000000080008009, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (SP)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(SP)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(SP)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(SP)
+ MOVQ R12, 8(SP)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(DI), R11
+ XORQ R9, R11
+ MOVQ 80(DI), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(DI), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(DI), R13
+ MOVQ 176(DI), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(SP)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(SP)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(SP)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(SP)
+
+ // Result k
+ MOVQ 8(DI), R10
+ MOVQ 56(DI), R11
+ MOVQ 104(DI), R12
+ MOVQ 152(DI), R13
+ MOVQ 160(DI), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(SP)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(SP)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(SP)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(SP)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(DI), R11
+ XORQ BX, R11
+ MOVQ 88(DI), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(DI), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(DI), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(DI), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(SP)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(SP)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(SP)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(SP)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(SP)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(DI), R10
+ MOVQ 64(DI), R11
+ MOVQ 112(DI), R12
+ XORQ DX, R10
+ MOVQ 120(DI), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(DI), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(SP)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(SP)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(SP)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(SP)
+ MOVQ R8, 184(SP)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(SP), R12
+ XORQ 56(SP), DX
+ XORQ R15, BX
+ XORQ 96(SP), R12
+ XORQ 136(SP), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(SP), R13
+ XORQ 64(SP), R8
+ XORQ SI, CX
+ XORQ 104(SP), R13
+ XORQ 144(SP), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (SP), R10
+ MOVQ 48(SP), R11
+ XORQ R13, R9
+ MOVQ 96(SP), R12
+ MOVQ 144(SP), R13
+ MOVQ 192(SP), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x000000008000000a, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (DI)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(DI)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(DI)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(DI)
+ MOVQ R12, 8(DI)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(SP), R11
+ XORQ R9, R11
+ MOVQ 80(SP), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(SP), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(SP), R13
+ MOVQ 176(SP), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(DI)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(DI)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(DI)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(DI)
+
+ // Result k
+ MOVQ 8(SP), R10
+ MOVQ 56(SP), R11
+ MOVQ 104(SP), R12
+ MOVQ 152(SP), R13
+ MOVQ 160(SP), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(DI)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(DI)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(DI)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(DI)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(SP), R11
+ XORQ BX, R11
+ MOVQ 88(SP), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(SP), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(SP), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(SP), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(DI)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(DI)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(DI)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(DI)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(DI)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(SP), R10
+ MOVQ 64(SP), R11
+ MOVQ 112(SP), R12
+ XORQ DX, R10
+ MOVQ 120(SP), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(SP), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(DI)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(DI)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(DI)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(DI)
+ MOVQ R8, 184(DI)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(DI), R12
+ XORQ 56(DI), DX
+ XORQ R15, BX
+ XORQ 96(DI), R12
+ XORQ 136(DI), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(DI), R13
+ XORQ 64(DI), R8
+ XORQ SI, CX
+ XORQ 104(DI), R13
+ XORQ 144(DI), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (DI), R10
+ MOVQ 48(DI), R11
+ XORQ R13, R9
+ MOVQ 96(DI), R12
+ MOVQ 144(DI), R13
+ MOVQ 192(DI), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x000000008000808b, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (SP)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(SP)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(SP)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(SP)
+ MOVQ R12, 8(SP)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(DI), R11
+ XORQ R9, R11
+ MOVQ 80(DI), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(DI), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(DI), R13
+ MOVQ 176(DI), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(SP)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(SP)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(SP)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(SP)
+
+ // Result k
+ MOVQ 8(DI), R10
+ MOVQ 56(DI), R11
+ MOVQ 104(DI), R12
+ MOVQ 152(DI), R13
+ MOVQ 160(DI), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(SP)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(SP)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(SP)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(SP)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(DI), R11
+ XORQ BX, R11
+ MOVQ 88(DI), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(DI), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(DI), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(DI), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(SP)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(SP)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(SP)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(SP)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(SP)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(DI), R10
+ MOVQ 64(DI), R11
+ MOVQ 112(DI), R12
+ XORQ DX, R10
+ MOVQ 120(DI), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(DI), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(SP)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(SP)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(SP)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(SP)
+ MOVQ R8, 184(SP)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(SP), R12
+ XORQ 56(SP), DX
+ XORQ R15, BX
+ XORQ 96(SP), R12
+ XORQ 136(SP), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(SP), R13
+ XORQ 64(SP), R8
+ XORQ SI, CX
+ XORQ 104(SP), R13
+ XORQ 144(SP), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (SP), R10
+ MOVQ 48(SP), R11
+ XORQ R13, R9
+ MOVQ 96(SP), R12
+ MOVQ 144(SP), R13
+ MOVQ 192(SP), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x800000000000008b, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (DI)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(DI)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(DI)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(DI)
+ MOVQ R12, 8(DI)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(SP), R11
+ XORQ R9, R11
+ MOVQ 80(SP), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(SP), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(SP), R13
+ MOVQ 176(SP), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(DI)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(DI)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(DI)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(DI)
+
+ // Result k
+ MOVQ 8(SP), R10
+ MOVQ 56(SP), R11
+ MOVQ 104(SP), R12
+ MOVQ 152(SP), R13
+ MOVQ 160(SP), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(DI)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(DI)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(DI)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(DI)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(SP), R11
+ XORQ BX, R11
+ MOVQ 88(SP), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(SP), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(SP), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(SP), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(DI)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(DI)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(DI)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(DI)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(DI)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(SP), R10
+ MOVQ 64(SP), R11
+ MOVQ 112(SP), R12
+ XORQ DX, R10
+ MOVQ 120(SP), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(SP), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(DI)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(DI)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(DI)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(DI)
+ MOVQ R8, 184(DI)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(DI), R12
+ XORQ 56(DI), DX
+ XORQ R15, BX
+ XORQ 96(DI), R12
+ XORQ 136(DI), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(DI), R13
+ XORQ 64(DI), R8
+ XORQ SI, CX
+ XORQ 104(DI), R13
+ XORQ 144(DI), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (DI), R10
+ MOVQ 48(DI), R11
+ XORQ R13, R9
+ MOVQ 96(DI), R12
+ MOVQ 144(DI), R13
+ MOVQ 192(DI), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x8000000000008089, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (SP)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(SP)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(SP)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(SP)
+ MOVQ R12, 8(SP)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(DI), R11
+ XORQ R9, R11
+ MOVQ 80(DI), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(DI), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(DI), R13
+ MOVQ 176(DI), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(SP)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(SP)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(SP)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(SP)
+
+ // Result k
+ MOVQ 8(DI), R10
+ MOVQ 56(DI), R11
+ MOVQ 104(DI), R12
+ MOVQ 152(DI), R13
+ MOVQ 160(DI), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(SP)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(SP)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(SP)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(SP)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(DI), R11
+ XORQ BX, R11
+ MOVQ 88(DI), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(DI), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(DI), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(DI), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(SP)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(SP)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(SP)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(SP)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(SP)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(DI), R10
+ MOVQ 64(DI), R11
+ MOVQ 112(DI), R12
+ XORQ DX, R10
+ MOVQ 120(DI), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(DI), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(SP)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(SP)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(SP)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(SP)
+ MOVQ R8, 184(SP)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(SP), R12
+ XORQ 56(SP), DX
+ XORQ R15, BX
+ XORQ 96(SP), R12
+ XORQ 136(SP), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(SP), R13
+ XORQ 64(SP), R8
+ XORQ SI, CX
+ XORQ 104(SP), R13
+ XORQ 144(SP), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (SP), R10
+ MOVQ 48(SP), R11
+ XORQ R13, R9
+ MOVQ 96(SP), R12
+ MOVQ 144(SP), R13
+ MOVQ 192(SP), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x8000000000008003, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (DI)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(DI)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(DI)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(DI)
+ MOVQ R12, 8(DI)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(SP), R11
+ XORQ R9, R11
+ MOVQ 80(SP), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(SP), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(SP), R13
+ MOVQ 176(SP), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(DI)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(DI)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(DI)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(DI)
+
+ // Result k
+ MOVQ 8(SP), R10
+ MOVQ 56(SP), R11
+ MOVQ 104(SP), R12
+ MOVQ 152(SP), R13
+ MOVQ 160(SP), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(DI)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(DI)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(DI)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(DI)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(SP), R11
+ XORQ BX, R11
+ MOVQ 88(SP), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(SP), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(SP), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(SP), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(DI)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(DI)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(DI)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(DI)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(DI)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(SP), R10
+ MOVQ 64(SP), R11
+ MOVQ 112(SP), R12
+ XORQ DX, R10
+ MOVQ 120(SP), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(SP), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(DI)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(DI)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(DI)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(DI)
+ MOVQ R8, 184(DI)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(DI), R12
+ XORQ 56(DI), DX
+ XORQ R15, BX
+ XORQ 96(DI), R12
+ XORQ 136(DI), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(DI), R13
+ XORQ 64(DI), R8
+ XORQ SI, CX
+ XORQ 104(DI), R13
+ XORQ 144(DI), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (DI), R10
+ MOVQ 48(DI), R11
+ XORQ R13, R9
+ MOVQ 96(DI), R12
+ MOVQ 144(DI), R13
+ MOVQ 192(DI), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x8000000000008002, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (SP)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(SP)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(SP)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(SP)
+ MOVQ R12, 8(SP)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(DI), R11
+ XORQ R9, R11
+ MOVQ 80(DI), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(DI), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(DI), R13
+ MOVQ 176(DI), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(SP)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(SP)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(SP)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(SP)
+
+ // Result k
+ MOVQ 8(DI), R10
+ MOVQ 56(DI), R11
+ MOVQ 104(DI), R12
+ MOVQ 152(DI), R13
+ MOVQ 160(DI), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(SP)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(SP)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(SP)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(SP)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(DI), R11
+ XORQ BX, R11
+ MOVQ 88(DI), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(DI), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(DI), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(DI), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(SP)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(SP)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(SP)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(SP)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(SP)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(DI), R10
+ MOVQ 64(DI), R11
+ MOVQ 112(DI), R12
+ XORQ DX, R10
+ MOVQ 120(DI), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(DI), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(SP)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(SP)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(SP)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(SP)
+ MOVQ R8, 184(SP)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(SP), R12
+ XORQ 56(SP), DX
+ XORQ R15, BX
+ XORQ 96(SP), R12
+ XORQ 136(SP), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(SP), R13
+ XORQ 64(SP), R8
+ XORQ SI, CX
+ XORQ 104(SP), R13
+ XORQ 144(SP), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (SP), R10
+ MOVQ 48(SP), R11
+ XORQ R13, R9
+ MOVQ 96(SP), R12
+ MOVQ 144(SP), R13
+ MOVQ 192(SP), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x8000000000000080, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (DI)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(DI)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(DI)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(DI)
+ MOVQ R12, 8(DI)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(SP), R11
+ XORQ R9, R11
+ MOVQ 80(SP), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(SP), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(SP), R13
+ MOVQ 176(SP), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(DI)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(DI)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(DI)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(DI)
+
+ // Result k
+ MOVQ 8(SP), R10
+ MOVQ 56(SP), R11
+ MOVQ 104(SP), R12
+ MOVQ 152(SP), R13
+ MOVQ 160(SP), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(DI)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(DI)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(DI)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(DI)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(SP), R11
+ XORQ BX, R11
+ MOVQ 88(SP), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(SP), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(SP), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(SP), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(DI)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(DI)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(DI)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(DI)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(DI)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(SP), R10
+ MOVQ 64(SP), R11
+ MOVQ 112(SP), R12
+ XORQ DX, R10
+ MOVQ 120(SP), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(SP), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(DI)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(DI)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(DI)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(DI)
+ MOVQ R8, 184(DI)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(DI), R12
+ XORQ 56(DI), DX
+ XORQ R15, BX
+ XORQ 96(DI), R12
+ XORQ 136(DI), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(DI), R13
+ XORQ 64(DI), R8
+ XORQ SI, CX
+ XORQ 104(DI), R13
+ XORQ 144(DI), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (DI), R10
+ MOVQ 48(DI), R11
+ XORQ R13, R9
+ MOVQ 96(DI), R12
+ MOVQ 144(DI), R13
+ MOVQ 192(DI), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x000000000000800a, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (SP)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(SP)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(SP)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(SP)
+ MOVQ R12, 8(SP)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(DI), R11
+ XORQ R9, R11
+ MOVQ 80(DI), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(DI), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(DI), R13
+ MOVQ 176(DI), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(SP)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(SP)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(SP)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(SP)
+
+ // Result k
+ MOVQ 8(DI), R10
+ MOVQ 56(DI), R11
+ MOVQ 104(DI), R12
+ MOVQ 152(DI), R13
+ MOVQ 160(DI), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(SP)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(SP)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(SP)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(SP)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(DI), R11
+ XORQ BX, R11
+ MOVQ 88(DI), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(DI), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(DI), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(DI), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(SP)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(SP)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(SP)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(SP)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(SP)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(DI), R10
+ MOVQ 64(DI), R11
+ MOVQ 112(DI), R12
+ XORQ DX, R10
+ MOVQ 120(DI), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(DI), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(SP)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(SP)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(SP)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(SP)
+ MOVQ R8, 184(SP)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(SP), R12
+ XORQ 56(SP), DX
+ XORQ R15, BX
+ XORQ 96(SP), R12
+ XORQ 136(SP), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(SP), R13
+ XORQ 64(SP), R8
+ XORQ SI, CX
+ XORQ 104(SP), R13
+ XORQ 144(SP), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (SP), R10
+ MOVQ 48(SP), R11
+ XORQ R13, R9
+ MOVQ 96(SP), R12
+ MOVQ 144(SP), R13
+ MOVQ 192(SP), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x800000008000000a, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (DI)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(DI)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(DI)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(DI)
+ MOVQ R12, 8(DI)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(SP), R11
+ XORQ R9, R11
+ MOVQ 80(SP), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(SP), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(SP), R13
+ MOVQ 176(SP), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(DI)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(DI)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(DI)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(DI)
+
+ // Result k
+ MOVQ 8(SP), R10
+ MOVQ 56(SP), R11
+ MOVQ 104(SP), R12
+ MOVQ 152(SP), R13
+ MOVQ 160(SP), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(DI)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(DI)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(DI)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(DI)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(SP), R11
+ XORQ BX, R11
+ MOVQ 88(SP), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(SP), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(SP), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(SP), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(DI)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(DI)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(DI)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(DI)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(DI)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(SP), R10
+ MOVQ 64(SP), R11
+ MOVQ 112(SP), R12
+ XORQ DX, R10
+ MOVQ 120(SP), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(SP), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(DI)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(DI)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(DI)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(DI)
+ MOVQ R8, 184(DI)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(DI), R12
+ XORQ 56(DI), DX
+ XORQ R15, BX
+ XORQ 96(DI), R12
+ XORQ 136(DI), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(DI), R13
+ XORQ 64(DI), R8
+ XORQ SI, CX
+ XORQ 104(DI), R13
+ XORQ 144(DI), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (DI), R10
+ MOVQ 48(DI), R11
+ XORQ R13, R9
+ MOVQ 96(DI), R12
+ MOVQ 144(DI), R13
+ MOVQ 192(DI), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x8000000080008081, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (SP)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(SP)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(SP)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(SP)
+ MOVQ R12, 8(SP)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(DI), R11
+ XORQ R9, R11
+ MOVQ 80(DI), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(DI), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(DI), R13
+ MOVQ 176(DI), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(SP)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(SP)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(SP)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(SP)
+
+ // Result k
+ MOVQ 8(DI), R10
+ MOVQ 56(DI), R11
+ MOVQ 104(DI), R12
+ MOVQ 152(DI), R13
+ MOVQ 160(DI), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(SP)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(SP)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(SP)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(SP)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(DI), R11
+ XORQ BX, R11
+ MOVQ 88(DI), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(DI), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(DI), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(DI), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(SP)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(SP)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(SP)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(SP)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(SP)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(DI), R10
+ MOVQ 64(DI), R11
+ MOVQ 112(DI), R12
+ XORQ DX, R10
+ MOVQ 120(DI), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(DI), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(SP)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(SP)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(SP)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(SP)
+ MOVQ R8, 184(SP)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(SP), R12
+ XORQ 56(SP), DX
+ XORQ R15, BX
+ XORQ 96(SP), R12
+ XORQ 136(SP), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(SP), R13
+ XORQ 64(SP), R8
+ XORQ SI, CX
+ XORQ 104(SP), R13
+ XORQ 144(SP), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (SP), R10
+ MOVQ 48(SP), R11
+ XORQ R13, R9
+ MOVQ 96(SP), R12
+ MOVQ 144(SP), R13
+ MOVQ 192(SP), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x8000000000008080, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (DI)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(DI)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(DI)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(DI)
+ MOVQ R12, 8(DI)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(SP), R11
+ XORQ R9, R11
+ MOVQ 80(SP), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(SP), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(SP), R13
+ MOVQ 176(SP), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(DI)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(DI)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(DI)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(DI)
+
+ // Result k
+ MOVQ 8(SP), R10
+ MOVQ 56(SP), R11
+ MOVQ 104(SP), R12
+ MOVQ 152(SP), R13
+ MOVQ 160(SP), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(DI)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(DI)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(DI)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(DI)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(SP), R11
+ XORQ BX, R11
+ MOVQ 88(SP), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(SP), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(SP), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(SP), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(DI)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(DI)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(DI)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(DI)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(DI)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(SP), R10
+ MOVQ 64(SP), R11
+ MOVQ 112(SP), R12
+ XORQ DX, R10
+ MOVQ 120(SP), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(SP), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(DI)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(DI)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(DI)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(DI)
+ MOVQ R8, 184(DI)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(DI), R12
+ XORQ 56(DI), DX
+ XORQ R15, BX
+ XORQ 96(DI), R12
+ XORQ 136(DI), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(DI), R13
+ XORQ 64(DI), R8
+ XORQ SI, CX
+ XORQ 104(DI), R13
+ XORQ 144(DI), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (DI), R10
+ MOVQ 48(DI), R11
+ XORQ R13, R9
+ MOVQ 96(DI), R12
+ MOVQ 144(DI), R13
+ MOVQ 192(DI), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x0000000080000001, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (SP)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(SP)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(SP)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(SP)
+ MOVQ R12, 8(SP)
+ MOVQ R12, BP
+
+ // Result g
+ MOVQ 72(DI), R11
+ XORQ R9, R11
+ MOVQ 80(DI), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(DI), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(DI), R13
+ MOVQ 176(DI), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(SP)
+ XORQ AX, SI
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(SP)
+ XORQ AX, BP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(SP)
+ NOTQ R14
+ XORQ R10, R15
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(SP)
+
+ // Result k
+ MOVQ 8(DI), R10
+ MOVQ 56(DI), R11
+ MOVQ 104(DI), R12
+ MOVQ 152(DI), R13
+ MOVQ 160(DI), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(SP)
+ XORQ AX, SI
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(SP)
+ XORQ AX, BP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(SP)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(SP)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(SP)
+ XORQ R10, R15
+
+ // Result m
+ MOVQ 40(DI), R11
+ XORQ BX, R11
+ MOVQ 88(DI), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(DI), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(DI), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(DI), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(SP)
+ XORQ AX, SI
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(SP)
+ XORQ AX, BP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(SP)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(SP)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(SP)
+ XORQ R11, R15
+
+ // Result s
+ MOVQ 16(DI), R10
+ MOVQ 64(DI), R11
+ MOVQ 112(DI), R12
+ XORQ DX, R10
+ MOVQ 120(DI), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(DI), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(SP)
+ ROLQ $0x27, R12
+ XORQ R9, R15
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(SP)
+ XORQ BX, SI
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(SP)
+ XORQ CX, BP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(SP)
+ MOVQ R8, 184(SP)
+
+ // Prepare round
+ MOVQ BP, BX
+ ROLQ $0x01, BX
+ MOVQ 16(SP), R12
+ XORQ 56(SP), DX
+ XORQ R15, BX
+ XORQ 96(SP), R12
+ XORQ 136(SP), DX
+ XORQ DX, R12
+ MOVQ R12, CX
+ ROLQ $0x01, CX
+ MOVQ 24(SP), R13
+ XORQ 64(SP), R8
+ XORQ SI, CX
+ XORQ 104(SP), R13
+ XORQ 144(SP), R8
+ XORQ R8, R13
+ MOVQ R13, DX
+ ROLQ $0x01, DX
+ MOVQ R15, R8
+ XORQ BP, DX
+ ROLQ $0x01, R8
+ MOVQ SI, R9
+ XORQ R12, R8
+ ROLQ $0x01, R9
+
+ // Result b
+ MOVQ (SP), R10
+ MOVQ 48(SP), R11
+ XORQ R13, R9
+ MOVQ 96(SP), R12
+ MOVQ 144(SP), R13
+ MOVQ 192(SP), R14
+ XORQ CX, R11
+ ROLQ $0x2c, R11
+ XORQ DX, R12
+ XORQ BX, R10
+ ROLQ $0x2b, R12
+ MOVQ R11, SI
+ MOVQ $0x8000000080008008, AX
+ ORQ R12, SI
+ XORQ R10, AX
+ XORQ AX, SI
+ MOVQ SI, (DI)
+ XORQ R9, R14
+ ROLQ $0x0e, R14
+ MOVQ R10, R15
+ ANDQ R11, R15
+ XORQ R14, R15
+ MOVQ R15, 32(DI)
+ XORQ R8, R13
+ ROLQ $0x15, R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 16(DI)
+ NOTQ R12
+ ORQ R10, R14
+ ORQ R13, R12
+ XORQ R13, R14
+ XORQ R11, R12
+ MOVQ R14, 24(DI)
+ MOVQ R12, 8(DI)
+ NOP
+
+ // Result g
+ MOVQ 72(SP), R11
+ XORQ R9, R11
+ MOVQ 80(SP), R12
+ ROLQ $0x14, R11
+ XORQ BX, R12
+ ROLQ $0x03, R12
+ MOVQ 24(SP), R10
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ R8, R10
+ MOVQ 128(SP), R13
+ MOVQ 176(SP), R14
+ ROLQ $0x1c, R10
+ XORQ R10, AX
+ MOVQ AX, 40(DI)
+ NOP
+ XORQ CX, R13
+ ROLQ $0x2d, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 48(DI)
+ NOP
+ XORQ DX, R14
+ ROLQ $0x3d, R14
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 64(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 72(DI)
+ NOTQ R14
+ NOP
+ ORQ R14, R13
+ XORQ R12, R13
+ MOVQ R13, 56(DI)
+
+ // Result k
+ MOVQ 8(SP), R10
+ MOVQ 56(SP), R11
+ MOVQ 104(SP), R12
+ MOVQ 152(SP), R13
+ MOVQ 160(SP), R14
+ XORQ DX, R11
+ ROLQ $0x06, R11
+ XORQ R8, R12
+ ROLQ $0x19, R12
+ MOVQ R11, AX
+ ORQ R12, AX
+ XORQ CX, R10
+ ROLQ $0x01, R10
+ XORQ R10, AX
+ MOVQ AX, 80(DI)
+ NOP
+ XORQ R9, R13
+ ROLQ $0x08, R13
+ MOVQ R12, AX
+ ANDQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 88(DI)
+ NOP
+ XORQ BX, R14
+ ROLQ $0x12, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ANDQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 96(DI)
+ MOVQ R14, AX
+ ORQ R10, AX
+ XORQ R13, AX
+ MOVQ AX, 104(DI)
+ ANDQ R11, R10
+ XORQ R14, R10
+ MOVQ R10, 112(DI)
+ NOP
+
+ // Result m
+ MOVQ 40(SP), R11
+ XORQ BX, R11
+ MOVQ 88(SP), R12
+ ROLQ $0x24, R11
+ XORQ CX, R12
+ MOVQ 32(SP), R10
+ ROLQ $0x0a, R12
+ MOVQ R11, AX
+ MOVQ 136(SP), R13
+ ANDQ R12, AX
+ XORQ R9, R10
+ MOVQ 184(SP), R14
+ ROLQ $0x1b, R10
+ XORQ R10, AX
+ MOVQ AX, 120(DI)
+ NOP
+ XORQ DX, R13
+ ROLQ $0x0f, R13
+ MOVQ R12, AX
+ ORQ R13, AX
+ XORQ R11, AX
+ MOVQ AX, 128(DI)
+ NOP
+ XORQ R8, R14
+ ROLQ $0x38, R14
+ NOTQ R13
+ MOVQ R13, AX
+ ORQ R14, AX
+ XORQ R12, AX
+ MOVQ AX, 136(DI)
+ ORQ R10, R11
+ XORQ R14, R11
+ MOVQ R11, 152(DI)
+ ANDQ R10, R14
+ XORQ R13, R14
+ MOVQ R14, 144(DI)
+ NOP
+
+ // Result s
+ MOVQ 16(SP), R10
+ MOVQ 64(SP), R11
+ MOVQ 112(SP), R12
+ XORQ DX, R10
+ MOVQ 120(SP), R13
+ ROLQ $0x3e, R10
+ XORQ R8, R11
+ MOVQ 168(SP), R14
+ ROLQ $0x37, R11
+ XORQ R9, R12
+ MOVQ R10, R9
+ XORQ CX, R14
+ ROLQ $0x02, R14
+ ANDQ R11, R9
+ XORQ R14, R9
+ MOVQ R9, 192(DI)
+ ROLQ $0x27, R12
+ NOP
+ NOTQ R11
+ XORQ BX, R13
+ MOVQ R11, BX
+ ANDQ R12, BX
+ XORQ R10, BX
+ MOVQ BX, 160(DI)
+ NOP
+ ROLQ $0x29, R13
+ MOVQ R12, CX
+ ORQ R13, CX
+ XORQ R11, CX
+ MOVQ CX, 168(DI)
+ NOP
+ MOVQ R13, DX
+ MOVQ R14, R8
+ ANDQ R14, DX
+ ORQ R10, R8
+ XORQ R12, DX
+ XORQ R13, R8
+ MOVQ DX, 176(DI)
+ MOVQ R8, 184(DI)
+
+ // Revert the internal state to the user state
+ NOTQ 8(DI)
+ NOTQ 16(DI)
+ NOTQ 64(DI)
+ NOTQ 96(DI)
+ NOTQ 136(DI)
+ NOTQ 160(DI)
+ RET
diff --git a/vendor/golang.org/x/crypto/sha3/sha3.go b/vendor/golang.org/x/crypto/sha3/sha3.go
new file mode 100644
index 0000000000000000000000000000000000000000..6658c44479b6da200da4727d0af0fc38dd5664a0
--- /dev/null
+++ b/vendor/golang.org/x/crypto/sha3/sha3.go
@@ -0,0 +1,244 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package sha3
+
+import (
+ "crypto/subtle"
+ "encoding/binary"
+ "errors"
+ "unsafe"
+
+ "golang.org/x/sys/cpu"
+)
+
+// spongeDirection indicates the direction bytes are flowing through the sponge.
+type spongeDirection int
+
+const (
+ // spongeAbsorbing indicates that the sponge is absorbing input.
+ spongeAbsorbing spongeDirection = iota
+ // spongeSqueezing indicates that the sponge is being squeezed.
+ spongeSqueezing
+)
+
+type state struct {
+ a [1600 / 8]byte // main state of the hash
+
+ // a[n:rate] is the buffer. If absorbing, it's the remaining space to XOR
+ // into before running the permutation. If squeezing, it's the remaining
+ // output to produce before running the permutation.
+ n, rate int
+
+ // dsbyte contains the "domain separation" bits and the first bit of
+ // the padding. Sections 6.1 and 6.2 of [1] separate the outputs of the
+ // SHA-3 and SHAKE functions by appending bitstrings to the message.
+ // Using a little-endian bit-ordering convention, these are "01" for SHA-3
+ // and "1111" for SHAKE, or 00000010b and 00001111b, respectively. Then the
+ // padding rule from section 5.1 is applied to pad the message to a multiple
+ // of the rate, which involves adding a "1" bit, zero or more "0" bits, and
+ // a final "1" bit. We merge the first "1" bit from the padding into dsbyte,
+ // giving 00000110b (0x06) and 00011111b (0x1f).
+ // [1] http://csrc.nist.gov/publications/drafts/fips-202/fips_202_draft.pdf
+ // "Draft FIPS 202: SHA-3 Standard: Permutation-Based Hash and
+ // Extendable-Output Functions (May 2014)"
+ dsbyte byte
+
+ outputLen int // the default output size in bytes
+ state spongeDirection // whether the sponge is absorbing or squeezing
+}
+
+// BlockSize returns the rate of sponge underlying this hash function.
+func (d *state) BlockSize() int { return d.rate }
+
+// Size returns the output size of the hash function in bytes.
+func (d *state) Size() int { return d.outputLen }
+
+// Reset clears the internal state by zeroing the sponge state and
+// the buffer indexes, and setting Sponge.state to absorbing.
+func (d *state) Reset() {
+ // Zero the permutation's state.
+ for i := range d.a {
+ d.a[i] = 0
+ }
+ d.state = spongeAbsorbing
+ d.n = 0
+}
+
+func (d *state) clone() *state {
+ ret := *d
+ return &ret
+}
+
+// permute applies the KeccakF-1600 permutation.
+func (d *state) permute() {
+ var a *[25]uint64
+ if cpu.IsBigEndian {
+ a = new([25]uint64)
+ for i := range a {
+ a[i] = binary.LittleEndian.Uint64(d.a[i*8:])
+ }
+ } else {
+ a = (*[25]uint64)(unsafe.Pointer(&d.a))
+ }
+
+ keccakF1600(a)
+ d.n = 0
+
+ if cpu.IsBigEndian {
+ for i := range a {
+ binary.LittleEndian.PutUint64(d.a[i*8:], a[i])
+ }
+ }
+}
+
+// pads appends the domain separation bits in dsbyte, applies
+// the multi-bitrate 10..1 padding rule, and permutes the state.
+func (d *state) padAndPermute() {
+ // Pad with this instance's domain-separator bits. We know that there's
+ // at least one byte of space in the sponge because, if it were full,
+ // permute would have been called to empty it. dsbyte also contains the
+ // first one bit for the padding. See the comment in the state struct.
+ d.a[d.n] ^= d.dsbyte
+ // This adds the final one bit for the padding. Because of the way that
+ // bits are numbered from the LSB upwards, the final bit is the MSB of
+ // the last byte.
+ d.a[d.rate-1] ^= 0x80
+ // Apply the permutation
+ d.permute()
+ d.state = spongeSqueezing
+}
+
+// Write absorbs more data into the hash's state. It panics if any
+// output has already been read.
+func (d *state) Write(p []byte) (n int, err error) {
+ if d.state != spongeAbsorbing {
+ panic("sha3: Write after Read")
+ }
+
+ n = len(p)
+
+ for len(p) > 0 {
+ x := subtle.XORBytes(d.a[d.n:d.rate], d.a[d.n:d.rate], p)
+ d.n += x
+ p = p[x:]
+
+ // If the sponge is full, apply the permutation.
+ if d.n == d.rate {
+ d.permute()
+ }
+ }
+
+ return
+}
+
+// Read squeezes an arbitrary number of bytes from the sponge.
+func (d *state) Read(out []byte) (n int, err error) {
+ // If we're still absorbing, pad and apply the permutation.
+ if d.state == spongeAbsorbing {
+ d.padAndPermute()
+ }
+
+ n = len(out)
+
+ // Now, do the squeezing.
+ for len(out) > 0 {
+ // Apply the permutation if we've squeezed the sponge dry.
+ if d.n == d.rate {
+ d.permute()
+ }
+
+ x := copy(out, d.a[d.n:d.rate])
+ d.n += x
+ out = out[x:]
+ }
+
+ return
+}
+
+// Sum applies padding to the hash state and then squeezes out the desired
+// number of output bytes. It panics if any output has already been read.
+func (d *state) Sum(in []byte) []byte {
+ if d.state != spongeAbsorbing {
+ panic("sha3: Sum after Read")
+ }
+
+ // Make a copy of the original hash so that caller can keep writing
+ // and summing.
+ dup := d.clone()
+ hash := make([]byte, dup.outputLen, 64) // explicit cap to allow stack allocation
+ dup.Read(hash)
+ return append(in, hash...)
+}
+
+const (
+ magicSHA3 = "sha\x08"
+ magicShake = "sha\x09"
+ magicCShake = "sha\x0a"
+ magicKeccak = "sha\x0b"
+ // magic || rate || main state || n || sponge direction
+ marshaledSize = len(magicSHA3) + 1 + 200 + 1 + 1
+)
+
+func (d *state) MarshalBinary() ([]byte, error) {
+ return d.AppendBinary(make([]byte, 0, marshaledSize))
+}
+
+func (d *state) AppendBinary(b []byte) ([]byte, error) {
+ switch d.dsbyte {
+ case dsbyteSHA3:
+ b = append(b, magicSHA3...)
+ case dsbyteShake:
+ b = append(b, magicShake...)
+ case dsbyteCShake:
+ b = append(b, magicCShake...)
+ case dsbyteKeccak:
+ b = append(b, magicKeccak...)
+ default:
+ panic("unknown dsbyte")
+ }
+ // rate is at most 168, and n is at most rate.
+ b = append(b, byte(d.rate))
+ b = append(b, d.a[:]...)
+ b = append(b, byte(d.n), byte(d.state))
+ return b, nil
+}
+
+func (d *state) UnmarshalBinary(b []byte) error {
+ if len(b) != marshaledSize {
+ return errors.New("sha3: invalid hash state")
+ }
+
+ magic := string(b[:len(magicSHA3)])
+ b = b[len(magicSHA3):]
+ switch {
+ case magic == magicSHA3 && d.dsbyte == dsbyteSHA3:
+ case magic == magicShake && d.dsbyte == dsbyteShake:
+ case magic == magicCShake && d.dsbyte == dsbyteCShake:
+ case magic == magicKeccak && d.dsbyte == dsbyteKeccak:
+ default:
+ return errors.New("sha3: invalid hash state identifier")
+ }
+
+ rate := int(b[0])
+ b = b[1:]
+ if rate != d.rate {
+ return errors.New("sha3: invalid hash state function")
+ }
+
+ copy(d.a[:], b)
+ b = b[len(d.a):]
+
+ n, state := int(b[0]), spongeDirection(b[1])
+ if n > d.rate {
+ return errors.New("sha3: invalid hash state")
+ }
+ d.n = n
+ if state != spongeAbsorbing && state != spongeSqueezing {
+ return errors.New("sha3: invalid hash state")
+ }
+ d.state = state
+
+ return nil
+}
diff --git a/vendor/golang.org/x/crypto/sha3/sha3_s390x.go b/vendor/golang.org/x/crypto/sha3/sha3_s390x.go
new file mode 100644
index 0000000000000000000000000000000000000000..00d8034ae627bc258c37daab15aa3e3e8d16ba86
--- /dev/null
+++ b/vendor/golang.org/x/crypto/sha3/sha3_s390x.go
@@ -0,0 +1,303 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+
+package sha3
+
+// This file contains code for using the 'compute intermediate
+// message digest' (KIMD) and 'compute last message digest' (KLMD)
+// instructions to compute SHA-3 and SHAKE hashes on IBM Z.
+
+import (
+ "hash"
+
+ "golang.org/x/sys/cpu"
+)
+
+// codes represent 7-bit KIMD/KLMD function codes as defined in
+// the Principles of Operation.
+type code uint64
+
+const (
+ // function codes for KIMD/KLMD
+ sha3_224 code = 32
+ sha3_256 = 33
+ sha3_384 = 34
+ sha3_512 = 35
+ shake_128 = 36
+ shake_256 = 37
+ nopad = 0x100
+)
+
+// kimd is a wrapper for the 'compute intermediate message digest' instruction.
+// src must be a multiple of the rate for the given function code.
+//
+//go:noescape
+func kimd(function code, chain *[200]byte, src []byte)
+
+// klmd is a wrapper for the 'compute last message digest' instruction.
+// src padding is handled by the instruction.
+//
+//go:noescape
+func klmd(function code, chain *[200]byte, dst, src []byte)
+
+type asmState struct {
+ a [200]byte // 1600 bit state
+ buf []byte // care must be taken to ensure cap(buf) is a multiple of rate
+ rate int // equivalent to block size
+ storage [3072]byte // underlying storage for buf
+ outputLen int // output length for full security
+ function code // KIMD/KLMD function code
+ state spongeDirection // whether the sponge is absorbing or squeezing
+}
+
+func newAsmState(function code) *asmState {
+ var s asmState
+ s.function = function
+ switch function {
+ case sha3_224:
+ s.rate = 144
+ s.outputLen = 28
+ case sha3_256:
+ s.rate = 136
+ s.outputLen = 32
+ case sha3_384:
+ s.rate = 104
+ s.outputLen = 48
+ case sha3_512:
+ s.rate = 72
+ s.outputLen = 64
+ case shake_128:
+ s.rate = 168
+ s.outputLen = 32
+ case shake_256:
+ s.rate = 136
+ s.outputLen = 64
+ default:
+ panic("sha3: unrecognized function code")
+ }
+
+ // limit s.buf size to a multiple of s.rate
+ s.resetBuf()
+ return &s
+}
+
+func (s *asmState) clone() *asmState {
+ c := *s
+ c.buf = c.storage[:len(s.buf):cap(s.buf)]
+ return &c
+}
+
+// copyIntoBuf copies b into buf. It will panic if there is not enough space to
+// store all of b.
+func (s *asmState) copyIntoBuf(b []byte) {
+ bufLen := len(s.buf)
+ s.buf = s.buf[:len(s.buf)+len(b)]
+ copy(s.buf[bufLen:], b)
+}
+
+// resetBuf points buf at storage, sets the length to 0 and sets cap to be a
+// multiple of the rate.
+func (s *asmState) resetBuf() {
+ max := (cap(s.storage) / s.rate) * s.rate
+ s.buf = s.storage[:0:max]
+}
+
+// Write (via the embedded io.Writer interface) adds more data to the running hash.
+// It never returns an error.
+func (s *asmState) Write(b []byte) (int, error) {
+ if s.state != spongeAbsorbing {
+ panic("sha3: Write after Read")
+ }
+ length := len(b)
+ for len(b) > 0 {
+ if len(s.buf) == 0 && len(b) >= cap(s.buf) {
+ // Hash the data directly and push any remaining bytes
+ // into the buffer.
+ remainder := len(b) % s.rate
+ kimd(s.function, &s.a, b[:len(b)-remainder])
+ if remainder != 0 {
+ s.copyIntoBuf(b[len(b)-remainder:])
+ }
+ return length, nil
+ }
+
+ if len(s.buf) == cap(s.buf) {
+ // flush the buffer
+ kimd(s.function, &s.a, s.buf)
+ s.buf = s.buf[:0]
+ }
+
+ // copy as much as we can into the buffer
+ n := len(b)
+ if len(b) > cap(s.buf)-len(s.buf) {
+ n = cap(s.buf) - len(s.buf)
+ }
+ s.copyIntoBuf(b[:n])
+ b = b[n:]
+ }
+ return length, nil
+}
+
+// Read squeezes an arbitrary number of bytes from the sponge.
+func (s *asmState) Read(out []byte) (n int, err error) {
+ // The 'compute last message digest' instruction only stores the digest
+ // at the first operand (dst) for SHAKE functions.
+ if s.function != shake_128 && s.function != shake_256 {
+ panic("sha3: can only call Read for SHAKE functions")
+ }
+
+ n = len(out)
+
+ // need to pad if we were absorbing
+ if s.state == spongeAbsorbing {
+ s.state = spongeSqueezing
+
+ // write hash directly into out if possible
+ if len(out)%s.rate == 0 {
+ klmd(s.function, &s.a, out, s.buf) // len(out) may be 0
+ s.buf = s.buf[:0]
+ return
+ }
+
+ // write hash into buffer
+ max := cap(s.buf)
+ if max > len(out) {
+ max = (len(out)/s.rate)*s.rate + s.rate
+ }
+ klmd(s.function, &s.a, s.buf[:max], s.buf)
+ s.buf = s.buf[:max]
+ }
+
+ for len(out) > 0 {
+ // flush the buffer
+ if len(s.buf) != 0 {
+ c := copy(out, s.buf)
+ out = out[c:]
+ s.buf = s.buf[c:]
+ continue
+ }
+
+ // write hash directly into out if possible
+ if len(out)%s.rate == 0 {
+ klmd(s.function|nopad, &s.a, out, nil)
+ return
+ }
+
+ // write hash into buffer
+ s.resetBuf()
+ if cap(s.buf) > len(out) {
+ s.buf = s.buf[:(len(out)/s.rate)*s.rate+s.rate]
+ }
+ klmd(s.function|nopad, &s.a, s.buf, nil)
+ }
+ return
+}
+
+// Sum appends the current hash to b and returns the resulting slice.
+// It does not change the underlying hash state.
+func (s *asmState) Sum(b []byte) []byte {
+ if s.state != spongeAbsorbing {
+ panic("sha3: Sum after Read")
+ }
+
+ // Copy the state to preserve the original.
+ a := s.a
+
+ // Hash the buffer. Note that we don't clear it because we
+ // aren't updating the state.
+ switch s.function {
+ case sha3_224, sha3_256, sha3_384, sha3_512:
+ klmd(s.function, &a, nil, s.buf)
+ return append(b, a[:s.outputLen]...)
+ case shake_128, shake_256:
+ d := make([]byte, s.outputLen, 64)
+ klmd(s.function, &a, d, s.buf)
+ return append(b, d[:s.outputLen]...)
+ default:
+ panic("sha3: unknown function")
+ }
+}
+
+// Reset resets the Hash to its initial state.
+func (s *asmState) Reset() {
+ for i := range s.a {
+ s.a[i] = 0
+ }
+ s.resetBuf()
+ s.state = spongeAbsorbing
+}
+
+// Size returns the number of bytes Sum will return.
+func (s *asmState) Size() int {
+ return s.outputLen
+}
+
+// BlockSize returns the hash's underlying block size.
+// The Write method must be able to accept any amount
+// of data, but it may operate more efficiently if all writes
+// are a multiple of the block size.
+func (s *asmState) BlockSize() int {
+ return s.rate
+}
+
+// Clone returns a copy of the ShakeHash in its current state.
+func (s *asmState) Clone() ShakeHash {
+ return s.clone()
+}
+
+// new224 returns an assembly implementation of SHA3-224 if available,
+// otherwise it returns a generic implementation.
+func new224() hash.Hash {
+ if cpu.S390X.HasSHA3 {
+ return newAsmState(sha3_224)
+ }
+ return new224Generic()
+}
+
+// new256 returns an assembly implementation of SHA3-256 if available,
+// otherwise it returns a generic implementation.
+func new256() hash.Hash {
+ if cpu.S390X.HasSHA3 {
+ return newAsmState(sha3_256)
+ }
+ return new256Generic()
+}
+
+// new384 returns an assembly implementation of SHA3-384 if available,
+// otherwise it returns a generic implementation.
+func new384() hash.Hash {
+ if cpu.S390X.HasSHA3 {
+ return newAsmState(sha3_384)
+ }
+ return new384Generic()
+}
+
+// new512 returns an assembly implementation of SHA3-512 if available,
+// otherwise it returns a generic implementation.
+func new512() hash.Hash {
+ if cpu.S390X.HasSHA3 {
+ return newAsmState(sha3_512)
+ }
+ return new512Generic()
+}
+
+// newShake128 returns an assembly implementation of SHAKE-128 if available,
+// otherwise it returns a generic implementation.
+func newShake128() ShakeHash {
+ if cpu.S390X.HasSHA3 {
+ return newAsmState(shake_128)
+ }
+ return newShake128Generic()
+}
+
+// newShake256 returns an assembly implementation of SHAKE-256 if available,
+// otherwise it returns a generic implementation.
+func newShake256() ShakeHash {
+ if cpu.S390X.HasSHA3 {
+ return newAsmState(shake_256)
+ }
+ return newShake256Generic()
+}
diff --git a/vendor/golang.org/x/crypto/sha3/sha3_s390x.s b/vendor/golang.org/x/crypto/sha3/sha3_s390x.s
new file mode 100644
index 0000000000000000000000000000000000000000..826b862c77962239f0c0f47f759559a2e97d3717
--- /dev/null
+++ b/vendor/golang.org/x/crypto/sha3/sha3_s390x.s
@@ -0,0 +1,33 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc && !purego
+
+#include "textflag.h"
+
+// func kimd(function code, chain *[200]byte, src []byte)
+TEXT ·kimd(SB), NOFRAME|NOSPLIT, $0-40
+ MOVD function+0(FP), R0
+ MOVD chain+8(FP), R1
+ LMG src+16(FP), R2, R3 // R2=base, R3=len
+
+continue:
+ WORD $0xB93E0002 // KIMD --, R2
+ BVS continue // continue if interrupted
+ MOVD $0, R0 // reset R0 for pre-go1.8 compilers
+ RET
+
+// func klmd(function code, chain *[200]byte, dst, src []byte)
+TEXT ·klmd(SB), NOFRAME|NOSPLIT, $0-64
+ // TODO: SHAKE support
+ MOVD function+0(FP), R0
+ MOVD chain+8(FP), R1
+ LMG dst+16(FP), R2, R3 // R2=base, R3=len
+ LMG src+40(FP), R4, R5 // R4=base, R5=len
+
+continue:
+ WORD $0xB93F0024 // KLMD R2, R4
+ BVS continue // continue if interrupted
+ MOVD $0, R0 // reset R0 for pre-go1.8 compilers
+ RET
diff --git a/vendor/golang.org/x/crypto/sha3/shake.go b/vendor/golang.org/x/crypto/sha3/shake.go
new file mode 100644
index 0000000000000000000000000000000000000000..a6b3a4281f5b57bfac6c882f2d960feff440cf31
--- /dev/null
+++ b/vendor/golang.org/x/crypto/sha3/shake.go
@@ -0,0 +1,193 @@
+// Copyright 2014 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package sha3
+
+// This file defines the ShakeHash interface, and provides
+// functions for creating SHAKE and cSHAKE instances, as well as utility
+// functions for hashing bytes to arbitrary-length output.
+//
+//
+// SHAKE implementation is based on FIPS PUB 202 [1]
+// cSHAKE implementations is based on NIST SP 800-185 [2]
+//
+// [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
+// [2] https://doi.org/10.6028/NIST.SP.800-185
+
+import (
+ "bytes"
+ "encoding/binary"
+ "errors"
+ "hash"
+ "io"
+ "math/bits"
+)
+
+// ShakeHash defines the interface to hash functions that support
+// arbitrary-length output. When used as a plain [hash.Hash], it
+// produces minimum-length outputs that provide full-strength generic
+// security.
+type ShakeHash interface {
+ hash.Hash
+
+ // Read reads more output from the hash; reading affects the hash's
+ // state. (ShakeHash.Read is thus very different from Hash.Sum)
+ // It never returns an error, but subsequent calls to Write or Sum
+ // will panic.
+ io.Reader
+
+ // Clone returns a copy of the ShakeHash in its current state.
+ Clone() ShakeHash
+}
+
+// cSHAKE specific context
+type cshakeState struct {
+ *state // SHA-3 state context and Read/Write operations
+
+ // initBlock is the cSHAKE specific initialization set of bytes. It is initialized
+ // by newCShake function and stores concatenation of N followed by S, encoded
+ // by the method specified in 3.3 of [1].
+ // It is stored here in order for Reset() to be able to put context into
+ // initial state.
+ initBlock []byte
+}
+
+func bytepad(data []byte, rate int) []byte {
+ out := make([]byte, 0, 9+len(data)+rate-1)
+ out = append(out, leftEncode(uint64(rate))...)
+ out = append(out, data...)
+ if padlen := rate - len(out)%rate; padlen < rate {
+ out = append(out, make([]byte, padlen)...)
+ }
+ return out
+}
+
+func leftEncode(x uint64) []byte {
+ // Let n be the smallest positive integer for which 2^(8n) > x.
+ n := (bits.Len64(x) + 7) / 8
+ if n == 0 {
+ n = 1
+ }
+ // Return n || x with n as a byte and x an n bytes in big-endian order.
+ b := make([]byte, 9)
+ binary.BigEndian.PutUint64(b[1:], x)
+ b = b[9-n-1:]
+ b[0] = byte(n)
+ return b
+}
+
+func newCShake(N, S []byte, rate, outputLen int, dsbyte byte) ShakeHash {
+ c := cshakeState{state: &state{rate: rate, outputLen: outputLen, dsbyte: dsbyte}}
+ c.initBlock = make([]byte, 0, 9+len(N)+9+len(S)) // leftEncode returns max 9 bytes
+ c.initBlock = append(c.initBlock, leftEncode(uint64(len(N))*8)...)
+ c.initBlock = append(c.initBlock, N...)
+ c.initBlock = append(c.initBlock, leftEncode(uint64(len(S))*8)...)
+ c.initBlock = append(c.initBlock, S...)
+ c.Write(bytepad(c.initBlock, c.rate))
+ return &c
+}
+
+// Reset resets the hash to initial state.
+func (c *cshakeState) Reset() {
+ c.state.Reset()
+ c.Write(bytepad(c.initBlock, c.rate))
+}
+
+// Clone returns copy of a cSHAKE context within its current state.
+func (c *cshakeState) Clone() ShakeHash {
+ b := make([]byte, len(c.initBlock))
+ copy(b, c.initBlock)
+ return &cshakeState{state: c.clone(), initBlock: b}
+}
+
+// Clone returns copy of SHAKE context within its current state.
+func (c *state) Clone() ShakeHash {
+ return c.clone()
+}
+
+func (c *cshakeState) MarshalBinary() ([]byte, error) {
+ return c.AppendBinary(make([]byte, 0, marshaledSize+len(c.initBlock)))
+}
+
+func (c *cshakeState) AppendBinary(b []byte) ([]byte, error) {
+ b, err := c.state.AppendBinary(b)
+ if err != nil {
+ return nil, err
+ }
+ b = append(b, c.initBlock...)
+ return b, nil
+}
+
+func (c *cshakeState) UnmarshalBinary(b []byte) error {
+ if len(b) <= marshaledSize {
+ return errors.New("sha3: invalid hash state")
+ }
+ if err := c.state.UnmarshalBinary(b[:marshaledSize]); err != nil {
+ return err
+ }
+ c.initBlock = bytes.Clone(b[marshaledSize:])
+ return nil
+}
+
+// NewShake128 creates a new SHAKE128 variable-output-length ShakeHash.
+// Its generic security strength is 128 bits against all attacks if at
+// least 32 bytes of its output are used.
+func NewShake128() ShakeHash {
+ return newShake128()
+}
+
+// NewShake256 creates a new SHAKE256 variable-output-length ShakeHash.
+// Its generic security strength is 256 bits against all attacks if
+// at least 64 bytes of its output are used.
+func NewShake256() ShakeHash {
+ return newShake256()
+}
+
+func newShake128Generic() *state {
+ return &state{rate: rateK256, outputLen: 32, dsbyte: dsbyteShake}
+}
+
+func newShake256Generic() *state {
+ return &state{rate: rateK512, outputLen: 64, dsbyte: dsbyteShake}
+}
+
+// NewCShake128 creates a new instance of cSHAKE128 variable-output-length ShakeHash,
+// a customizable variant of SHAKE128.
+// N is used to define functions based on cSHAKE, it can be empty when plain cSHAKE is
+// desired. S is a customization byte string used for domain separation - two cSHAKE
+// computations on same input with different S yield unrelated outputs.
+// When N and S are both empty, this is equivalent to NewShake128.
+func NewCShake128(N, S []byte) ShakeHash {
+ if len(N) == 0 && len(S) == 0 {
+ return NewShake128()
+ }
+ return newCShake(N, S, rateK256, 32, dsbyteCShake)
+}
+
+// NewCShake256 creates a new instance of cSHAKE256 variable-output-length ShakeHash,
+// a customizable variant of SHAKE256.
+// N is used to define functions based on cSHAKE, it can be empty when plain cSHAKE is
+// desired. S is a customization byte string used for domain separation - two cSHAKE
+// computations on same input with different S yield unrelated outputs.
+// When N and S are both empty, this is equivalent to NewShake256.
+func NewCShake256(N, S []byte) ShakeHash {
+ if len(N) == 0 && len(S) == 0 {
+ return NewShake256()
+ }
+ return newCShake(N, S, rateK512, 64, dsbyteCShake)
+}
+
+// ShakeSum128 writes an arbitrary-length digest of data into hash.
+func ShakeSum128(hash, data []byte) {
+ h := NewShake128()
+ h.Write(data)
+ h.Read(hash)
+}
+
+// ShakeSum256 writes an arbitrary-length digest of data into hash.
+func ShakeSum256(hash, data []byte) {
+ h := NewShake256()
+ h.Write(data)
+ h.Read(hash)
+}
diff --git a/vendor/golang.org/x/crypto/sha3/shake_noasm.go b/vendor/golang.org/x/crypto/sha3/shake_noasm.go
new file mode 100644
index 0000000000000000000000000000000000000000..4276ba4ab2c41759963c4b75286e7d1a4ddc64b0
--- /dev/null
+++ b/vendor/golang.org/x/crypto/sha3/shake_noasm.go
@@ -0,0 +1,15 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !gc || purego || !s390x
+
+package sha3
+
+func newShake128() *state {
+ return newShake128Generic()
+}
+
+func newShake256() *state {
+ return newShake256Generic()
+}
diff --git a/vendor/golang.org/x/sys/LICENSE b/vendor/golang.org/x/sys/LICENSE
index 6a66aea5eafe0ca6a688840c47219556c552488e..2a7cf70da6e498df9c11ab6a5eaa2ddd7af34da4 100644
--- a/vendor/golang.org/x/sys/LICENSE
+++ b/vendor/golang.org/x/sys/LICENSE
@@ -1,4 +1,4 @@
-Copyright (c) 2009 The Go Authors. All rights reserved.
+Copyright 2009 The Go Authors.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
@@ -10,7 +10,7 @@ notice, this list of conditions and the following disclaimer.
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
- * Neither the name of Google Inc. nor the names of its
+ * Neither the name of Google LLC nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
diff --git a/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
new file mode 100644
index 0000000000000000000000000000000000000000..269e173ca46941da5e6b8b737502b86a82d3152e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/asm_aix_ppc64.s
@@ -0,0 +1,17 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+
+#include "textflag.h"
+
+//
+// System calls for ppc64, AIX are implemented in runtime/syscall_aix.go
+//
+
+TEXT ·syscall6(SB),NOSPLIT,$0-88
+ JMP syscall·syscall6(SB)
+
+TEXT ·rawSyscall6(SB),NOSPLIT,$0-88
+ JMP syscall·rawSyscall6(SB)
diff --git a/vendor/golang.org/x/sys/cpu/asm_darwin_x86_gc.s b/vendor/golang.org/x/sys/cpu/asm_darwin_x86_gc.s
new file mode 100644
index 0000000000000000000000000000000000000000..ec2acfe540ea7b0e714e137a72f75db190cf8998
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/asm_darwin_x86_gc.s
@@ -0,0 +1,17 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin && amd64 && gc
+
+#include "textflag.h"
+
+TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_sysctl(SB)
+GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
+DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+
+TEXT libc_sysctlbyname_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_sysctlbyname(SB)
+GLOBL ·libc_sysctlbyname_trampoline_addr(SB), RODATA, $8
+DATA ·libc_sysctlbyname_trampoline_addr(SB)/8, $libc_sysctlbyname_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/cpu/byteorder.go b/vendor/golang.org/x/sys/cpu/byteorder.go
new file mode 100644
index 0000000000000000000000000000000000000000..271055be0b1e1a73e8b42b62240da8434becd991
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/byteorder.go
@@ -0,0 +1,66 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+ "runtime"
+)
+
+// byteOrder is a subset of encoding/binary.ByteOrder.
+type byteOrder interface {
+ Uint32([]byte) uint32
+ Uint64([]byte) uint64
+}
+
+type littleEndian struct{}
+type bigEndian struct{}
+
+func (littleEndian) Uint32(b []byte) uint32 {
+ _ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
+ return uint32(b[0]) | uint32(b[1])<<8 | uint32(b[2])<<16 | uint32(b[3])<<24
+}
+
+func (littleEndian) Uint64(b []byte) uint64 {
+ _ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
+ return uint64(b[0]) | uint64(b[1])<<8 | uint64(b[2])<<16 | uint64(b[3])<<24 |
+ uint64(b[4])<<32 | uint64(b[5])<<40 | uint64(b[6])<<48 | uint64(b[7])<<56
+}
+
+func (bigEndian) Uint32(b []byte) uint32 {
+ _ = b[3] // bounds check hint to compiler; see golang.org/issue/14808
+ return uint32(b[3]) | uint32(b[2])<<8 | uint32(b[1])<<16 | uint32(b[0])<<24
+}
+
+func (bigEndian) Uint64(b []byte) uint64 {
+ _ = b[7] // bounds check hint to compiler; see golang.org/issue/14808
+ return uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 |
+ uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56
+}
+
+// hostByteOrder returns littleEndian on little-endian machines and
+// bigEndian on big-endian machines.
+func hostByteOrder() byteOrder {
+ switch runtime.GOARCH {
+ case "386", "amd64", "amd64p32",
+ "alpha",
+ "arm", "arm64",
+ "loong64",
+ "mipsle", "mips64le", "mips64p32le",
+ "nios2",
+ "ppc64le",
+ "riscv", "riscv64",
+ "sh":
+ return littleEndian{}
+ case "armbe", "arm64be",
+ "m68k",
+ "mips", "mips64", "mips64p32",
+ "ppc", "ppc64",
+ "s390", "s390x",
+ "shbe",
+ "sparc", "sparc64":
+ return bigEndian{}
+ }
+ panic("unknown architecture")
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu.go b/vendor/golang.org/x/sys/cpu/cpu.go
new file mode 100644
index 0000000000000000000000000000000000000000..02609d5b21d56a5b82ce169a3bd1f933f9d091f3
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu.go
@@ -0,0 +1,312 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cpu implements processor feature detection for
+// various CPU architectures.
+package cpu
+
+import (
+ "os"
+ "strings"
+)
+
+// Initialized reports whether the CPU features were initialized.
+//
+// For some GOOS/GOARCH combinations initialization of the CPU features depends
+// on reading an operating specific file, e.g. /proc/self/auxv on linux/arm
+// Initialized will report false if reading the file fails.
+var Initialized bool
+
+// CacheLinePad is used to pad structs to avoid false sharing.
+type CacheLinePad struct{ _ [cacheLineSize]byte }
+
+// X86 contains the supported CPU features of the
+// current X86/AMD64 platform. If the current platform
+// is not X86/AMD64 then all feature flags are false.
+//
+// X86 is padded to avoid false sharing. Further the HasAVX
+// and HasAVX2 are only set if the OS supports XMM and YMM
+// registers in addition to the CPUID feature bit being set.
+var X86 struct {
+ _ CacheLinePad
+ HasAES bool // AES hardware implementation (AES NI)
+ HasADX bool // Multi-precision add-carry instruction extensions
+ HasAVX bool // Advanced vector extension
+ HasAVX2 bool // Advanced vector extension 2
+ HasAVX512 bool // Advanced vector extension 512
+ HasAVX512F bool // Advanced vector extension 512 Foundation Instructions
+ HasAVX512CD bool // Advanced vector extension 512 Conflict Detection Instructions
+ HasAVX512ER bool // Advanced vector extension 512 Exponential and Reciprocal Instructions
+ HasAVX512PF bool // Advanced vector extension 512 Prefetch Instructions
+ HasAVX512VL bool // Advanced vector extension 512 Vector Length Extensions
+ HasAVX512BW bool // Advanced vector extension 512 Byte and Word Instructions
+ HasAVX512DQ bool // Advanced vector extension 512 Doubleword and Quadword Instructions
+ HasAVX512IFMA bool // Advanced vector extension 512 Integer Fused Multiply Add
+ HasAVX512VBMI bool // Advanced vector extension 512 Vector Byte Manipulation Instructions
+ HasAVX5124VNNIW bool // Advanced vector extension 512 Vector Neural Network Instructions Word variable precision
+ HasAVX5124FMAPS bool // Advanced vector extension 512 Fused Multiply Accumulation Packed Single precision
+ HasAVX512VPOPCNTDQ bool // Advanced vector extension 512 Double and quad word population count instructions
+ HasAVX512VPCLMULQDQ bool // Advanced vector extension 512 Vector carry-less multiply operations
+ HasAVX512VNNI bool // Advanced vector extension 512 Vector Neural Network Instructions
+ HasAVX512GFNI bool // Advanced vector extension 512 Galois field New Instructions
+ HasAVX512VAES bool // Advanced vector extension 512 Vector AES instructions
+ HasAVX512VBMI2 bool // Advanced vector extension 512 Vector Byte Manipulation Instructions 2
+ HasAVX512BITALG bool // Advanced vector extension 512 Bit Algorithms
+ HasAVX512BF16 bool // Advanced vector extension 512 BFloat16 Instructions
+ HasAMXTile bool // Advanced Matrix Extension Tile instructions
+ HasAMXInt8 bool // Advanced Matrix Extension Int8 instructions
+ HasAMXBF16 bool // Advanced Matrix Extension BFloat16 instructions
+ HasBMI1 bool // Bit manipulation instruction set 1
+ HasBMI2 bool // Bit manipulation instruction set 2
+ HasCX16 bool // Compare and exchange 16 Bytes
+ HasERMS bool // Enhanced REP for MOVSB and STOSB
+ HasFMA bool // Fused-multiply-add instructions
+ HasOSXSAVE bool // OS supports XSAVE/XRESTOR for saving/restoring XMM registers.
+ HasPCLMULQDQ bool // PCLMULQDQ instruction - most often used for AES-GCM
+ HasPOPCNT bool // Hamming weight instruction POPCNT.
+ HasRDRAND bool // RDRAND instruction (on-chip random number generator)
+ HasRDSEED bool // RDSEED instruction (on-chip random number generator)
+ HasSSE2 bool // Streaming SIMD extension 2 (always available on amd64)
+ HasSSE3 bool // Streaming SIMD extension 3
+ HasSSSE3 bool // Supplemental streaming SIMD extension 3
+ HasSSE41 bool // Streaming SIMD extension 4 and 4.1
+ HasSSE42 bool // Streaming SIMD extension 4 and 4.2
+ _ CacheLinePad
+}
+
+// ARM64 contains the supported CPU features of the
+// current ARMv8(aarch64) platform. If the current platform
+// is not arm64 then all feature flags are false.
+var ARM64 struct {
+ _ CacheLinePad
+ HasFP bool // Floating-point instruction set (always available)
+ HasASIMD bool // Advanced SIMD (always available)
+ HasEVTSTRM bool // Event stream support
+ HasAES bool // AES hardware implementation
+ HasPMULL bool // Polynomial multiplication instruction set
+ HasSHA1 bool // SHA1 hardware implementation
+ HasSHA2 bool // SHA2 hardware implementation
+ HasCRC32 bool // CRC32 hardware implementation
+ HasATOMICS bool // Atomic memory operation instruction set
+ HasFPHP bool // Half precision floating-point instruction set
+ HasASIMDHP bool // Advanced SIMD half precision instruction set
+ HasCPUID bool // CPUID identification scheme registers
+ HasASIMDRDM bool // Rounding double multiply add/subtract instruction set
+ HasJSCVT bool // Javascript conversion from floating-point to integer
+ HasFCMA bool // Floating-point multiplication and addition of complex numbers
+ HasLRCPC bool // Release Consistent processor consistent support
+ HasDCPOP bool // Persistent memory support
+ HasSHA3 bool // SHA3 hardware implementation
+ HasSM3 bool // SM3 hardware implementation
+ HasSM4 bool // SM4 hardware implementation
+ HasASIMDDP bool // Advanced SIMD double precision instruction set
+ HasSHA512 bool // SHA512 hardware implementation
+ HasSVE bool // Scalable Vector Extensions
+ HasSVE2 bool // Scalable Vector Extensions 2
+ HasASIMDFHM bool // Advanced SIMD multiplication FP16 to FP32
+ HasDIT bool // Data Independent Timing support
+ HasI8MM bool // Advanced SIMD Int8 matrix multiplication instructions
+ _ CacheLinePad
+}
+
+// ARM contains the supported CPU features of the current ARM (32-bit) platform.
+// All feature flags are false if:
+// 1. the current platform is not arm, or
+// 2. the current operating system is not Linux.
+var ARM struct {
+ _ CacheLinePad
+ HasSWP bool // SWP instruction support
+ HasHALF bool // Half-word load and store support
+ HasTHUMB bool // ARM Thumb instruction set
+ Has26BIT bool // Address space limited to 26-bits
+ HasFASTMUL bool // 32-bit operand, 64-bit result multiplication support
+ HasFPA bool // Floating point arithmetic support
+ HasVFP bool // Vector floating point support
+ HasEDSP bool // DSP Extensions support
+ HasJAVA bool // Java instruction set
+ HasIWMMXT bool // Intel Wireless MMX technology support
+ HasCRUNCH bool // MaverickCrunch context switching and handling
+ HasTHUMBEE bool // Thumb EE instruction set
+ HasNEON bool // NEON instruction set
+ HasVFPv3 bool // Vector floating point version 3 support
+ HasVFPv3D16 bool // Vector floating point version 3 D8-D15
+ HasTLS bool // Thread local storage support
+ HasVFPv4 bool // Vector floating point version 4 support
+ HasIDIVA bool // Integer divide instruction support in ARM mode
+ HasIDIVT bool // Integer divide instruction support in Thumb mode
+ HasVFPD32 bool // Vector floating point version 3 D15-D31
+ HasLPAE bool // Large Physical Address Extensions
+ HasEVTSTRM bool // Event stream support
+ HasAES bool // AES hardware implementation
+ HasPMULL bool // Polynomial multiplication instruction set
+ HasSHA1 bool // SHA1 hardware implementation
+ HasSHA2 bool // SHA2 hardware implementation
+ HasCRC32 bool // CRC32 hardware implementation
+ _ CacheLinePad
+}
+
+// MIPS64X contains the supported CPU features of the current mips64/mips64le
+// platforms. If the current platform is not mips64/mips64le or the current
+// operating system is not Linux then all feature flags are false.
+var MIPS64X struct {
+ _ CacheLinePad
+ HasMSA bool // MIPS SIMD architecture
+ _ CacheLinePad
+}
+
+// PPC64 contains the supported CPU features of the current ppc64/ppc64le platforms.
+// If the current platform is not ppc64/ppc64le then all feature flags are false.
+//
+// For ppc64/ppc64le, it is safe to check only for ISA level starting on ISA v3.00,
+// since there are no optional categories. There are some exceptions that also
+// require kernel support to work (DARN, SCV), so there are feature bits for
+// those as well. The struct is padded to avoid false sharing.
+var PPC64 struct {
+ _ CacheLinePad
+ HasDARN bool // Hardware random number generator (requires kernel enablement)
+ HasSCV bool // Syscall vectored (requires kernel enablement)
+ IsPOWER8 bool // ISA v2.07 (POWER8)
+ IsPOWER9 bool // ISA v3.00 (POWER9), implies IsPOWER8
+ _ CacheLinePad
+}
+
+// S390X contains the supported CPU features of the current IBM Z
+// (s390x) platform. If the current platform is not IBM Z then all
+// feature flags are false.
+//
+// S390X is padded to avoid false sharing. Further HasVX is only set
+// if the OS supports vector registers in addition to the STFLE
+// feature bit being set.
+var S390X struct {
+ _ CacheLinePad
+ HasZARCH bool // z/Architecture mode is active [mandatory]
+ HasSTFLE bool // store facility list extended
+ HasLDISP bool // long (20-bit) displacements
+ HasEIMM bool // 32-bit immediates
+ HasDFP bool // decimal floating point
+ HasETF3EH bool // ETF-3 enhanced
+ HasMSA bool // message security assist (CPACF)
+ HasAES bool // KM-AES{128,192,256} functions
+ HasAESCBC bool // KMC-AES{128,192,256} functions
+ HasAESCTR bool // KMCTR-AES{128,192,256} functions
+ HasAESGCM bool // KMA-GCM-AES{128,192,256} functions
+ HasGHASH bool // KIMD-GHASH function
+ HasSHA1 bool // K{I,L}MD-SHA-1 functions
+ HasSHA256 bool // K{I,L}MD-SHA-256 functions
+ HasSHA512 bool // K{I,L}MD-SHA-512 functions
+ HasSHA3 bool // K{I,L}MD-SHA3-{224,256,384,512} and K{I,L}MD-SHAKE-{128,256} functions
+ HasVX bool // vector facility
+ HasVXE bool // vector-enhancements facility 1
+ _ CacheLinePad
+}
+
+// RISCV64 contains the supported CPU features and performance characteristics for riscv64
+// platforms. The booleans in RISCV64, with the exception of HasFastMisaligned, indicate
+// the presence of RISC-V extensions.
+//
+// It is safe to assume that all the RV64G extensions are supported and so they are omitted from
+// this structure. As riscv64 Go programs require at least RV64G, the code that populates
+// this structure cannot run successfully if some of the RV64G extensions are missing.
+// The struct is padded to avoid false sharing.
+var RISCV64 struct {
+ _ CacheLinePad
+ HasFastMisaligned bool // Fast misaligned accesses
+ HasC bool // Compressed instruction-set extension
+ HasV bool // Vector extension compatible with RVV 1.0
+ HasZba bool // Address generation instructions extension
+ HasZbb bool // Basic bit-manipulation extension
+ HasZbs bool // Single-bit instructions extension
+ _ CacheLinePad
+}
+
+func init() {
+ archInit()
+ initOptions()
+ processOptions()
+}
+
+// options contains the cpu debug options that can be used in GODEBUG.
+// Options are arch dependent and are added by the arch specific initOptions functions.
+// Features that are mandatory for the specific GOARCH should have the Required field set
+// (e.g. SSE2 on amd64).
+var options []option
+
+// Option names should be lower case. e.g. avx instead of AVX.
+type option struct {
+ Name string
+ Feature *bool
+ Specified bool // whether feature value was specified in GODEBUG
+ Enable bool // whether feature should be enabled
+ Required bool // whether feature is mandatory and can not be disabled
+}
+
+func processOptions() {
+ env := os.Getenv("GODEBUG")
+field:
+ for env != "" {
+ field := ""
+ i := strings.IndexByte(env, ',')
+ if i < 0 {
+ field, env = env, ""
+ } else {
+ field, env = env[:i], env[i+1:]
+ }
+ if len(field) < 4 || field[:4] != "cpu." {
+ continue
+ }
+ i = strings.IndexByte(field, '=')
+ if i < 0 {
+ print("GODEBUG sys/cpu: no value specified for \"", field, "\"\n")
+ continue
+ }
+ key, value := field[4:i], field[i+1:] // e.g. "SSE2", "on"
+
+ var enable bool
+ switch value {
+ case "on":
+ enable = true
+ case "off":
+ enable = false
+ default:
+ print("GODEBUG sys/cpu: value \"", value, "\" not supported for cpu option \"", key, "\"\n")
+ continue field
+ }
+
+ if key == "all" {
+ for i := range options {
+ options[i].Specified = true
+ options[i].Enable = enable || options[i].Required
+ }
+ continue field
+ }
+
+ for i := range options {
+ if options[i].Name == key {
+ options[i].Specified = true
+ options[i].Enable = enable
+ continue field
+ }
+ }
+
+ print("GODEBUG sys/cpu: unknown cpu feature \"", key, "\"\n")
+ }
+
+ for _, o := range options {
+ if !o.Specified {
+ continue
+ }
+
+ if o.Enable && !*o.Feature {
+ print("GODEBUG sys/cpu: can not enable \"", o.Name, "\", missing CPU support\n")
+ continue
+ }
+
+ if !o.Enable && o.Required {
+ print("GODEBUG sys/cpu: can not disable \"", o.Name, "\", required CPU feature\n")
+ continue
+ }
+
+ *o.Feature = o.Enable
+ }
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_aix.go b/vendor/golang.org/x/sys/cpu/cpu_aix.go
new file mode 100644
index 0000000000000000000000000000000000000000..9bf0c32eb6add508376c74375833d533cc0e7c2a
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_aix.go
@@ -0,0 +1,33 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build aix
+
+package cpu
+
+const (
+ // getsystemcfg constants
+ _SC_IMPL = 2
+ _IMPL_POWER8 = 0x10000
+ _IMPL_POWER9 = 0x20000
+)
+
+func archInit() {
+ impl := getsystemcfg(_SC_IMPL)
+ if impl&_IMPL_POWER8 != 0 {
+ PPC64.IsPOWER8 = true
+ }
+ if impl&_IMPL_POWER9 != 0 {
+ PPC64.IsPOWER8 = true
+ PPC64.IsPOWER9 = true
+ }
+
+ Initialized = true
+}
+
+func getsystemcfg(label int) (n uint64) {
+ r0, _ := callgetsystemcfg(label)
+ n = uint64(r0)
+ return
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm.go b/vendor/golang.org/x/sys/cpu/cpu_arm.go
new file mode 100644
index 0000000000000000000000000000000000000000..301b752e9c53d88dbd701256855b0b142f390f32
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm.go
@@ -0,0 +1,73 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 32
+
+// HWCAP/HWCAP2 bits.
+// These are specific to Linux.
+const (
+ hwcap_SWP = 1 << 0
+ hwcap_HALF = 1 << 1
+ hwcap_THUMB = 1 << 2
+ hwcap_26BIT = 1 << 3
+ hwcap_FAST_MULT = 1 << 4
+ hwcap_FPA = 1 << 5
+ hwcap_VFP = 1 << 6
+ hwcap_EDSP = 1 << 7
+ hwcap_JAVA = 1 << 8
+ hwcap_IWMMXT = 1 << 9
+ hwcap_CRUNCH = 1 << 10
+ hwcap_THUMBEE = 1 << 11
+ hwcap_NEON = 1 << 12
+ hwcap_VFPv3 = 1 << 13
+ hwcap_VFPv3D16 = 1 << 14
+ hwcap_TLS = 1 << 15
+ hwcap_VFPv4 = 1 << 16
+ hwcap_IDIVA = 1 << 17
+ hwcap_IDIVT = 1 << 18
+ hwcap_VFPD32 = 1 << 19
+ hwcap_LPAE = 1 << 20
+ hwcap_EVTSTRM = 1 << 21
+
+ hwcap2_AES = 1 << 0
+ hwcap2_PMULL = 1 << 1
+ hwcap2_SHA1 = 1 << 2
+ hwcap2_SHA2 = 1 << 3
+ hwcap2_CRC32 = 1 << 4
+)
+
+func initOptions() {
+ options = []option{
+ {Name: "pmull", Feature: &ARM.HasPMULL},
+ {Name: "sha1", Feature: &ARM.HasSHA1},
+ {Name: "sha2", Feature: &ARM.HasSHA2},
+ {Name: "swp", Feature: &ARM.HasSWP},
+ {Name: "thumb", Feature: &ARM.HasTHUMB},
+ {Name: "thumbee", Feature: &ARM.HasTHUMBEE},
+ {Name: "tls", Feature: &ARM.HasTLS},
+ {Name: "vfp", Feature: &ARM.HasVFP},
+ {Name: "vfpd32", Feature: &ARM.HasVFPD32},
+ {Name: "vfpv3", Feature: &ARM.HasVFPv3},
+ {Name: "vfpv3d16", Feature: &ARM.HasVFPv3D16},
+ {Name: "vfpv4", Feature: &ARM.HasVFPv4},
+ {Name: "half", Feature: &ARM.HasHALF},
+ {Name: "26bit", Feature: &ARM.Has26BIT},
+ {Name: "fastmul", Feature: &ARM.HasFASTMUL},
+ {Name: "fpa", Feature: &ARM.HasFPA},
+ {Name: "edsp", Feature: &ARM.HasEDSP},
+ {Name: "java", Feature: &ARM.HasJAVA},
+ {Name: "iwmmxt", Feature: &ARM.HasIWMMXT},
+ {Name: "crunch", Feature: &ARM.HasCRUNCH},
+ {Name: "neon", Feature: &ARM.HasNEON},
+ {Name: "idivt", Feature: &ARM.HasIDIVT},
+ {Name: "idiva", Feature: &ARM.HasIDIVA},
+ {Name: "lpae", Feature: &ARM.HasLPAE},
+ {Name: "evtstrm", Feature: &ARM.HasEVTSTRM},
+ {Name: "aes", Feature: &ARM.HasAES},
+ {Name: "crc32", Feature: &ARM.HasCRC32},
+ }
+
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
new file mode 100644
index 0000000000000000000000000000000000000000..af2aa99f9f06c916e57b73ae44f7d8b27d6ad33a
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.go
@@ -0,0 +1,194 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import "runtime"
+
+// cacheLineSize is used to prevent false sharing of cache lines.
+// We choose 128 because Apple Silicon, a.k.a. M1, has 128-byte cache line size.
+// It doesn't cost much and is much more future-proof.
+const cacheLineSize = 128
+
+func initOptions() {
+ options = []option{
+ {Name: "fp", Feature: &ARM64.HasFP},
+ {Name: "asimd", Feature: &ARM64.HasASIMD},
+ {Name: "evstrm", Feature: &ARM64.HasEVTSTRM},
+ {Name: "aes", Feature: &ARM64.HasAES},
+ {Name: "fphp", Feature: &ARM64.HasFPHP},
+ {Name: "jscvt", Feature: &ARM64.HasJSCVT},
+ {Name: "lrcpc", Feature: &ARM64.HasLRCPC},
+ {Name: "pmull", Feature: &ARM64.HasPMULL},
+ {Name: "sha1", Feature: &ARM64.HasSHA1},
+ {Name: "sha2", Feature: &ARM64.HasSHA2},
+ {Name: "sha3", Feature: &ARM64.HasSHA3},
+ {Name: "sha512", Feature: &ARM64.HasSHA512},
+ {Name: "sm3", Feature: &ARM64.HasSM3},
+ {Name: "sm4", Feature: &ARM64.HasSM4},
+ {Name: "sve", Feature: &ARM64.HasSVE},
+ {Name: "sve2", Feature: &ARM64.HasSVE2},
+ {Name: "crc32", Feature: &ARM64.HasCRC32},
+ {Name: "atomics", Feature: &ARM64.HasATOMICS},
+ {Name: "asimdhp", Feature: &ARM64.HasASIMDHP},
+ {Name: "cpuid", Feature: &ARM64.HasCPUID},
+ {Name: "asimrdm", Feature: &ARM64.HasASIMDRDM},
+ {Name: "fcma", Feature: &ARM64.HasFCMA},
+ {Name: "dcpop", Feature: &ARM64.HasDCPOP},
+ {Name: "asimddp", Feature: &ARM64.HasASIMDDP},
+ {Name: "asimdfhm", Feature: &ARM64.HasASIMDFHM},
+ {Name: "dit", Feature: &ARM64.HasDIT},
+ {Name: "i8mm", Feature: &ARM64.HasI8MM},
+ }
+}
+
+func archInit() {
+ switch runtime.GOOS {
+ case "freebsd":
+ readARM64Registers()
+ case "linux", "netbsd", "openbsd":
+ doinit()
+ default:
+ // Many platforms don't seem to allow reading these registers.
+ setMinimalFeatures()
+ }
+}
+
+// setMinimalFeatures fakes the minimal ARM64 features expected by
+// TestARM64minimalFeatures.
+func setMinimalFeatures() {
+ ARM64.HasASIMD = true
+ ARM64.HasFP = true
+}
+
+func readARM64Registers() {
+ Initialized = true
+
+ parseARM64SystemRegisters(getisar0(), getisar1(), getpfr0())
+}
+
+func parseARM64SystemRegisters(isar0, isar1, pfr0 uint64) {
+ // ID_AA64ISAR0_EL1
+ switch extractBits(isar0, 4, 7) {
+ case 1:
+ ARM64.HasAES = true
+ case 2:
+ ARM64.HasAES = true
+ ARM64.HasPMULL = true
+ }
+
+ switch extractBits(isar0, 8, 11) {
+ case 1:
+ ARM64.HasSHA1 = true
+ }
+
+ switch extractBits(isar0, 12, 15) {
+ case 1:
+ ARM64.HasSHA2 = true
+ case 2:
+ ARM64.HasSHA2 = true
+ ARM64.HasSHA512 = true
+ }
+
+ switch extractBits(isar0, 16, 19) {
+ case 1:
+ ARM64.HasCRC32 = true
+ }
+
+ switch extractBits(isar0, 20, 23) {
+ case 2:
+ ARM64.HasATOMICS = true
+ }
+
+ switch extractBits(isar0, 28, 31) {
+ case 1:
+ ARM64.HasASIMDRDM = true
+ }
+
+ switch extractBits(isar0, 32, 35) {
+ case 1:
+ ARM64.HasSHA3 = true
+ }
+
+ switch extractBits(isar0, 36, 39) {
+ case 1:
+ ARM64.HasSM3 = true
+ }
+
+ switch extractBits(isar0, 40, 43) {
+ case 1:
+ ARM64.HasSM4 = true
+ }
+
+ switch extractBits(isar0, 44, 47) {
+ case 1:
+ ARM64.HasASIMDDP = true
+ }
+
+ // ID_AA64ISAR1_EL1
+ switch extractBits(isar1, 0, 3) {
+ case 1:
+ ARM64.HasDCPOP = true
+ }
+
+ switch extractBits(isar1, 12, 15) {
+ case 1:
+ ARM64.HasJSCVT = true
+ }
+
+ switch extractBits(isar1, 16, 19) {
+ case 1:
+ ARM64.HasFCMA = true
+ }
+
+ switch extractBits(isar1, 20, 23) {
+ case 1:
+ ARM64.HasLRCPC = true
+ }
+
+ switch extractBits(isar1, 52, 55) {
+ case 1:
+ ARM64.HasI8MM = true
+ }
+
+ // ID_AA64PFR0_EL1
+ switch extractBits(pfr0, 16, 19) {
+ case 0:
+ ARM64.HasFP = true
+ case 1:
+ ARM64.HasFP = true
+ ARM64.HasFPHP = true
+ }
+
+ switch extractBits(pfr0, 20, 23) {
+ case 0:
+ ARM64.HasASIMD = true
+ case 1:
+ ARM64.HasASIMD = true
+ ARM64.HasASIMDHP = true
+ }
+
+ switch extractBits(pfr0, 32, 35) {
+ case 1:
+ ARM64.HasSVE = true
+
+ parseARM64SVERegister(getzfr0())
+ }
+
+ switch extractBits(pfr0, 48, 51) {
+ case 1:
+ ARM64.HasDIT = true
+ }
+}
+
+func parseARM64SVERegister(zfr0 uint64) {
+ switch extractBits(zfr0, 0, 3) {
+ case 1:
+ ARM64.HasSVE2 = true
+ }
+}
+
+func extractBits(data uint64, start, end uint) uint {
+ return (uint)(data>>start) & ((1 << (end - start + 1)) - 1)
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
new file mode 100644
index 0000000000000000000000000000000000000000..22cc99844a75693c78f2241ac334da02644411fc
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_arm64.s
@@ -0,0 +1,39 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+
+#include "textflag.h"
+
+// func getisar0() uint64
+TEXT ·getisar0(SB),NOSPLIT,$0-8
+ // get Instruction Set Attributes 0 into x0
+ // mrs x0, ID_AA64ISAR0_EL1 = d5380600
+ WORD $0xd5380600
+ MOVD R0, ret+0(FP)
+ RET
+
+// func getisar1() uint64
+TEXT ·getisar1(SB),NOSPLIT,$0-8
+ // get Instruction Set Attributes 1 into x0
+ // mrs x0, ID_AA64ISAR1_EL1 = d5380620
+ WORD $0xd5380620
+ MOVD R0, ret+0(FP)
+ RET
+
+// func getpfr0() uint64
+TEXT ·getpfr0(SB),NOSPLIT,$0-8
+ // get Processor Feature Register 0 into x0
+ // mrs x0, ID_AA64PFR0_EL1 = d5380400
+ WORD $0xd5380400
+ MOVD R0, ret+0(FP)
+ RET
+
+// func getzfr0() uint64
+TEXT ·getzfr0(SB),NOSPLIT,$0-8
+ // get SVE Feature Register 0 into x0
+ // mrs x0, ID_AA64ZFR0_EL1 = d5380480
+ WORD $0xd5380480
+ MOVD R0, ret+0(FP)
+ RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_darwin_x86.go b/vendor/golang.org/x/sys/cpu/cpu_darwin_x86.go
new file mode 100644
index 0000000000000000000000000000000000000000..b838cb9e956e61f625d7976f3a123f44072e529b
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_darwin_x86.go
@@ -0,0 +1,61 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build darwin && amd64 && gc
+
+package cpu
+
+// darwinSupportsAVX512 checks Darwin kernel for AVX512 support via sysctl
+// call (see issue 43089). It also restricts AVX512 support for Darwin to
+// kernel version 21.3.0 (MacOS 12.2.0) or later (see issue 49233).
+//
+// Background:
+// Darwin implements a special mechanism to economize on thread state when
+// AVX512 specific registers are not in use. This scheme minimizes state when
+// preempting threads that haven't yet used any AVX512 instructions, but adds
+// special requirements to check for AVX512 hardware support at runtime (e.g.
+// via sysctl call or commpage inspection). See issue 43089 and link below for
+// full background:
+// https://github.com/apple-oss-distributions/xnu/blob/xnu-11215.1.10/osfmk/i386/fpu.c#L214-L240
+//
+// Additionally, all versions of the Darwin kernel from 19.6.0 through 21.2.0
+// (corresponding to MacOS 10.15.6 - 12.1) have a bug that can cause corruption
+// of the AVX512 mask registers (K0-K7) upon signal return. For this reason
+// AVX512 is considered unsafe to use on Darwin for kernel versions prior to
+// 21.3.0, where a fix has been confirmed. See issue 49233 for full background.
+func darwinSupportsAVX512() bool {
+ return darwinSysctlEnabled([]byte("hw.optional.avx512f\x00")) && darwinKernelVersionCheck(21, 3, 0)
+}
+
+// Ensure Darwin kernel version is at least major.minor.patch, avoiding dependencies
+func darwinKernelVersionCheck(major, minor, patch int) bool {
+ var release [256]byte
+ err := darwinOSRelease(&release)
+ if err != nil {
+ return false
+ }
+
+ var mmp [3]int
+ c := 0
+Loop:
+ for _, b := range release[:] {
+ switch {
+ case b >= '0' && b <= '9':
+ mmp[c] = 10*mmp[c] + int(b-'0')
+ case b == '.':
+ c++
+ if c > 2 {
+ return false
+ }
+ case b == 0:
+ break Loop
+ default:
+ return false
+ }
+ }
+ if c != 2 {
+ return false
+ }
+ return mmp[0] > major || mmp[0] == major && (mmp[1] > minor || mmp[1] == minor && mmp[2] >= patch)
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
new file mode 100644
index 0000000000000000000000000000000000000000..6ac6e1efb2087b950ad459226610811485fce2d1
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_arm64.go
@@ -0,0 +1,12 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+
+package cpu
+
+func getisar0() uint64
+func getisar1() uint64
+func getpfr0() uint64
+func getzfr0() uint64
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
new file mode 100644
index 0000000000000000000000000000000000000000..c8ae6ddc156f50b564d2398f8fb6286a8602e5f0
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_s390x.go
@@ -0,0 +1,21 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+
+package cpu
+
+// haveAsmFunctions reports whether the other functions in this file can
+// be safely called.
+func haveAsmFunctions() bool { return true }
+
+// The following feature detection functions are defined in cpu_s390x.s.
+// They are likely to be expensive to call so the results should be cached.
+func stfle() facilityList
+func kmQuery() queryResult
+func kmcQuery() queryResult
+func kmctrQuery() queryResult
+func kmaQuery() queryResult
+func kimdQuery() queryResult
+func klmdQuery() queryResult
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
new file mode 100644
index 0000000000000000000000000000000000000000..32a44514e245fe38568a04ce77817b1b8c01aa73
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.go
@@ -0,0 +1,15 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (386 || amd64 || amd64p32) && gc
+
+package cpu
+
+// cpuid is implemented in cpu_gc_x86.s for gc compiler
+// and in cpu_gccgo.c for gccgo.
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
+
+// xgetbv with ecx = 0 is implemented in cpu_gc_x86.s for gc compiler
+// and in cpu_gccgo.c for gccgo.
+func xgetbv() (eax, edx uint32)
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gc_x86.s b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.s
new file mode 100644
index 0000000000000000000000000000000000000000..ce208ce6d6a3a64925076de5b9db96a4afedaf0d
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gc_x86.s
@@ -0,0 +1,26 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (386 || amd64 || amd64p32) && gc
+
+#include "textflag.h"
+
+// func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·cpuid(SB), NOSPLIT, $0-24
+ MOVL eaxArg+0(FP), AX
+ MOVL ecxArg+4(FP), CX
+ CPUID
+ MOVL AX, eax+8(FP)
+ MOVL BX, ebx+12(FP)
+ MOVL CX, ecx+16(FP)
+ MOVL DX, edx+20(FP)
+ RET
+
+// func xgetbv() (eax, edx uint32)
+TEXT ·xgetbv(SB), NOSPLIT, $0-8
+ MOVL $0, CX
+ XGETBV
+ MOVL AX, eax+0(FP)
+ MOVL DX, edx+4(FP)
+ RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
new file mode 100644
index 0000000000000000000000000000000000000000..7f1946780bd305c1d17491b40bc4062ea32d228d
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_arm64.go
@@ -0,0 +1,11 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gccgo
+
+package cpu
+
+func getisar0() uint64 { return 0 }
+func getisar1() uint64 { return 0 }
+func getpfr0() uint64 { return 0 }
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
new file mode 100644
index 0000000000000000000000000000000000000000..9526d2ce3a957e675e79b7e9084860934fbc3c57
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_s390x.go
@@ -0,0 +1,22 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gccgo
+
+package cpu
+
+// haveAsmFunctions reports whether the other functions in this file can
+// be safely called.
+func haveAsmFunctions() bool { return false }
+
+// TODO(mundaym): the following feature detection functions are currently
+// stubs. See https://golang.org/cl/162887 for how to fix this.
+// They are likely to be expensive to call so the results should be cached.
+func stfle() facilityList { panic("not implemented for gccgo") }
+func kmQuery() queryResult { panic("not implemented for gccgo") }
+func kmcQuery() queryResult { panic("not implemented for gccgo") }
+func kmctrQuery() queryResult { panic("not implemented for gccgo") }
+func kmaQuery() queryResult { panic("not implemented for gccgo") }
+func kimdQuery() queryResult { panic("not implemented for gccgo") }
+func klmdQuery() queryResult { panic("not implemented for gccgo") }
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
new file mode 100644
index 0000000000000000000000000000000000000000..3f73a05dcf328b92c22ed7aa3b62c7abe792fdd4
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.c
@@ -0,0 +1,37 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (386 || amd64 || amd64p32) && gccgo
+
+#include <cpuid.h>
+#include <stdint.h>
+#include <x86intrin.h>
+
+// Need to wrap __get_cpuid_count because it's declared as static.
+int
+gccgoGetCpuidCount(uint32_t leaf, uint32_t subleaf,
+ uint32_t *eax, uint32_t *ebx,
+ uint32_t *ecx, uint32_t *edx)
+{
+ return __get_cpuid_count(leaf, subleaf, eax, ebx, ecx, edx);
+}
+
+#pragma GCC diagnostic ignored "-Wunknown-pragmas"
+#pragma GCC push_options
+#pragma GCC target("xsave")
+#pragma clang attribute push (__attribute__((target("xsave"))), apply_to=function)
+
+// xgetbv reads the contents of an XCR (Extended Control Register)
+// specified in the ECX register into registers EDX:EAX.
+// Currently, the only supported value for XCR is 0.
+void
+gccgoXgetbv(uint32_t *eax, uint32_t *edx)
+{
+ uint64_t v = _xgetbv(0);
+ *eax = v & 0xffffffff;
+ *edx = v >> 32;
+}
+
+#pragma clang attribute pop
+#pragma GCC pop_options
diff --git a/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
new file mode 100644
index 0000000000000000000000000000000000000000..170d21ddfda4163fb6d9d2094fb62ff9e027fb65
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_gccgo_x86.go
@@ -0,0 +1,25 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build (386 || amd64 || amd64p32) && gccgo
+
+package cpu
+
+//extern gccgoGetCpuidCount
+func gccgoGetCpuidCount(eaxArg, ecxArg uint32, eax, ebx, ecx, edx *uint32)
+
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) {
+ var a, b, c, d uint32
+ gccgoGetCpuidCount(eaxArg, ecxArg, &a, &b, &c, &d)
+ return a, b, c, d
+}
+
+//extern gccgoXgetbv
+func gccgoXgetbv(eax, edx *uint32)
+
+func xgetbv() (eax, edx uint32) {
+ var a, d uint32
+ gccgoXgetbv(&a, &d)
+ return a, d
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux.go b/vendor/golang.org/x/sys/cpu/cpu_linux.go
new file mode 100644
index 0000000000000000000000000000000000000000..743eb54354b598b61a295d11e04a3f3f95b4b9df
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux.go
@@ -0,0 +1,15 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !386 && !amd64 && !amd64p32 && !arm64
+
+package cpu
+
+func archInit() {
+ if err := readHWCAP(); err != nil {
+ return
+ }
+ doinit()
+ Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go b/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go
new file mode 100644
index 0000000000000000000000000000000000000000..2057006dce4c0d7d3a8acc0cd720042ef277738b
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_arm.go
@@ -0,0 +1,39 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+func doinit() {
+ ARM.HasSWP = isSet(hwCap, hwcap_SWP)
+ ARM.HasHALF = isSet(hwCap, hwcap_HALF)
+ ARM.HasTHUMB = isSet(hwCap, hwcap_THUMB)
+ ARM.Has26BIT = isSet(hwCap, hwcap_26BIT)
+ ARM.HasFASTMUL = isSet(hwCap, hwcap_FAST_MULT)
+ ARM.HasFPA = isSet(hwCap, hwcap_FPA)
+ ARM.HasVFP = isSet(hwCap, hwcap_VFP)
+ ARM.HasEDSP = isSet(hwCap, hwcap_EDSP)
+ ARM.HasJAVA = isSet(hwCap, hwcap_JAVA)
+ ARM.HasIWMMXT = isSet(hwCap, hwcap_IWMMXT)
+ ARM.HasCRUNCH = isSet(hwCap, hwcap_CRUNCH)
+ ARM.HasTHUMBEE = isSet(hwCap, hwcap_THUMBEE)
+ ARM.HasNEON = isSet(hwCap, hwcap_NEON)
+ ARM.HasVFPv3 = isSet(hwCap, hwcap_VFPv3)
+ ARM.HasVFPv3D16 = isSet(hwCap, hwcap_VFPv3D16)
+ ARM.HasTLS = isSet(hwCap, hwcap_TLS)
+ ARM.HasVFPv4 = isSet(hwCap, hwcap_VFPv4)
+ ARM.HasIDIVA = isSet(hwCap, hwcap_IDIVA)
+ ARM.HasIDIVT = isSet(hwCap, hwcap_IDIVT)
+ ARM.HasVFPD32 = isSet(hwCap, hwcap_VFPD32)
+ ARM.HasLPAE = isSet(hwCap, hwcap_LPAE)
+ ARM.HasEVTSTRM = isSet(hwCap, hwcap_EVTSTRM)
+ ARM.HasAES = isSet(hwCap2, hwcap2_AES)
+ ARM.HasPMULL = isSet(hwCap2, hwcap2_PMULL)
+ ARM.HasSHA1 = isSet(hwCap2, hwcap2_SHA1)
+ ARM.HasSHA2 = isSet(hwCap2, hwcap2_SHA2)
+ ARM.HasCRC32 = isSet(hwCap2, hwcap2_CRC32)
+}
+
+func isSet(hwc uint, value uint) bool {
+ return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go
new file mode 100644
index 0000000000000000000000000000000000000000..f1caf0f78e24b65db57f1b599d8bead8e1d9d65f
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_arm64.go
@@ -0,0 +1,120 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+ "strings"
+ "syscall"
+)
+
+// HWCAP/HWCAP2 bits. These are exposed by Linux.
+const (
+ hwcap_FP = 1 << 0
+ hwcap_ASIMD = 1 << 1
+ hwcap_EVTSTRM = 1 << 2
+ hwcap_AES = 1 << 3
+ hwcap_PMULL = 1 << 4
+ hwcap_SHA1 = 1 << 5
+ hwcap_SHA2 = 1 << 6
+ hwcap_CRC32 = 1 << 7
+ hwcap_ATOMICS = 1 << 8
+ hwcap_FPHP = 1 << 9
+ hwcap_ASIMDHP = 1 << 10
+ hwcap_CPUID = 1 << 11
+ hwcap_ASIMDRDM = 1 << 12
+ hwcap_JSCVT = 1 << 13
+ hwcap_FCMA = 1 << 14
+ hwcap_LRCPC = 1 << 15
+ hwcap_DCPOP = 1 << 16
+ hwcap_SHA3 = 1 << 17
+ hwcap_SM3 = 1 << 18
+ hwcap_SM4 = 1 << 19
+ hwcap_ASIMDDP = 1 << 20
+ hwcap_SHA512 = 1 << 21
+ hwcap_SVE = 1 << 22
+ hwcap_ASIMDFHM = 1 << 23
+ hwcap_DIT = 1 << 24
+
+ hwcap2_SVE2 = 1 << 1
+ hwcap2_I8MM = 1 << 13
+)
+
+// linuxKernelCanEmulateCPUID reports whether we're running
+// on Linux 4.11+. Ideally we'd like to ask the question about
+// whether the current kernel contains
+// https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77c97b4ee21290f5f083173d957843b615abbff2
+// but the version number will have to do.
+func linuxKernelCanEmulateCPUID() bool {
+ var un syscall.Utsname
+ syscall.Uname(&un)
+ var sb strings.Builder
+ for _, b := range un.Release[:] {
+ if b == 0 {
+ break
+ }
+ sb.WriteByte(byte(b))
+ }
+ major, minor, _, ok := parseRelease(sb.String())
+ return ok && (major > 4 || major == 4 && minor >= 11)
+}
+
+func doinit() {
+ if err := readHWCAP(); err != nil {
+ // We failed to read /proc/self/auxv. This can happen if the binary has
+ // been given extra capabilities(7) with /bin/setcap.
+ //
+ // When this happens, we have two options. If the Linux kernel is new
+ // enough (4.11+), we can read the arm64 registers directly which'll
+ // trap into the kernel and then return back to userspace.
+ //
+ // But on older kernels, such as Linux 4.4.180 as used on many Synology
+ // devices, calling readARM64Registers (specifically getisar0) will
+ // cause a SIGILL and we'll die. So for older kernels, parse /proc/cpuinfo
+ // instead.
+ //
+ // See golang/go#57336.
+ if linuxKernelCanEmulateCPUID() {
+ readARM64Registers()
+ } else {
+ readLinuxProcCPUInfo()
+ }
+ return
+ }
+
+ // HWCAP feature bits
+ ARM64.HasFP = isSet(hwCap, hwcap_FP)
+ ARM64.HasASIMD = isSet(hwCap, hwcap_ASIMD)
+ ARM64.HasEVTSTRM = isSet(hwCap, hwcap_EVTSTRM)
+ ARM64.HasAES = isSet(hwCap, hwcap_AES)
+ ARM64.HasPMULL = isSet(hwCap, hwcap_PMULL)
+ ARM64.HasSHA1 = isSet(hwCap, hwcap_SHA1)
+ ARM64.HasSHA2 = isSet(hwCap, hwcap_SHA2)
+ ARM64.HasCRC32 = isSet(hwCap, hwcap_CRC32)
+ ARM64.HasATOMICS = isSet(hwCap, hwcap_ATOMICS)
+ ARM64.HasFPHP = isSet(hwCap, hwcap_FPHP)
+ ARM64.HasASIMDHP = isSet(hwCap, hwcap_ASIMDHP)
+ ARM64.HasCPUID = isSet(hwCap, hwcap_CPUID)
+ ARM64.HasASIMDRDM = isSet(hwCap, hwcap_ASIMDRDM)
+ ARM64.HasJSCVT = isSet(hwCap, hwcap_JSCVT)
+ ARM64.HasFCMA = isSet(hwCap, hwcap_FCMA)
+ ARM64.HasLRCPC = isSet(hwCap, hwcap_LRCPC)
+ ARM64.HasDCPOP = isSet(hwCap, hwcap_DCPOP)
+ ARM64.HasSHA3 = isSet(hwCap, hwcap_SHA3)
+ ARM64.HasSM3 = isSet(hwCap, hwcap_SM3)
+ ARM64.HasSM4 = isSet(hwCap, hwcap_SM4)
+ ARM64.HasASIMDDP = isSet(hwCap, hwcap_ASIMDDP)
+ ARM64.HasSHA512 = isSet(hwCap, hwcap_SHA512)
+ ARM64.HasSVE = isSet(hwCap, hwcap_SVE)
+ ARM64.HasASIMDFHM = isSet(hwCap, hwcap_ASIMDFHM)
+ ARM64.HasDIT = isSet(hwCap, hwcap_DIT)
+
+ // HWCAP2 feature bits
+ ARM64.HasSVE2 = isSet(hwCap2, hwcap2_SVE2)
+ ARM64.HasI8MM = isSet(hwCap2, hwcap2_I8MM)
+}
+
+func isSet(hwc uint, value uint) bool {
+ return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
new file mode 100644
index 0000000000000000000000000000000000000000..4686c1d541d888a71ef645882666639daeda9e6e
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_mips64x.go
@@ -0,0 +1,22 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && (mips64 || mips64le)
+
+package cpu
+
+// HWCAP bits. These are exposed by the Linux kernel 5.4.
+const (
+ // CPU features
+ hwcap_MIPS_MSA = 1 << 1
+)
+
+func doinit() {
+ // HWCAP feature bits
+ MIPS64X.HasMSA = isSet(hwCap, hwcap_MIPS_MSA)
+}
+
+func isSet(hwc uint, value uint) bool {
+ return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
new file mode 100644
index 0000000000000000000000000000000000000000..7d902b6847bbf90526eb980e09039a79cebcceda
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_noinit.go
@@ -0,0 +1,9 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && !arm && !arm64 && !mips64 && !mips64le && !ppc64 && !ppc64le && !s390x && !riscv64
+
+package cpu
+
+func doinit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
new file mode 100644
index 0000000000000000000000000000000000000000..197188e67f34368bdcfae683cd73a32fbf22c054
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_ppc64x.go
@@ -0,0 +1,30 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && (ppc64 || ppc64le)
+
+package cpu
+
+// HWCAP/HWCAP2 bits. These are exposed by the kernel.
+const (
+ // ISA Level
+ _PPC_FEATURE2_ARCH_2_07 = 0x80000000
+ _PPC_FEATURE2_ARCH_3_00 = 0x00800000
+
+ // CPU features
+ _PPC_FEATURE2_DARN = 0x00200000
+ _PPC_FEATURE2_SCV = 0x00100000
+)
+
+func doinit() {
+ // HWCAP2 feature bits
+ PPC64.IsPOWER8 = isSet(hwCap2, _PPC_FEATURE2_ARCH_2_07)
+ PPC64.IsPOWER9 = isSet(hwCap2, _PPC_FEATURE2_ARCH_3_00)
+ PPC64.HasDARN = isSet(hwCap2, _PPC_FEATURE2_DARN)
+ PPC64.HasSCV = isSet(hwCap2, _PPC_FEATURE2_SCV)
+}
+
+func isSet(hwc uint, value uint) bool {
+ return hwc&value != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_linux_riscv64.go
new file mode 100644
index 0000000000000000000000000000000000000000..cb4a0c5728073c634d2cf69b3d76286e013a82ae
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_riscv64.go
@@ -0,0 +1,137 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+ "syscall"
+ "unsafe"
+)
+
+// RISC-V extension discovery code for Linux. The approach here is to first try the riscv_hwprobe
+// syscall falling back to HWCAP to check for the C extension if riscv_hwprobe is not available.
+//
+// A note on detection of the Vector extension using HWCAP.
+//
+// Support for the Vector extension version 1.0 was added to the Linux kernel in release 6.5.
+// Support for the riscv_hwprobe syscall was added in 6.4. It follows that if the riscv_hwprobe
+// syscall is not available then neither is the Vector extension (which needs kernel support).
+// The riscv_hwprobe syscall should then be all we need to detect the Vector extension.
+// However, some RISC-V board manufacturers ship boards with an older kernel on top of which
+// they have back-ported various versions of the Vector extension patches but not the riscv_hwprobe
+// patches. These kernels advertise support for the Vector extension using HWCAP. Falling
+// back to HWCAP to detect the Vector extension, if riscv_hwprobe is not available, or simply not
+// bothering with riscv_hwprobe at all and just using HWCAP may then seem like an attractive option.
+//
+// Unfortunately, simply checking the 'V' bit in AT_HWCAP will not work as this bit is used by
+// RISC-V board and cloud instance providers to mean different things. The Lichee Pi 4A board
+// and the Scaleway RV1 cloud instances use the 'V' bit to advertise their support for the unratified
+// 0.7.1 version of the Vector Specification. The Banana Pi BPI-F3 and the CanMV-K230 board use
+// it to advertise support for 1.0 of the Vector extension. Versions 0.7.1 and 1.0 of the Vector
+// extension are binary incompatible. HWCAP can then not be used in isolation to populate the
+// HasV field as this field indicates that the underlying CPU is compatible with RVV 1.0.
+//
+// There is a way at runtime to distinguish between versions 0.7.1 and 1.0 of the Vector
+// specification by issuing a RVV 1.0 vsetvli instruction and checking the vill bit of the vtype
+// register. This check would allow us to safely detect version 1.0 of the Vector extension
+// with HWCAP, if riscv_hwprobe were not available. However, the check cannot
+// be added until the assembler supports the Vector instructions.
+//
+// Note the riscv_hwprobe syscall does not suffer from these ambiguities by design as all of the
+// extensions it advertises support for are explicitly versioned. It's also worth noting that
+// the riscv_hwprobe syscall is the only way to detect multi-letter RISC-V extensions, e.g., Zba.
+// These cannot be detected using HWCAP and so riscv_hwprobe must be used to detect the majority
+// of RISC-V extensions.
+//
+// Please see https://docs.kernel.org/arch/riscv/hwprobe.html for more information.
+
+// golang.org/x/sys/cpu is not allowed to depend on golang.org/x/sys/unix so we must
+// reproduce the constants, types and functions needed to make the riscv_hwprobe syscall
+// here.
+
+const (
+ // Copied from golang.org/x/sys/unix/ztypes_linux_riscv64.go.
+ riscv_HWPROBE_KEY_IMA_EXT_0 = 0x4
+ riscv_HWPROBE_IMA_C = 0x2
+ riscv_HWPROBE_IMA_V = 0x4
+ riscv_HWPROBE_EXT_ZBA = 0x8
+ riscv_HWPROBE_EXT_ZBB = 0x10
+ riscv_HWPROBE_EXT_ZBS = 0x20
+ riscv_HWPROBE_KEY_CPUPERF_0 = 0x5
+ riscv_HWPROBE_MISALIGNED_FAST = 0x3
+ riscv_HWPROBE_MISALIGNED_MASK = 0x7
+)
+
+const (
+ // sys_RISCV_HWPROBE is copied from golang.org/x/sys/unix/zsysnum_linux_riscv64.go.
+ sys_RISCV_HWPROBE = 258
+)
+
+// riscvHWProbePairs is copied from golang.org/x/sys/unix/ztypes_linux_riscv64.go.
+type riscvHWProbePairs struct {
+ key int64
+ value uint64
+}
+
+const (
+ // CPU features
+ hwcap_RISCV_ISA_C = 1 << ('C' - 'A')
+)
+
+func doinit() {
+ // A slice of key/value pair structures is passed to the RISCVHWProbe syscall. The key
+ // field should be initialised with one of the key constants defined above, e.g.,
+ // RISCV_HWPROBE_KEY_IMA_EXT_0. The syscall will set the value field to the appropriate value.
+ // If the kernel does not recognise a key it will set the key field to -1 and the value field to 0.
+
+ pairs := []riscvHWProbePairs{
+ {riscv_HWPROBE_KEY_IMA_EXT_0, 0},
+ {riscv_HWPROBE_KEY_CPUPERF_0, 0},
+ }
+
+ // This call only indicates that extensions are supported if they are implemented on all cores.
+ if riscvHWProbe(pairs, 0) {
+ if pairs[0].key != -1 {
+ v := uint(pairs[0].value)
+ RISCV64.HasC = isSet(v, riscv_HWPROBE_IMA_C)
+ RISCV64.HasV = isSet(v, riscv_HWPROBE_IMA_V)
+ RISCV64.HasZba = isSet(v, riscv_HWPROBE_EXT_ZBA)
+ RISCV64.HasZbb = isSet(v, riscv_HWPROBE_EXT_ZBB)
+ RISCV64.HasZbs = isSet(v, riscv_HWPROBE_EXT_ZBS)
+ }
+ if pairs[1].key != -1 {
+ v := pairs[1].value & riscv_HWPROBE_MISALIGNED_MASK
+ RISCV64.HasFastMisaligned = v == riscv_HWPROBE_MISALIGNED_FAST
+ }
+ }
+
+ // Let's double check with HWCAP if the C extension does not appear to be supported.
+ // This may happen if we're running on a kernel older than 6.4.
+
+ if !RISCV64.HasC {
+ RISCV64.HasC = isSet(hwCap, hwcap_RISCV_ISA_C)
+ }
+}
+
+func isSet(hwc uint, value uint) bool {
+ return hwc&value != 0
+}
+
+// riscvHWProbe is a simplified version of the generated wrapper function found in
+// golang.org/x/sys/unix/zsyscall_linux_riscv64.go. We simplify it by removing the
+// cpuCount and cpus parameters which we do not need. We always want to pass 0 for
+// these parameters here so the kernel only reports the extensions that are present
+// on all cores.
+func riscvHWProbe(pairs []riscvHWProbePairs, flags uint) bool {
+ var _zero uintptr
+ var p0 unsafe.Pointer
+ if len(pairs) > 0 {
+ p0 = unsafe.Pointer(&pairs[0])
+ } else {
+ p0 = unsafe.Pointer(&_zero)
+ }
+
+ _, _, e1 := syscall.Syscall6(sys_RISCV_HWPROBE, uintptr(p0), uintptr(len(pairs)), uintptr(0), uintptr(0), uintptr(flags), 0)
+ return e1 == 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go
new file mode 100644
index 0000000000000000000000000000000000000000..1517ac61d31b5aef0d3e9d3d9df18ca199e4a580
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_linux_s390x.go
@@ -0,0 +1,40 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const (
+ // bit mask values from /usr/include/bits/hwcap.h
+ hwcap_ZARCH = 2
+ hwcap_STFLE = 4
+ hwcap_MSA = 8
+ hwcap_LDISP = 16
+ hwcap_EIMM = 32
+ hwcap_DFP = 64
+ hwcap_ETF3EH = 256
+ hwcap_VX = 2048
+ hwcap_VXE = 8192
+)
+
+func initS390Xbase() {
+ // test HWCAP bit vector
+ has := func(featureMask uint) bool {
+ return hwCap&featureMask == featureMask
+ }
+
+ // mandatory
+ S390X.HasZARCH = has(hwcap_ZARCH)
+
+ // optional
+ S390X.HasSTFLE = has(hwcap_STFLE)
+ S390X.HasLDISP = has(hwcap_LDISP)
+ S390X.HasEIMM = has(hwcap_EIMM)
+ S390X.HasETF3EH = has(hwcap_ETF3EH)
+ S390X.HasDFP = has(hwcap_DFP)
+ S390X.HasMSA = has(hwcap_MSA)
+ S390X.HasVX = has(hwcap_VX)
+ if S390X.HasVX {
+ S390X.HasVXE = has(hwcap_VXE)
+ }
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_loong64.go b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
new file mode 100644
index 0000000000000000000000000000000000000000..558635850c7860085e2b14ce20d01cf2aa39ab3c
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_loong64.go
@@ -0,0 +1,12 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build loong64
+
+package cpu
+
+const cacheLineSize = 64
+
+func initOptions() {
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
new file mode 100644
index 0000000000000000000000000000000000000000..fedb00cc4cb9f1dd8fc7fcc78a8bd148b0898b71
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_mips64x.go
@@ -0,0 +1,15 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build mips64 || mips64le
+
+package cpu
+
+const cacheLineSize = 32
+
+func initOptions() {
+ options = []option{
+ {Name: "msa", Feature: &MIPS64X.HasMSA},
+ }
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_mipsx.go b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
new file mode 100644
index 0000000000000000000000000000000000000000..ffb4ec7eb39e57d8230c0fa4c787543aec7deadc
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_mipsx.go
@@ -0,0 +1,11 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build mips || mipsle
+
+package cpu
+
+const cacheLineSize = 32
+
+func initOptions() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go
new file mode 100644
index 0000000000000000000000000000000000000000..ebfb3fc8e76d2acc9d337527e450fb3d69f8107b
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_netbsd_arm64.go
@@ -0,0 +1,173 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+ "syscall"
+ "unsafe"
+)
+
+// Minimal copy of functionality from x/sys/unix so the cpu package can call
+// sysctl without depending on x/sys/unix.
+
+const (
+ _CTL_QUERY = -2
+
+ _SYSCTL_VERS_1 = 0x1000000
+)
+
+var _zero uintptr
+
+func sysctl(mib []int32, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+ var _p0 unsafe.Pointer
+ if len(mib) > 0 {
+ _p0 = unsafe.Pointer(&mib[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ _, _, errno := syscall.Syscall6(
+ syscall.SYS___SYSCTL,
+ uintptr(_p0),
+ uintptr(len(mib)),
+ uintptr(unsafe.Pointer(old)),
+ uintptr(unsafe.Pointer(oldlen)),
+ uintptr(unsafe.Pointer(new)),
+ uintptr(newlen))
+ if errno != 0 {
+ return errno
+ }
+ return nil
+}
+
+type sysctlNode struct {
+ Flags uint32
+ Num int32
+ Name [32]int8
+ Ver uint32
+ __rsvd uint32
+ Un [16]byte
+ _sysctl_size [8]byte
+ _sysctl_func [8]byte
+ _sysctl_parent [8]byte
+ _sysctl_desc [8]byte
+}
+
+func sysctlNodes(mib []int32) ([]sysctlNode, error) {
+ var olen uintptr
+
+ // Get a list of all sysctl nodes below the given MIB by performing
+ // a sysctl for the given MIB with CTL_QUERY appended.
+ mib = append(mib, _CTL_QUERY)
+ qnode := sysctlNode{Flags: _SYSCTL_VERS_1}
+ qp := (*byte)(unsafe.Pointer(&qnode))
+ sz := unsafe.Sizeof(qnode)
+ if err := sysctl(mib, nil, &olen, qp, sz); err != nil {
+ return nil, err
+ }
+
+ // Now that we know the size, get the actual nodes.
+ nodes := make([]sysctlNode, olen/sz)
+ np := (*byte)(unsafe.Pointer(&nodes[0]))
+ if err := sysctl(mib, np, &olen, qp, sz); err != nil {
+ return nil, err
+ }
+
+ return nodes, nil
+}
+
+func nametomib(name string) ([]int32, error) {
+ // Split name into components.
+ var parts []string
+ last := 0
+ for i := 0; i < len(name); i++ {
+ if name[i] == '.' {
+ parts = append(parts, name[last:i])
+ last = i + 1
+ }
+ }
+ parts = append(parts, name[last:])
+
+ mib := []int32{}
+ // Discover the nodes and construct the MIB OID.
+ for partno, part := range parts {
+ nodes, err := sysctlNodes(mib)
+ if err != nil {
+ return nil, err
+ }
+ for _, node := range nodes {
+ n := make([]byte, 0)
+ for i := range node.Name {
+ if node.Name[i] != 0 {
+ n = append(n, byte(node.Name[i]))
+ }
+ }
+ if string(n) == part {
+ mib = append(mib, int32(node.Num))
+ break
+ }
+ }
+ if len(mib) != partno+1 {
+ return nil, err
+ }
+ }
+
+ return mib, nil
+}
+
+// aarch64SysctlCPUID is struct aarch64_sysctl_cpu_id from NetBSD's <aarch64/armreg.h>
+type aarch64SysctlCPUID struct {
+ midr uint64 /* Main ID Register */
+ revidr uint64 /* Revision ID Register */
+ mpidr uint64 /* Multiprocessor Affinity Register */
+ aa64dfr0 uint64 /* A64 Debug Feature Register 0 */
+ aa64dfr1 uint64 /* A64 Debug Feature Register 1 */
+ aa64isar0 uint64 /* A64 Instruction Set Attribute Register 0 */
+ aa64isar1 uint64 /* A64 Instruction Set Attribute Register 1 */
+ aa64mmfr0 uint64 /* A64 Memory Model Feature Register 0 */
+ aa64mmfr1 uint64 /* A64 Memory Model Feature Register 1 */
+ aa64mmfr2 uint64 /* A64 Memory Model Feature Register 2 */
+ aa64pfr0 uint64 /* A64 Processor Feature Register 0 */
+ aa64pfr1 uint64 /* A64 Processor Feature Register 1 */
+ aa64zfr0 uint64 /* A64 SVE Feature ID Register 0 */
+ mvfr0 uint32 /* Media and VFP Feature Register 0 */
+ mvfr1 uint32 /* Media and VFP Feature Register 1 */
+ mvfr2 uint32 /* Media and VFP Feature Register 2 */
+ pad uint32
+ clidr uint64 /* Cache Level ID Register */
+ ctr uint64 /* Cache Type Register */
+}
+
+func sysctlCPUID(name string) (*aarch64SysctlCPUID, error) {
+ mib, err := nametomib(name)
+ if err != nil {
+ return nil, err
+ }
+
+ out := aarch64SysctlCPUID{}
+ n := unsafe.Sizeof(out)
+ _, _, errno := syscall.Syscall6(
+ syscall.SYS___SYSCTL,
+ uintptr(unsafe.Pointer(&mib[0])),
+ uintptr(len(mib)),
+ uintptr(unsafe.Pointer(&out)),
+ uintptr(unsafe.Pointer(&n)),
+ uintptr(0),
+ uintptr(0))
+ if errno != 0 {
+ return nil, errno
+ }
+ return &out, nil
+}
+
+func doinit() {
+ cpuid, err := sysctlCPUID("machdep.cpu0.cpu_id")
+ if err != nil {
+ setMinimalFeatures()
+ return
+ }
+ parseARM64SystemRegisters(cpuid.aa64isar0, cpuid.aa64isar1, cpuid.aa64pfr0)
+
+ Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go
new file mode 100644
index 0000000000000000000000000000000000000000..85b64d5ccb735e9387ee9dad8b583d4458bc6ffe
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.go
@@ -0,0 +1,65 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+ "syscall"
+ "unsafe"
+)
+
+// Minimal copy of functionality from x/sys/unix so the cpu package can call
+// sysctl without depending on x/sys/unix.
+
+const (
+ // From OpenBSD's sys/sysctl.h.
+ _CTL_MACHDEP = 7
+
+ // From OpenBSD's machine/cpu.h.
+ _CPU_ID_AA64ISAR0 = 2
+ _CPU_ID_AA64ISAR1 = 3
+)
+
+// Implemented in the runtime package (runtime/sys_openbsd3.go)
+func syscall_syscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err syscall.Errno)
+
+//go:linkname syscall_syscall6 syscall.syscall6
+
+func sysctl(mib []uint32, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
+ _, _, errno := syscall_syscall6(libc_sysctl_trampoline_addr, uintptr(unsafe.Pointer(&mib[0])), uintptr(len(mib)), uintptr(unsafe.Pointer(old)), uintptr(unsafe.Pointer(oldlen)), uintptr(unsafe.Pointer(new)), uintptr(newlen))
+ if errno != 0 {
+ return errno
+ }
+ return nil
+}
+
+var libc_sysctl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_sysctl sysctl "libc.so"
+
+func sysctlUint64(mib []uint32) (uint64, bool) {
+ var out uint64
+ nout := unsafe.Sizeof(out)
+ if err := sysctl(mib, (*byte)(unsafe.Pointer(&out)), &nout, nil, 0); err != nil {
+ return 0, false
+ }
+ return out, true
+}
+
+func doinit() {
+ setMinimalFeatures()
+
+ // Get ID_AA64ISAR0 and ID_AA64ISAR1 from sysctl.
+ isar0, ok := sysctlUint64([]uint32{_CTL_MACHDEP, _CPU_ID_AA64ISAR0})
+ if !ok {
+ return
+ }
+ isar1, ok := sysctlUint64([]uint32{_CTL_MACHDEP, _CPU_ID_AA64ISAR1})
+ if !ok {
+ return
+ }
+ parseARM64SystemRegisters(isar0, isar1, 0)
+
+ Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s
new file mode 100644
index 0000000000000000000000000000000000000000..054ba05d607b3ad0d6caf66c79b4c1333f7b1164
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_openbsd_arm64.s
@@ -0,0 +1,11 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "textflag.h"
+
+TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_sysctl(SB)
+
+GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
+DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
new file mode 100644
index 0000000000000000000000000000000000000000..e9ecf2a45674ac5e93d418e8e17b949613d9af72
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm.go
@@ -0,0 +1,9 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && arm
+
+package cpu
+
+func archInit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
new file mode 100644
index 0000000000000000000000000000000000000000..5341e7f88d7155dfe85293dc40d5aa412bc637c0
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_arm64.go
@@ -0,0 +1,9 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && !netbsd && !openbsd && arm64
+
+package cpu
+
+func doinit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
new file mode 100644
index 0000000000000000000000000000000000000000..5f8f2419ab85556e9c104d95e9f04efacaad9562
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_mips64x.go
@@ -0,0 +1,11 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && (mips64 || mips64le)
+
+package cpu
+
+func archInit() {
+ Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
new file mode 100644
index 0000000000000000000000000000000000000000..89608fba276300b0ae828d968a4ee53aa2e590d6
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_ppc64x.go
@@ -0,0 +1,12 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !aix && !linux && (ppc64 || ppc64le)
+
+package cpu
+
+func archInit() {
+ PPC64.IsPOWER8 = true
+ Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
new file mode 100644
index 0000000000000000000000000000000000000000..5ab87808f710956e0703c3a96dbf4a22db833e54
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_riscv64.go
@@ -0,0 +1,11 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux && riscv64
+
+package cpu
+
+func archInit() {
+ Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_other_x86.go b/vendor/golang.org/x/sys/cpu/cpu_other_x86.go
new file mode 100644
index 0000000000000000000000000000000000000000..a0fd7e2f75d37fe6f894f799caae51d9b6fe006f
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_other_x86.go
@@ -0,0 +1,11 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build 386 || amd64p32 || (amd64 && (!darwin || !gc))
+
+package cpu
+
+func darwinSupportsAVX512() bool {
+ panic("only implemented for gc && amd64 && darwin")
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
new file mode 100644
index 0000000000000000000000000000000000000000..c14f12b14942161d412c89d14e212cfbec6905a1
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_ppc64x.go
@@ -0,0 +1,16 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build ppc64 || ppc64le
+
+package cpu
+
+const cacheLineSize = 128
+
+func initOptions() {
+ options = []option{
+ {Name: "darn", Feature: &PPC64.HasDARN},
+ {Name: "scv", Feature: &PPC64.HasSCV},
+ }
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_riscv64.go b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
new file mode 100644
index 0000000000000000000000000000000000000000..aca3199c911690b3b2899e2ee373083e2ac66cdd
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_riscv64.go
@@ -0,0 +1,20 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build riscv64
+
+package cpu
+
+const cacheLineSize = 64
+
+func initOptions() {
+ options = []option{
+ {Name: "fastmisaligned", Feature: &RISCV64.HasFastMisaligned},
+ {Name: "c", Feature: &RISCV64.HasC},
+ {Name: "v", Feature: &RISCV64.HasV},
+ {Name: "zba", Feature: &RISCV64.HasZba},
+ {Name: "zbb", Feature: &RISCV64.HasZbb},
+ {Name: "zbs", Feature: &RISCV64.HasZbs},
+ }
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
new file mode 100644
index 0000000000000000000000000000000000000000..5881b8833f5a5370d8d012796e49d995dbf54955
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.go
@@ -0,0 +1,172 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 256
+
+func initOptions() {
+ options = []option{
+ {Name: "zarch", Feature: &S390X.HasZARCH, Required: true},
+ {Name: "stfle", Feature: &S390X.HasSTFLE, Required: true},
+ {Name: "ldisp", Feature: &S390X.HasLDISP, Required: true},
+ {Name: "eimm", Feature: &S390X.HasEIMM, Required: true},
+ {Name: "dfp", Feature: &S390X.HasDFP},
+ {Name: "etf3eh", Feature: &S390X.HasETF3EH},
+ {Name: "msa", Feature: &S390X.HasMSA},
+ {Name: "aes", Feature: &S390X.HasAES},
+ {Name: "aescbc", Feature: &S390X.HasAESCBC},
+ {Name: "aesctr", Feature: &S390X.HasAESCTR},
+ {Name: "aesgcm", Feature: &S390X.HasAESGCM},
+ {Name: "ghash", Feature: &S390X.HasGHASH},
+ {Name: "sha1", Feature: &S390X.HasSHA1},
+ {Name: "sha256", Feature: &S390X.HasSHA256},
+ {Name: "sha3", Feature: &S390X.HasSHA3},
+ {Name: "sha512", Feature: &S390X.HasSHA512},
+ {Name: "vx", Feature: &S390X.HasVX},
+ {Name: "vxe", Feature: &S390X.HasVXE},
+ }
+}
+
+// bitIsSet reports whether the bit at index is set. The bit index
+// is in big endian order, so bit index 0 is the leftmost bit.
+func bitIsSet(bits []uint64, index uint) bool {
+ return bits[index/64]&((1<<63)>>(index%64)) != 0
+}
+
+// facility is a bit index for the named facility.
+type facility uint8
+
+const (
+ // mandatory facilities
+ zarch facility = 1 // z architecture mode is active
+ stflef facility = 7 // store-facility-list-extended
+ ldisp facility = 18 // long-displacement
+ eimm facility = 21 // extended-immediate
+
+ // miscellaneous facilities
+ dfp facility = 42 // decimal-floating-point
+ etf3eh facility = 30 // extended-translation 3 enhancement
+
+ // cryptography facilities
+ msa facility = 17 // message-security-assist
+ msa3 facility = 76 // message-security-assist extension 3
+ msa4 facility = 77 // message-security-assist extension 4
+ msa5 facility = 57 // message-security-assist extension 5
+ msa8 facility = 146 // message-security-assist extension 8
+ msa9 facility = 155 // message-security-assist extension 9
+
+ // vector facilities
+ vx facility = 129 // vector facility
+ vxe facility = 135 // vector-enhancements 1
+ vxe2 facility = 148 // vector-enhancements 2
+)
+
+// facilityList contains the result of an STFLE call.
+// Bits are numbered in big endian order so the
+// leftmost bit (the MSB) is at index 0.
+type facilityList struct {
+ bits [4]uint64
+}
+
+// Has reports whether the given facilities are present.
+func (s *facilityList) Has(fs ...facility) bool {
+ if len(fs) == 0 {
+ panic("no facility bits provided")
+ }
+ for _, f := range fs {
+ if !bitIsSet(s.bits[:], uint(f)) {
+ return false
+ }
+ }
+ return true
+}
+
+// function is the code for the named cryptographic function.
+type function uint8
+
+const (
+ // KM{,A,C,CTR} function codes
+ aes128 function = 18 // AES-128
+ aes192 function = 19 // AES-192
+ aes256 function = 20 // AES-256
+
+ // K{I,L}MD function codes
+ sha1 function = 1 // SHA-1
+ sha256 function = 2 // SHA-256
+ sha512 function = 3 // SHA-512
+ sha3_224 function = 32 // SHA3-224
+ sha3_256 function = 33 // SHA3-256
+ sha3_384 function = 34 // SHA3-384
+ sha3_512 function = 35 // SHA3-512
+ shake128 function = 36 // SHAKE-128
+ shake256 function = 37 // SHAKE-256
+
+ // KLMD function codes
+ ghash function = 65 // GHASH
+)
+
+// queryResult contains the result of a Query function
+// call. Bits are numbered in big endian order so the
+// leftmost bit (the MSB) is at index 0.
+type queryResult struct {
+ bits [2]uint64
+}
+
+// Has reports whether the given functions are present.
+func (q *queryResult) Has(fns ...function) bool {
+ if len(fns) == 0 {
+ panic("no function codes provided")
+ }
+ for _, f := range fns {
+ if !bitIsSet(q.bits[:], uint(f)) {
+ return false
+ }
+ }
+ return true
+}
+
+func doinit() {
+ initS390Xbase()
+
+ // We need implementations of stfle, km and so on
+ // to detect cryptographic features.
+ if !haveAsmFunctions() {
+ return
+ }
+
+ // optional cryptographic functions
+ if S390X.HasMSA {
+ aes := []function{aes128, aes192, aes256}
+
+ // cipher message
+ km, kmc := kmQuery(), kmcQuery()
+ S390X.HasAES = km.Has(aes...)
+ S390X.HasAESCBC = kmc.Has(aes...)
+ if S390X.HasSTFLE {
+ facilities := stfle()
+ if facilities.Has(msa4) {
+ kmctr := kmctrQuery()
+ S390X.HasAESCTR = kmctr.Has(aes...)
+ }
+ if facilities.Has(msa8) {
+ kma := kmaQuery()
+ S390X.HasAESGCM = kma.Has(aes...)
+ }
+ }
+
+ // compute message digest
+ kimd := kimdQuery() // intermediate (no padding)
+ klmd := klmdQuery() // last (padding)
+ S390X.HasSHA1 = kimd.Has(sha1) && klmd.Has(sha1)
+ S390X.HasSHA256 = kimd.Has(sha256) && klmd.Has(sha256)
+ S390X.HasSHA512 = kimd.Has(sha512) && klmd.Has(sha512)
+ S390X.HasGHASH = kimd.Has(ghash) // KLMD-GHASH does not exist
+ sha3 := []function{
+ sha3_224, sha3_256, sha3_384, sha3_512,
+ shake128, shake256,
+ }
+ S390X.HasSHA3 = kimd.Has(sha3...) && klmd.Has(sha3...)
+ }
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_s390x.s b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
new file mode 100644
index 0000000000000000000000000000000000000000..1fb4b701334c529f3e08c56b21ede39a9e77bb06
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_s390x.s
@@ -0,0 +1,57 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build gc
+
+#include "textflag.h"
+
+// func stfle() facilityList
+TEXT ·stfle(SB), NOSPLIT|NOFRAME, $0-32
+ MOVD $ret+0(FP), R1
+ MOVD $3, R0 // last doubleword index to store
+ XC $32, (R1), (R1) // clear 4 doublewords (32 bytes)
+ WORD $0xb2b01000 // store facility list extended (STFLE)
+ RET
+
+// func kmQuery() queryResult
+TEXT ·kmQuery(SB), NOSPLIT|NOFRAME, $0-16
+ MOVD $0, R0 // set function code to 0 (KM-Query)
+ MOVD $ret+0(FP), R1 // address of 16-byte return value
+ WORD $0xB92E0024 // cipher message (KM)
+ RET
+
+// func kmcQuery() queryResult
+TEXT ·kmcQuery(SB), NOSPLIT|NOFRAME, $0-16
+ MOVD $0, R0 // set function code to 0 (KMC-Query)
+ MOVD $ret+0(FP), R1 // address of 16-byte return value
+ WORD $0xB92F0024 // cipher message with chaining (KMC)
+ RET
+
+// func kmctrQuery() queryResult
+TEXT ·kmctrQuery(SB), NOSPLIT|NOFRAME, $0-16
+ MOVD $0, R0 // set function code to 0 (KMCTR-Query)
+ MOVD $ret+0(FP), R1 // address of 16-byte return value
+ WORD $0xB92D4024 // cipher message with counter (KMCTR)
+ RET
+
+// func kmaQuery() queryResult
+TEXT ·kmaQuery(SB), NOSPLIT|NOFRAME, $0-16
+ MOVD $0, R0 // set function code to 0 (KMA-Query)
+ MOVD $ret+0(FP), R1 // address of 16-byte return value
+ WORD $0xb9296024 // cipher message with authentication (KMA)
+ RET
+
+// func kimdQuery() queryResult
+TEXT ·kimdQuery(SB), NOSPLIT|NOFRAME, $0-16
+ MOVD $0, R0 // set function code to 0 (KIMD-Query)
+ MOVD $ret+0(FP), R1 // address of 16-byte return value
+ WORD $0xB93E0024 // compute intermediate message digest (KIMD)
+ RET
+
+// func klmdQuery() queryResult
+TEXT ·klmdQuery(SB), NOSPLIT|NOFRAME, $0-16
+ MOVD $0, R0 // set function code to 0 (KLMD-Query)
+ MOVD $ret+0(FP), R1 // address of 16-byte return value
+ WORD $0xB93F0024 // compute last message digest (KLMD)
+ RET
diff --git a/vendor/golang.org/x/sys/cpu/cpu_wasm.go b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
new file mode 100644
index 0000000000000000000000000000000000000000..384787ea3062384428ab4c7a51a664f5b42efc1f
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_wasm.go
@@ -0,0 +1,17 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build wasm
+
+package cpu
+
+// We're compiling the cpu package for an unknown (software-abstracted) CPU.
+// Make CacheLinePad an empty struct and hope that the usual struct alignment
+// rules are good enough.
+
+const cacheLineSize = 0
+
+func initOptions() {}
+
+func archInit() {}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_x86.go b/vendor/golang.org/x/sys/cpu/cpu_x86.go
new file mode 100644
index 0000000000000000000000000000000000000000..600a6807861e7fd225b672283e2bc5c984eb13d6
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_x86.go
@@ -0,0 +1,149 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build 386 || amd64 || amd64p32
+
+package cpu
+
+import "runtime"
+
+const cacheLineSize = 64
+
+func initOptions() {
+ options = []option{
+ {Name: "adx", Feature: &X86.HasADX},
+ {Name: "aes", Feature: &X86.HasAES},
+ {Name: "avx", Feature: &X86.HasAVX},
+ {Name: "avx2", Feature: &X86.HasAVX2},
+ {Name: "avx512", Feature: &X86.HasAVX512},
+ {Name: "avx512f", Feature: &X86.HasAVX512F},
+ {Name: "avx512cd", Feature: &X86.HasAVX512CD},
+ {Name: "avx512er", Feature: &X86.HasAVX512ER},
+ {Name: "avx512pf", Feature: &X86.HasAVX512PF},
+ {Name: "avx512vl", Feature: &X86.HasAVX512VL},
+ {Name: "avx512bw", Feature: &X86.HasAVX512BW},
+ {Name: "avx512dq", Feature: &X86.HasAVX512DQ},
+ {Name: "avx512ifma", Feature: &X86.HasAVX512IFMA},
+ {Name: "avx512vbmi", Feature: &X86.HasAVX512VBMI},
+ {Name: "avx512vnniw", Feature: &X86.HasAVX5124VNNIW},
+ {Name: "avx5124fmaps", Feature: &X86.HasAVX5124FMAPS},
+ {Name: "avx512vpopcntdq", Feature: &X86.HasAVX512VPOPCNTDQ},
+ {Name: "avx512vpclmulqdq", Feature: &X86.HasAVX512VPCLMULQDQ},
+ {Name: "avx512vnni", Feature: &X86.HasAVX512VNNI},
+ {Name: "avx512gfni", Feature: &X86.HasAVX512GFNI},
+ {Name: "avx512vaes", Feature: &X86.HasAVX512VAES},
+ {Name: "avx512vbmi2", Feature: &X86.HasAVX512VBMI2},
+ {Name: "avx512bitalg", Feature: &X86.HasAVX512BITALG},
+ {Name: "avx512bf16", Feature: &X86.HasAVX512BF16},
+ {Name: "amxtile", Feature: &X86.HasAMXTile},
+ {Name: "amxint8", Feature: &X86.HasAMXInt8},
+ {Name: "amxbf16", Feature: &X86.HasAMXBF16},
+ {Name: "bmi1", Feature: &X86.HasBMI1},
+ {Name: "bmi2", Feature: &X86.HasBMI2},
+ {Name: "cx16", Feature: &X86.HasCX16},
+ {Name: "erms", Feature: &X86.HasERMS},
+ {Name: "fma", Feature: &X86.HasFMA},
+ {Name: "osxsave", Feature: &X86.HasOSXSAVE},
+ {Name: "pclmulqdq", Feature: &X86.HasPCLMULQDQ},
+ {Name: "popcnt", Feature: &X86.HasPOPCNT},
+ {Name: "rdrand", Feature: &X86.HasRDRAND},
+ {Name: "rdseed", Feature: &X86.HasRDSEED},
+ {Name: "sse3", Feature: &X86.HasSSE3},
+ {Name: "sse41", Feature: &X86.HasSSE41},
+ {Name: "sse42", Feature: &X86.HasSSE42},
+ {Name: "ssse3", Feature: &X86.HasSSSE3},
+
+ // These capabilities should always be enabled on amd64:
+ {Name: "sse2", Feature: &X86.HasSSE2, Required: runtime.GOARCH == "amd64"},
+ }
+}
+
+func archInit() {
+
+ Initialized = true
+
+ maxID, _, _, _ := cpuid(0, 0)
+
+ if maxID < 1 {
+ return
+ }
+
+ _, _, ecx1, edx1 := cpuid(1, 0)
+ X86.HasSSE2 = isSet(26, edx1)
+
+ X86.HasSSE3 = isSet(0, ecx1)
+ X86.HasPCLMULQDQ = isSet(1, ecx1)
+ X86.HasSSSE3 = isSet(9, ecx1)
+ X86.HasFMA = isSet(12, ecx1)
+ X86.HasCX16 = isSet(13, ecx1)
+ X86.HasSSE41 = isSet(19, ecx1)
+ X86.HasSSE42 = isSet(20, ecx1)
+ X86.HasPOPCNT = isSet(23, ecx1)
+ X86.HasAES = isSet(25, ecx1)
+ X86.HasOSXSAVE = isSet(27, ecx1)
+ X86.HasRDRAND = isSet(30, ecx1)
+
+ var osSupportsAVX, osSupportsAVX512 bool
+ // For XGETBV, OSXSAVE bit is required and sufficient.
+ if X86.HasOSXSAVE {
+ eax, _ := xgetbv()
+ // Check if XMM and YMM registers have OS support.
+ osSupportsAVX = isSet(1, eax) && isSet(2, eax)
+
+ if runtime.GOOS == "darwin" {
+ // Darwin requires special AVX512 checks, see cpu_darwin_x86.go
+ osSupportsAVX512 = osSupportsAVX && darwinSupportsAVX512()
+ } else {
+ // Check if OPMASK and ZMM registers have OS support.
+ osSupportsAVX512 = osSupportsAVX && isSet(5, eax) && isSet(6, eax) && isSet(7, eax)
+ }
+ }
+
+ X86.HasAVX = isSet(28, ecx1) && osSupportsAVX
+
+ if maxID < 7 {
+ return
+ }
+
+ _, ebx7, ecx7, edx7 := cpuid(7, 0)
+ X86.HasBMI1 = isSet(3, ebx7)
+ X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX
+ X86.HasBMI2 = isSet(8, ebx7)
+ X86.HasERMS = isSet(9, ebx7)
+ X86.HasRDSEED = isSet(18, ebx7)
+ X86.HasADX = isSet(19, ebx7)
+
+ X86.HasAVX512 = isSet(16, ebx7) && osSupportsAVX512 // Because avx-512 foundation is the core required extension
+ if X86.HasAVX512 {
+ X86.HasAVX512F = true
+ X86.HasAVX512CD = isSet(28, ebx7)
+ X86.HasAVX512ER = isSet(27, ebx7)
+ X86.HasAVX512PF = isSet(26, ebx7)
+ X86.HasAVX512VL = isSet(31, ebx7)
+ X86.HasAVX512BW = isSet(30, ebx7)
+ X86.HasAVX512DQ = isSet(17, ebx7)
+ X86.HasAVX512IFMA = isSet(21, ebx7)
+ X86.HasAVX512VBMI = isSet(1, ecx7)
+ X86.HasAVX5124VNNIW = isSet(2, edx7)
+ X86.HasAVX5124FMAPS = isSet(3, edx7)
+ X86.HasAVX512VPOPCNTDQ = isSet(14, ecx7)
+ X86.HasAVX512VPCLMULQDQ = isSet(10, ecx7)
+ X86.HasAVX512VNNI = isSet(11, ecx7)
+ X86.HasAVX512GFNI = isSet(8, ecx7)
+ X86.HasAVX512VAES = isSet(9, ecx7)
+ X86.HasAVX512VBMI2 = isSet(6, ecx7)
+ X86.HasAVX512BITALG = isSet(12, ecx7)
+
+ eax71, _, _, _ := cpuid(7, 1)
+ X86.HasAVX512BF16 = isSet(5, eax71)
+ }
+
+ X86.HasAMXTile = isSet(24, edx7)
+ X86.HasAMXInt8 = isSet(25, edx7)
+ X86.HasAMXBF16 = isSet(22, edx7)
+}
+
+func isSet(bitpos uint, value uint32) bool {
+ return value&(1<<bitpos) != 0
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_zos.go b/vendor/golang.org/x/sys/cpu/cpu_zos.go
new file mode 100644
index 0000000000000000000000000000000000000000..5f54683a22e3e2f0db222ff136d35ab62cdd799c
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_zos.go
@@ -0,0 +1,10 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+func archInit() {
+ doinit()
+ Initialized = true
+}
diff --git a/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go b/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go
new file mode 100644
index 0000000000000000000000000000000000000000..ccb1b708aba987e33c3d6ed04d773967855206df
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/cpu_zos_s390x.go
@@ -0,0 +1,25 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+func initS390Xbase() {
+ // get the facilities list
+ facilities := stfle()
+
+ // mandatory
+ S390X.HasZARCH = facilities.Has(zarch)
+ S390X.HasSTFLE = facilities.Has(stflef)
+ S390X.HasLDISP = facilities.Has(ldisp)
+ S390X.HasEIMM = facilities.Has(eimm)
+
+ // optional
+ S390X.HasETF3EH = facilities.Has(etf3eh)
+ S390X.HasDFP = facilities.Has(dfp)
+ S390X.HasMSA = facilities.Has(msa)
+ S390X.HasVX = facilities.Has(vx)
+ if S390X.HasVX {
+ S390X.HasVXE = facilities.Has(vxe)
+ }
+}
diff --git a/vendor/golang.org/x/sys/cpu/endian_big.go b/vendor/golang.org/x/sys/cpu/endian_big.go
new file mode 100644
index 0000000000000000000000000000000000000000..7fe04b0a13b1ae86405617a94a06e047d39ed173
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/endian_big.go
@@ -0,0 +1,10 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
+
+package cpu
+
+// IsBigEndian records whether the GOARCH's byte order is big endian.
+const IsBigEndian = true
diff --git a/vendor/golang.org/x/sys/cpu/endian_little.go b/vendor/golang.org/x/sys/cpu/endian_little.go
new file mode 100644
index 0000000000000000000000000000000000000000..48eccc4c79963855c4026e37a594755f1cd85c4f
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/endian_little.go
@@ -0,0 +1,10 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh || wasm
+
+package cpu
+
+// IsBigEndian records whether the GOARCH's byte order is big endian.
+const IsBigEndian = false
diff --git a/vendor/golang.org/x/sys/cpu/hwcap_linux.go b/vendor/golang.org/x/sys/cpu/hwcap_linux.go
new file mode 100644
index 0000000000000000000000000000000000000000..34e49f955a8774d604f72fd4da206145f7795027
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/hwcap_linux.go
@@ -0,0 +1,71 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import (
+ "os"
+)
+
+const (
+ _AT_HWCAP = 16
+ _AT_HWCAP2 = 26
+
+ procAuxv = "/proc/self/auxv"
+
+ uintSize = int(32 << (^uint(0) >> 63))
+)
+
+// For those platforms don't have a 'cpuid' equivalent we use HWCAP/HWCAP2
+// These are initialized in cpu_$GOARCH.go
+// and should not be changed after they are initialized.
+var hwCap uint
+var hwCap2 uint
+
+func readHWCAP() error {
+ // For Go 1.21+, get auxv from the Go runtime.
+ if a := getAuxv(); len(a) > 0 {
+ for len(a) >= 2 {
+ tag, val := a[0], uint(a[1])
+ a = a[2:]
+ switch tag {
+ case _AT_HWCAP:
+ hwCap = val
+ case _AT_HWCAP2:
+ hwCap2 = val
+ }
+ }
+ return nil
+ }
+
+ buf, err := os.ReadFile(procAuxv)
+ if err != nil {
+ // e.g. on android /proc/self/auxv is not accessible, so silently
+ // ignore the error and leave Initialized = false. On some
+ // architectures (e.g. arm64) doinit() implements a fallback
+ // readout and will set Initialized = true again.
+ return err
+ }
+ bo := hostByteOrder()
+ for len(buf) >= 2*(uintSize/8) {
+ var tag, val uint
+ switch uintSize {
+ case 32:
+ tag = uint(bo.Uint32(buf[0:]))
+ val = uint(bo.Uint32(buf[4:]))
+ buf = buf[8:]
+ case 64:
+ tag = uint(bo.Uint64(buf[0:]))
+ val = uint(bo.Uint64(buf[8:]))
+ buf = buf[16:]
+ }
+ switch tag {
+ case _AT_HWCAP:
+ hwCap = val
+ case _AT_HWCAP2:
+ hwCap2 = val
+ }
+ }
+ return nil
+}
diff --git a/vendor/golang.org/x/sys/cpu/parse.go b/vendor/golang.org/x/sys/cpu/parse.go
new file mode 100644
index 0000000000000000000000000000000000000000..762b63d6882cd71bcbde1cf4f9fff1de10274556
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/parse.go
@@ -0,0 +1,43 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+import "strconv"
+
+// parseRelease parses a dot-separated version number. It follows the semver
+// syntax, but allows the minor and patch versions to be elided.
+//
+// This is a copy of the Go runtime's parseRelease from
+// https://golang.org/cl/209597.
+func parseRelease(rel string) (major, minor, patch int, ok bool) {
+ // Strip anything after a dash or plus.
+ for i := 0; i < len(rel); i++ {
+ if rel[i] == '-' || rel[i] == '+' {
+ rel = rel[:i]
+ break
+ }
+ }
+
+ next := func() (int, bool) {
+ for i := 0; i < len(rel); i++ {
+ if rel[i] == '.' {
+ ver, err := strconv.Atoi(rel[:i])
+ rel = rel[i+1:]
+ return ver, err == nil
+ }
+ }
+ ver, err := strconv.Atoi(rel)
+ rel = ""
+ return ver, err == nil
+ }
+ if major, ok = next(); !ok || rel == "" {
+ return
+ }
+ if minor, ok = next(); !ok || rel == "" {
+ return
+ }
+ patch, ok = next()
+ return
+}
diff --git a/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go b/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
new file mode 100644
index 0000000000000000000000000000000000000000..4cd64c7042bcc702b4c7ca840559df41b86c8cc0
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/proc_cpuinfo_linux.go
@@ -0,0 +1,53 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && arm64
+
+package cpu
+
+import (
+ "errors"
+ "io"
+ "os"
+ "strings"
+)
+
+func readLinuxProcCPUInfo() error {
+ f, err := os.Open("/proc/cpuinfo")
+ if err != nil {
+ return err
+ }
+ defer f.Close()
+
+ var buf [1 << 10]byte // enough for first CPU
+ n, err := io.ReadFull(f, buf[:])
+ if err != nil && err != io.ErrUnexpectedEOF {
+ return err
+ }
+ in := string(buf[:n])
+ const features = "\nFeatures : "
+ i := strings.Index(in, features)
+ if i == -1 {
+ return errors.New("no CPU features found")
+ }
+ in = in[i+len(features):]
+ if i := strings.Index(in, "\n"); i != -1 {
+ in = in[:i]
+ }
+ m := map[string]*bool{}
+
+ initOptions() // need it early here; it's harmless to call twice
+ for _, o := range options {
+ m[o.Name] = o.Feature
+ }
+ // The EVTSTRM field has alias "evstrm" in Go, but Linux calls it "evtstrm".
+ m["evtstrm"] = &ARM64.HasEVTSTRM
+
+ for _, f := range strings.Fields(in) {
+ if p, ok := m[f]; ok {
+ *p = true
+ }
+ }
+ return nil
+}
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv.go b/vendor/golang.org/x/sys/cpu/runtime_auxv.go
new file mode 100644
index 0000000000000000000000000000000000000000..5f92ac9a2e2b950464a8cb5de8fb367a27438d7f
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv.go
@@ -0,0 +1,16 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+// getAuxvFn is non-nil on Go 1.21+ (via runtime_auxv_go121.go init)
+// on platforms that use auxv.
+var getAuxvFn func() []uintptr
+
+func getAuxv() []uintptr {
+ if getAuxvFn == nil {
+ return nil
+ }
+ return getAuxvFn()
+}
diff --git a/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
new file mode 100644
index 0000000000000000000000000000000000000000..4c9788ea8ee88a5071ca70fa6d45096b2e20613a
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/runtime_auxv_go121.go
@@ -0,0 +1,18 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+
+package cpu
+
+import (
+ _ "unsafe" // for linkname
+)
+
+//go:linkname runtime_getAuxv runtime.getAuxv
+func runtime_getAuxv() []uintptr
+
+func init() {
+ getAuxvFn = runtime_getAuxv
+}
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
new file mode 100644
index 0000000000000000000000000000000000000000..1b9ccb091a57b0288929f832bd0defdb6ad9e960
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_gccgo.go
@@ -0,0 +1,26 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Recreate a getsystemcfg syscall handler instead of
+// using the one provided by x/sys/unix to avoid having
+// the dependency between them. (See golang.org/issue/32102)
+// Moreover, this file will be used during the building of
+// gccgo's libgo and thus must not used a CGo method.
+
+//go:build aix && gccgo
+
+package cpu
+
+import (
+ "syscall"
+)
+
+//extern getsystemcfg
+func gccgoGetsystemcfg(label uint32) (r uint64)
+
+func callgetsystemcfg(label int) (r1 uintptr, e1 syscall.Errno) {
+ r1 = uintptr(gccgoGetsystemcfg(uint32(label)))
+ e1 = syscall.GetErrno()
+ return
+}
diff --git a/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
new file mode 100644
index 0000000000000000000000000000000000000000..e8b6cdbe9a7c8b62a50d04e727ffc19bd43146dd
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/syscall_aix_ppc64_gc.go
@@ -0,0 +1,35 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Minimal copy of x/sys/unix so the cpu package can make a
+// system call on AIX without depending on x/sys/unix.
+// (See golang.org/issue/32102)
+
+//go:build aix && ppc64 && gc
+
+package cpu
+
+import (
+ "syscall"
+ "unsafe"
+)
+
+//go:cgo_import_dynamic libc_getsystemcfg getsystemcfg "libc.a/shr_64.o"
+
+//go:linkname libc_getsystemcfg libc_getsystemcfg
+
+type syscallFunc uintptr
+
+var libc_getsystemcfg syscallFunc
+
+type errno = syscall.Errno
+
+// Implemented in runtime/syscall_aix.go.
+func rawSyscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err errno)
+func syscall6(trap, nargs, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err errno)
+
+func callgetsystemcfg(label int) (r1 uintptr, e1 errno) {
+ r1, _, e1 = syscall6(uintptr(unsafe.Pointer(&libc_getsystemcfg)), 1, uintptr(label), 0, 0, 0, 0, 0)
+ return
+}
diff --git a/vendor/golang.org/x/sys/cpu/syscall_darwin_x86_gc.go b/vendor/golang.org/x/sys/cpu/syscall_darwin_x86_gc.go
new file mode 100644
index 0000000000000000000000000000000000000000..4d0888b0c010f41faaf56692175b7d395bb7494a
--- /dev/null
+++ b/vendor/golang.org/x/sys/cpu/syscall_darwin_x86_gc.go
@@ -0,0 +1,98 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Minimal copy of x/sys/unix so the cpu package can make a
+// system call on Darwin without depending on x/sys/unix.
+
+//go:build darwin && amd64 && gc
+
+package cpu
+
+import (
+ "syscall"
+ "unsafe"
+)
+
+type _C_int int32
+
+// adapted from unix.Uname() at x/sys/unix/syscall_darwin.go L419
+func darwinOSRelease(release *[256]byte) error {
+ // from x/sys/unix/zerrors_openbsd_amd64.go
+ const (
+ CTL_KERN = 0x1
+ KERN_OSRELEASE = 0x2
+ )
+
+ mib := []_C_int{CTL_KERN, KERN_OSRELEASE}
+ n := unsafe.Sizeof(*release)
+
+ return sysctl(mib, &release[0], &n, nil, 0)
+}
+
+type Errno = syscall.Errno
+
+var _zero uintptr // Single-word zero for use when we need a valid pointer to 0 bytes.
+
+// from x/sys/unix/zsyscall_darwin_amd64.go L791-807
+func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) error {
+ var _p0 unsafe.Pointer
+ if len(mib) > 0 {
+ _p0 = unsafe.Pointer(&mib[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ if _, _, err := syscall_syscall6(
+ libc_sysctl_trampoline_addr,
+ uintptr(_p0),
+ uintptr(len(mib)),
+ uintptr(unsafe.Pointer(old)),
+ uintptr(unsafe.Pointer(oldlen)),
+ uintptr(unsafe.Pointer(new)),
+ uintptr(newlen),
+ ); err != 0 {
+ return err
+ }
+
+ return nil
+}
+
+var libc_sysctl_trampoline_addr uintptr
+
+// adapted from internal/cpu/cpu_arm64_darwin.go
+func darwinSysctlEnabled(name []byte) bool {
+ out := int32(0)
+ nout := unsafe.Sizeof(out)
+ if ret := sysctlbyname(&name[0], (*byte)(unsafe.Pointer(&out)), &nout, nil, 0); ret != nil {
+ return false
+ }
+ return out > 0
+}
+
+//go:cgo_import_dynamic libc_sysctl sysctl "/usr/lib/libSystem.B.dylib"
+
+var libc_sysctlbyname_trampoline_addr uintptr
+
+// adapted from runtime/sys_darwin.go in the pattern of sysctl() above, as defined in x/sys/unix
+func sysctlbyname(name *byte, old *byte, oldlen *uintptr, new *byte, newlen uintptr) error {
+ if _, _, err := syscall_syscall6(
+ libc_sysctlbyname_trampoline_addr,
+ uintptr(unsafe.Pointer(name)),
+ uintptr(unsafe.Pointer(old)),
+ uintptr(unsafe.Pointer(oldlen)),
+ uintptr(unsafe.Pointer(new)),
+ uintptr(newlen),
+ 0,
+ ); err != 0 {
+ return err
+ }
+
+ return nil
+}
+
+//go:cgo_import_dynamic libc_sysctlbyname sysctlbyname "/usr/lib/libSystem.B.dylib"
+
+// Implemented in the runtime package (runtime/sys_darwin.go)
+func syscall_syscall6(fn, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
+
+//go:linkname syscall_syscall6 syscall.syscall6
diff --git a/vendor/golang.org/x/sys/unix/README.md b/vendor/golang.org/x/sys/unix/README.md
index 7d3c060e12213c48b017dfd2846fb9b1cf413d31..6e08a76a716e9acd766c9cda4ea56d607b481470 100644
--- a/vendor/golang.org/x/sys/unix/README.md
+++ b/vendor/golang.org/x/sys/unix/README.md
@@ -156,7 +156,7 @@ from the generated architecture-specific files listed below, and merge these
into a common file for each OS.
The merge is performed in the following steps:
-1. Construct the set of common code that is idential in all architecture-specific files.
+1. Construct the set of common code that is identical in all architecture-specific files.
2. Write this common code to the merged file.
3. Remove the common code from all architecture-specific files.
diff --git a/vendor/golang.org/x/sys/unix/aliases.go b/vendor/golang.org/x/sys/unix/aliases.go
index e7d3df4bd360c46379eedd3de6443a26c4558811..b0e41985750285ef58a64c1a48325f288be2ce74 100644
--- a/vendor/golang.org/x/sys/unix/aliases.go
+++ b/vendor/golang.org/x/sys/unix/aliases.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
package unix
diff --git a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
index 2f67ba86d5746c850a771a650fa85ef2e8f2264d..813dfad7d2646c4e96e5104baa8d74d65392f9e1 100644
--- a/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
+++ b/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
@@ -9,9 +9,11 @@
#define PSALAA 1208(R0)
#define GTAB64(x) 80(x)
#define LCA64(x) 88(x)
+#define SAVSTACK_ASYNC(x) 336(x) // in the LCA
#define CAA(x) 8(x)
-#define EDCHPXV(x) 1016(x) // in the CAA
-#define SAVSTACK_ASYNC(x) 336(x) // in the LCA
+#define CEECAATHDID(x) 976(x) // in the CAA
+#define EDCHPXV(x) 1016(x) // in the CAA
+#define GOCB(x) 1104(x) // in the CAA
// SS_*, where x=SAVSTACK_ASYNC
#define SS_LE(x) 0(x)
@@ -19,405 +21,362 @@
#define SS_ERRNO(x) 16(x)
#define SS_ERRNOJR(x) 20(x)
-#define LE_CALL BYTE $0x0D; BYTE $0x76; // BL R7, R6
+// Function Descriptor Offsets
+#define __errno 0x156*16
+#define __err2ad 0x16C*16
-TEXT ·clearErrno(SB),NOSPLIT,$0-0
- BL addrerrno<>(SB)
- MOVD $0, 0(R3)
+// Call Instructions
+#define LE_CALL BYTE $0x0D; BYTE $0x76 // BL R7, R6
+#define SVC_LOAD BYTE $0x0A; BYTE $0x08 // SVC 08 LOAD
+#define SVC_DELETE BYTE $0x0A; BYTE $0x09 // SVC 09 DELETE
+
+DATA zosLibVec<>(SB)/8, $0
+GLOBL zosLibVec<>(SB), NOPTR, $8
+
+TEXT ·initZosLibVec(SB), NOSPLIT|NOFRAME, $0-0
+ MOVW PSALAA, R8
+ MOVD LCA64(R8), R8
+ MOVD CAA(R8), R8
+ MOVD EDCHPXV(R8), R8
+ MOVD R8, zosLibVec<>(SB)
+ RET
+
+TEXT ·GetZosLibVec(SB), NOSPLIT|NOFRAME, $0-0
+ MOVD zosLibVec<>(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+TEXT ·clearErrno(SB), NOSPLIT, $0-0
+ BL addrerrno<>(SB)
+ MOVD $0, 0(R3)
RET
// Returns the address of errno in R3.
-TEXT addrerrno<>(SB),NOSPLIT|NOFRAME,$0-0
+TEXT addrerrno<>(SB), NOSPLIT|NOFRAME, $0-0
// Get library control area (LCA).
- MOVW PSALAA, R8
- MOVD LCA64(R8), R8
+ MOVW PSALAA, R8
+ MOVD LCA64(R8), R8
// Get __errno FuncDesc.
- MOVD CAA(R8), R9
- MOVD EDCHPXV(R9), R9
- ADD $(0x156*16), R9
- LMG 0(R9), R5, R6
+ MOVD CAA(R8), R9
+ MOVD EDCHPXV(R9), R9
+ ADD $(__errno), R9
+ LMG 0(R9), R5, R6
// Switch to saved LE stack.
- MOVD SAVSTACK_ASYNC(R8), R9
- MOVD 0(R9), R4
- MOVD $0, 0(R9)
+ MOVD SAVSTACK_ASYNC(R8), R9
+ MOVD 0(R9), R4
+ MOVD $0, 0(R9)
// Call __errno function.
LE_CALL
NOPH
// Switch back to Go stack.
- XOR R0, R0 // Restore R0 to $0.
- MOVD R4, 0(R9) // Save stack pointer.
+ XOR R0, R0 // Restore R0 to $0.
+ MOVD R4, 0(R9) // Save stack pointer.
RET
-TEXT ·syscall_syscall(SB),NOSPLIT,$0-56
- BL runtime·entersyscall(SB)
- MOVD a1+8(FP), R1
- MOVD a2+16(FP), R2
- MOVD a3+24(FP), R3
+// func svcCall(fnptr unsafe.Pointer, argv *unsafe.Pointer, dsa *uint64)
+TEXT ·svcCall(SB), NOSPLIT, $0
+ BL runtime·save_g(SB) // Save g and stack pointer
+ MOVW PSALAA, R8
+ MOVD LCA64(R8), R8
+ MOVD SAVSTACK_ASYNC(R8), R9
+ MOVD R15, 0(R9)
- // Get library control area (LCA).
- MOVW PSALAA, R8
- MOVD LCA64(R8), R8
+ MOVD argv+8(FP), R1 // Move function arguments into registers
+ MOVD dsa+16(FP), g
+ MOVD fnptr+0(FP), R15
- // Get function.
- MOVD CAA(R8), R9
- MOVD EDCHPXV(R9), R9
- MOVD trap+0(FP), R5
- SLD $4, R5
- ADD R5, R9
- LMG 0(R9), R5, R6
+ BYTE $0x0D // Branch to function
+ BYTE $0xEF
- // Restore LE stack.
- MOVD SAVSTACK_ASYNC(R8), R9
- MOVD 0(R9), R4
- MOVD $0, 0(R9)
+ BL runtime·load_g(SB) // Restore g and stack pointer
+ MOVW PSALAA, R8
+ MOVD LCA64(R8), R8
+ MOVD SAVSTACK_ASYNC(R8), R9
+ MOVD 0(R9), R15
- // Call function.
- LE_CALL
- NOPH
- XOR R0, R0 // Restore R0 to $0.
- MOVD R4, 0(R9) // Save stack pointer.
-
- MOVD R3, r1+32(FP)
- MOVD R0, r2+40(FP)
- MOVD R0, err+48(FP)
- MOVW R3, R4
- CMP R4, $-1
- BNE done
- BL addrerrno<>(SB)
- MOVWZ 0(R3), R3
- MOVD R3, err+48(FP)
-done:
- BL runtime·exitsyscall(SB)
RET
-TEXT ·syscall_rawsyscall(SB),NOSPLIT,$0-56
- MOVD a1+8(FP), R1
- MOVD a2+16(FP), R2
- MOVD a3+24(FP), R3
-
- // Get library control area (LCA).
- MOVW PSALAA, R8
- MOVD LCA64(R8), R8
-
- // Get function.
- MOVD CAA(R8), R9
- MOVD EDCHPXV(R9), R9
- MOVD trap+0(FP), R5
- SLD $4, R5
- ADD R5, R9
- LMG 0(R9), R5, R6
+// func svcLoad(name *byte) unsafe.Pointer
+TEXT ·svcLoad(SB), NOSPLIT, $0
+ MOVD R15, R2 // Save go stack pointer
+ MOVD name+0(FP), R0 // Move SVC args into registers
+ MOVD $0x80000000, R1
+ MOVD $0, R15
+ SVC_LOAD
+ MOVW R15, R3 // Save return code from SVC
+ MOVD R2, R15 // Restore go stack pointer
+ CMP R3, $0 // Check SVC return code
+ BNE error
+
+ MOVD $-2, R3 // Reset last bit of entry point to zero
+ AND R0, R3
+ MOVD R3, ret+8(FP) // Return entry point returned by SVC
+ CMP R0, R3 // Check if last bit of entry point was set
+ BNE done
+
+ MOVD R15, R2 // Save go stack pointer
+ MOVD $0, R15 // Move SVC args into registers (entry point still in r0 from SVC 08)
+ SVC_DELETE
+ MOVD R2, R15 // Restore go stack pointer
- // Restore LE stack.
- MOVD SAVSTACK_ASYNC(R8), R9
- MOVD 0(R9), R4
- MOVD $0, 0(R9)
+error:
+ MOVD $0, ret+8(FP) // Return 0 on failure
- // Call function.
- LE_CALL
- NOPH
- XOR R0, R0 // Restore R0 to $0.
- MOVD R4, 0(R9) // Save stack pointer.
-
- MOVD R3, r1+32(FP)
- MOVD R0, r2+40(FP)
- MOVD R0, err+48(FP)
- MOVW R3, R4
- CMP R4, $-1
- BNE done
- BL addrerrno<>(SB)
- MOVWZ 0(R3), R3
- MOVD R3, err+48(FP)
done:
+ XOR R0, R0 // Reset r0 to 0
RET
-TEXT ·syscall_syscall6(SB),NOSPLIT,$0-80
- BL runtime·entersyscall(SB)
- MOVD a1+8(FP), R1
- MOVD a2+16(FP), R2
- MOVD a3+24(FP), R3
+// func svcUnload(name *byte, fnptr unsafe.Pointer) int64
+TEXT ·svcUnload(SB), NOSPLIT, $0
+ MOVD R15, R2 // Save go stack pointer
+ MOVD name+0(FP), R0 // Move SVC args into registers
+ MOVD fnptr+8(FP), R15
+ SVC_DELETE
+ XOR R0, R0 // Reset r0 to 0
+ MOVD R15, R1 // Save SVC return code
+ MOVD R2, R15 // Restore go stack pointer
+ MOVD R1, ret+16(FP) // Return SVC return code
+ RET
+// func gettid() uint64
+TEXT ·gettid(SB), NOSPLIT, $0
// Get library control area (LCA).
- MOVW PSALAA, R8
- MOVD LCA64(R8), R8
+ MOVW PSALAA, R8
+ MOVD LCA64(R8), R8
- // Get function.
- MOVD CAA(R8), R9
- MOVD EDCHPXV(R9), R9
- MOVD trap+0(FP), R5
- SLD $4, R5
- ADD R5, R9
- LMG 0(R9), R5, R6
+ // Get CEECAATHDID
+ MOVD CAA(R8), R9
+ MOVD CEECAATHDID(R9), R9
+ MOVD R9, ret+0(FP)
- // Restore LE stack.
- MOVD SAVSTACK_ASYNC(R8), R9
- MOVD 0(R9), R4
- MOVD $0, 0(R9)
-
- // Fill in parameter list.
- MOVD a4+32(FP), R12
- MOVD R12, (2176+24)(R4)
- MOVD a5+40(FP), R12
- MOVD R12, (2176+32)(R4)
- MOVD a6+48(FP), R12
- MOVD R12, (2176+40)(R4)
-
- // Call function.
- LE_CALL
- NOPH
- XOR R0, R0 // Restore R0 to $0.
- MOVD R4, 0(R9) // Save stack pointer.
-
- MOVD R3, r1+56(FP)
- MOVD R0, r2+64(FP)
- MOVD R0, err+72(FP)
- MOVW R3, R4
- CMP R4, $-1
- BNE done
- BL addrerrno<>(SB)
- MOVWZ 0(R3), R3
- MOVD R3, err+72(FP)
-done:
- BL runtime·exitsyscall(SB)
RET
-TEXT ·syscall_rawsyscall6(SB),NOSPLIT,$0-80
- MOVD a1+8(FP), R1
- MOVD a2+16(FP), R2
- MOVD a3+24(FP), R3
-
- // Get library control area (LCA).
- MOVW PSALAA, R8
- MOVD LCA64(R8), R8
-
- // Get function.
- MOVD CAA(R8), R9
- MOVD EDCHPXV(R9), R9
- MOVD trap+0(FP), R5
- SLD $4, R5
- ADD R5, R9
- LMG 0(R9), R5, R6
+//
+// Call LE function, if the return is -1
+// errno and errno2 is retrieved
+//
+TEXT ·CallLeFuncWithErr(SB), NOSPLIT, $0
+ MOVW PSALAA, R8
+ MOVD LCA64(R8), R8
+ MOVD CAA(R8), R9
+ MOVD g, GOCB(R9)
// Restore LE stack.
- MOVD SAVSTACK_ASYNC(R8), R9
- MOVD 0(R9), R4
- MOVD $0, 0(R9)
-
- // Fill in parameter list.
- MOVD a4+32(FP), R12
- MOVD R12, (2176+24)(R4)
- MOVD a5+40(FP), R12
- MOVD R12, (2176+32)(R4)
- MOVD a6+48(FP), R12
- MOVD R12, (2176+40)(R4)
-
- // Call function.
- LE_CALL
+ MOVD SAVSTACK_ASYNC(R8), R9 // R9-> LE stack frame saving address
+ MOVD 0(R9), R4 // R4-> restore previously saved stack frame pointer
+
+ MOVD parms_base+8(FP), R7 // R7 -> argument array
+ MOVD parms_len+16(FP), R8 // R8 number of arguments
+
+ // arg 1 ---> R1
+ CMP R8, $0
+ BEQ docall
+ SUB $1, R8
+ MOVD 0(R7), R1
+
+ // arg 2 ---> R2
+ CMP R8, $0
+ BEQ docall
+ SUB $1, R8
+ ADD $8, R7
+ MOVD 0(R7), R2
+
+ // arg 3 --> R3
+ CMP R8, $0
+ BEQ docall
+ SUB $1, R8
+ ADD $8, R7
+ MOVD 0(R7), R3
+
+ CMP R8, $0
+ BEQ docall
+ MOVD $2176+16, R6 // starting LE stack address-8 to store 4th argument
+
+repeat:
+ ADD $8, R7
+ MOVD 0(R7), R0 // advance arg pointer by 8 byte
+ ADD $8, R6 // advance LE argument address by 8 byte
+ MOVD R0, (R4)(R6*1) // copy argument from go-slice to le-frame
+ SUB $1, R8
+ CMP R8, $0
+ BNE repeat
+
+docall:
+ MOVD funcdesc+0(FP), R8 // R8-> function descriptor
+ LMG 0(R8), R5, R6
+ MOVD $0, 0(R9) // R9 address of SAVSTACK_ASYNC
+ LE_CALL // balr R7, R6 (return #1)
+ NOPH
+ MOVD R3, ret+32(FP)
+ CMP R3, $-1 // compare result to -1
+ BNE done
+
+ // retrieve errno and errno2
+ MOVD zosLibVec<>(SB), R8
+ ADD $(__errno), R8
+ LMG 0(R8), R5, R6
+ LE_CALL // balr R7, R6 __errno (return #3)
NOPH
- XOR R0, R0 // Restore R0 to $0.
- MOVD R4, 0(R9) // Save stack pointer.
-
- MOVD R3, r1+56(FP)
- MOVD R0, r2+64(FP)
- MOVD R0, err+72(FP)
- MOVW R3, R4
- CMP R4, $-1
- BNE done
- BL ·rrno<>(SB)
- MOVWZ 0(R3), R3
- MOVD R3, err+72(FP)
+ MOVWZ 0(R3), R3
+ MOVD R3, err+48(FP)
+ MOVD zosLibVec<>(SB), R8
+ ADD $(__err2ad), R8
+ LMG 0(R8), R5, R6
+ LE_CALL // balr R7, R6 __err2ad (return #2)
+ NOPH
+ MOVW (R3), R2 // retrieve errno2
+ MOVD R2, errno2+40(FP) // store in return area
+
done:
+ MOVD R4, 0(R9) // Save stack pointer.
RET
-TEXT ·syscall_syscall9(SB),NOSPLIT,$0
- BL runtime·entersyscall(SB)
- MOVD a1+8(FP), R1
- MOVD a2+16(FP), R2
- MOVD a3+24(FP), R3
-
- // Get library control area (LCA).
- MOVW PSALAA, R8
- MOVD LCA64(R8), R8
-
- // Get function.
- MOVD CAA(R8), R9
- MOVD EDCHPXV(R9), R9
- MOVD trap+0(FP), R5
- SLD $4, R5
- ADD R5, R9
- LMG 0(R9), R5, R6
+//
+// Call LE function, if the return is 0
+// errno and errno2 is retrieved
+//
+TEXT ·CallLeFuncWithPtrReturn(SB), NOSPLIT, $0
+ MOVW PSALAA, R8
+ MOVD LCA64(R8), R8
+ MOVD CAA(R8), R9
+ MOVD g, GOCB(R9)
// Restore LE stack.
- MOVD SAVSTACK_ASYNC(R8), R9
- MOVD 0(R9), R4
- MOVD $0, 0(R9)
-
- // Fill in parameter list.
- MOVD a4+32(FP), R12
- MOVD R12, (2176+24)(R4)
- MOVD a5+40(FP), R12
- MOVD R12, (2176+32)(R4)
- MOVD a6+48(FP), R12
- MOVD R12, (2176+40)(R4)
- MOVD a7+56(FP), R12
- MOVD R12, (2176+48)(R4)
- MOVD a8+64(FP), R12
- MOVD R12, (2176+56)(R4)
- MOVD a9+72(FP), R12
- MOVD R12, (2176+64)(R4)
-
- // Call function.
- LE_CALL
+ MOVD SAVSTACK_ASYNC(R8), R9 // R9-> LE stack frame saving address
+ MOVD 0(R9), R4 // R4-> restore previously saved stack frame pointer
+
+ MOVD parms_base+8(FP), R7 // R7 -> argument array
+ MOVD parms_len+16(FP), R8 // R8 number of arguments
+
+ // arg 1 ---> R1
+ CMP R8, $0
+ BEQ docall
+ SUB $1, R8
+ MOVD 0(R7), R1
+
+ // arg 2 ---> R2
+ CMP R8, $0
+ BEQ docall
+ SUB $1, R8
+ ADD $8, R7
+ MOVD 0(R7), R2
+
+ // arg 3 --> R3
+ CMP R8, $0
+ BEQ docall
+ SUB $1, R8
+ ADD $8, R7
+ MOVD 0(R7), R3
+
+ CMP R8, $0
+ BEQ docall
+ MOVD $2176+16, R6 // starting LE stack address-8 to store 4th argument
+
+repeat:
+ ADD $8, R7
+ MOVD 0(R7), R0 // advance arg pointer by 8 byte
+ ADD $8, R6 // advance LE argument address by 8 byte
+ MOVD R0, (R4)(R6*1) // copy argument from go-slice to le-frame
+ SUB $1, R8
+ CMP R8, $0
+ BNE repeat
+
+docall:
+ MOVD funcdesc+0(FP), R8 // R8-> function descriptor
+ LMG 0(R8), R5, R6
+ MOVD $0, 0(R9) // R9 address of SAVSTACK_ASYNC
+ LE_CALL // balr R7, R6 (return #1)
NOPH
- XOR R0, R0 // Restore R0 to $0.
- MOVD R4, 0(R9) // Save stack pointer.
-
- MOVD R3, r1+80(FP)
- MOVD R0, r2+88(FP)
- MOVD R0, err+96(FP)
- MOVW R3, R4
- CMP R4, $-1
- BNE done
- BL addrerrno<>(SB)
- MOVWZ 0(R3), R3
- MOVD R3, err+96(FP)
-done:
- BL runtime·exitsyscall(SB)
- RET
-
-TEXT ·syscall_rawsyscall9(SB),NOSPLIT,$0
- MOVD a1+8(FP), R1
- MOVD a2+16(FP), R2
- MOVD a3+24(FP), R3
-
- // Get library control area (LCA).
- MOVW PSALAA, R8
- MOVD LCA64(R8), R8
-
- // Get function.
- MOVD CAA(R8), R9
- MOVD EDCHPXV(R9), R9
- MOVD trap+0(FP), R5
- SLD $4, R5
- ADD R5, R9
- LMG 0(R9), R5, R6
-
- // Restore LE stack.
- MOVD SAVSTACK_ASYNC(R8), R9
- MOVD 0(R9), R4
- MOVD $0, 0(R9)
-
- // Fill in parameter list.
- MOVD a4+32(FP), R12
- MOVD R12, (2176+24)(R4)
- MOVD a5+40(FP), R12
- MOVD R12, (2176+32)(R4)
- MOVD a6+48(FP), R12
- MOVD R12, (2176+40)(R4)
- MOVD a7+56(FP), R12
- MOVD R12, (2176+48)(R4)
- MOVD a8+64(FP), R12
- MOVD R12, (2176+56)(R4)
- MOVD a9+72(FP), R12
- MOVD R12, (2176+64)(R4)
-
- // Call function.
- LE_CALL
+ MOVD R3, ret+32(FP)
+ CMP R3, $0 // compare result to 0
+ BNE done
+
+ // retrieve errno and errno2
+ MOVD zosLibVec<>(SB), R8
+ ADD $(__errno), R8
+ LMG 0(R8), R5, R6
+ LE_CALL // balr R7, R6 __errno (return #3)
NOPH
- XOR R0, R0 // Restore R0 to $0.
- MOVD R4, 0(R9) // Save stack pointer.
-
- MOVD R3, r1+80(FP)
- MOVD R0, r2+88(FP)
- MOVD R0, err+96(FP)
- MOVW R3, R4
- CMP R4, $-1
- BNE done
- BL addrerrno<>(SB)
- MOVWZ 0(R3), R3
- MOVD R3, err+96(FP)
-done:
- RET
-
-// func svcCall(fnptr unsafe.Pointer, argv *unsafe.Pointer, dsa *uint64)
-TEXT ·svcCall(SB),NOSPLIT,$0
- BL runtime·save_g(SB) // Save g and stack pointer
- MOVW PSALAA, R8
- MOVD LCA64(R8), R8
- MOVD SAVSTACK_ASYNC(R8), R9
- MOVD R15, 0(R9)
-
- MOVD argv+8(FP), R1 // Move function arguments into registers
- MOVD dsa+16(FP), g
- MOVD fnptr+0(FP), R15
-
- BYTE $0x0D // Branch to function
- BYTE $0xEF
-
- BL runtime·load_g(SB) // Restore g and stack pointer
- MOVW PSALAA, R8
- MOVD LCA64(R8), R8
- MOVD SAVSTACK_ASYNC(R8), R9
- MOVD 0(R9), R15
-
- RET
-
-// func svcLoad(name *byte) unsafe.Pointer
-TEXT ·svcLoad(SB),NOSPLIT,$0
- MOVD R15, R2 // Save go stack pointer
- MOVD name+0(FP), R0 // Move SVC args into registers
- MOVD $0x80000000, R1
- MOVD $0, R15
- BYTE $0x0A // SVC 08 LOAD
- BYTE $0x08
- MOVW R15, R3 // Save return code from SVC
- MOVD R2, R15 // Restore go stack pointer
- CMP R3, $0 // Check SVC return code
- BNE error
-
- MOVD $-2, R3 // Reset last bit of entry point to zero
- AND R0, R3
- MOVD R3, addr+8(FP) // Return entry point returned by SVC
- CMP R0, R3 // Check if last bit of entry point was set
- BNE done
-
- MOVD R15, R2 // Save go stack pointer
- MOVD $0, R15 // Move SVC args into registers (entry point still in r0 from SVC 08)
- BYTE $0x0A // SVC 09 DELETE
- BYTE $0x09
- MOVD R2, R15 // Restore go stack pointer
+ MOVWZ 0(R3), R3
+ MOVD R3, err+48(FP)
+ MOVD zosLibVec<>(SB), R8
+ ADD $(__err2ad), R8
+ LMG 0(R8), R5, R6
+ LE_CALL // balr R7, R6 __err2ad (return #2)
+ NOPH
+ MOVW (R3), R2 // retrieve errno2
+ MOVD R2, errno2+40(FP) // store in return area
+ XOR R2, R2
+ MOVWZ R2, (R3) // clear errno2
-error:
- MOVD $0, addr+8(FP) // Return 0 on failure
done:
- XOR R0, R0 // Reset r0 to 0
+ MOVD R4, 0(R9) // Save stack pointer.
RET
-// func svcUnload(name *byte, fnptr unsafe.Pointer) int64
-TEXT ·svcUnload(SB),NOSPLIT,$0
- MOVD R15, R2 // Save go stack pointer
- MOVD name+0(FP), R0 // Move SVC args into registers
- MOVD addr+8(FP), R15
- BYTE $0x0A // SVC 09
- BYTE $0x09
- XOR R0, R0 // Reset r0 to 0
- MOVD R15, R1 // Save SVC return code
- MOVD R2, R15 // Restore go stack pointer
- MOVD R1, rc+0(FP) // Return SVC return code
+//
+// function to test if a pointer can be safely dereferenced (content read)
+// return 0 for succces
+//
+TEXT ·ptrtest(SB), NOSPLIT, $0-16
+ MOVD arg+0(FP), R10 // test pointer in R10
+
+ // set up R2 to point to CEECAADMC
+ BYTE $0xE3; BYTE $0x20; BYTE $0x04; BYTE $0xB8; BYTE $0x00; BYTE $0x17 // llgt 2,1208
+ BYTE $0xB9; BYTE $0x17; BYTE $0x00; BYTE $0x22 // llgtr 2,2
+ BYTE $0xA5; BYTE $0x26; BYTE $0x7F; BYTE $0xFF // nilh 2,32767
+ BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x58; BYTE $0x00; BYTE $0x04 // lg 2,88(2)
+ BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x08; BYTE $0x00; BYTE $0x04 // lg 2,8(2)
+ BYTE $0x41; BYTE $0x22; BYTE $0x03; BYTE $0x68 // la 2,872(2)
+
+ // set up R5 to point to the "shunt" path which set 1 to R3 (failure)
+ BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x33 // xgr 3,3
+ BYTE $0xA7; BYTE $0x55; BYTE $0x00; BYTE $0x04 // bras 5,lbl1
+ BYTE $0xA7; BYTE $0x39; BYTE $0x00; BYTE $0x01 // lghi 3,1
+
+ // if r3 is not zero (failed) then branch to finish
+ BYTE $0xB9; BYTE $0x02; BYTE $0x00; BYTE $0x33 // lbl1 ltgr 3,3
+ BYTE $0xA7; BYTE $0x74; BYTE $0x00; BYTE $0x08 // brc b'0111',lbl2
+
+ // stomic store shunt address in R5 into CEECAADMC
+ BYTE $0xE3; BYTE $0x52; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg 5,0(2)
+
+ // now try reading from the test pointer in R10, if it fails it branches to the "lghi" instruction above
+ BYTE $0xE3; BYTE $0x9A; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x04 // lg 9,0(10)
+
+ // finish here, restore 0 into CEECAADMC
+ BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x99 // lbl2 xgr 9,9
+ BYTE $0xE3; BYTE $0x92; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg 9,0(2)
+ MOVD R3, ret+8(FP) // result in R3
RET
-// func gettid() uint64
-TEXT ·gettid(SB), NOSPLIT, $0
- // Get library control area (LCA).
- MOVW PSALAA, R8
- MOVD LCA64(R8), R8
-
- // Get CEECAATHDID
- MOVD CAA(R8), R9
- MOVD 0x3D0(R9), R9
- MOVD R9, ret+0(FP)
-
+//
+// function to test if a untptr can be loaded from a pointer
+// return 1: the 8-byte content
+// 2: 0 for success, 1 for failure
+//
+// func safeload(ptr uintptr) ( value uintptr, error uintptr)
+TEXT ·safeload(SB), NOSPLIT, $0-24
+ MOVD ptr+0(FP), R10 // test pointer in R10
+ MOVD $0x0, R6
+ BYTE $0xE3; BYTE $0x20; BYTE $0x04; BYTE $0xB8; BYTE $0x00; BYTE $0x17 // llgt 2,1208
+ BYTE $0xB9; BYTE $0x17; BYTE $0x00; BYTE $0x22 // llgtr 2,2
+ BYTE $0xA5; BYTE $0x26; BYTE $0x7F; BYTE $0xFF // nilh 2,32767
+ BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x58; BYTE $0x00; BYTE $0x04 // lg 2,88(2)
+ BYTE $0xE3; BYTE $0x22; BYTE $0x00; BYTE $0x08; BYTE $0x00; BYTE $0x04 // lg 2,8(2)
+ BYTE $0x41; BYTE $0x22; BYTE $0x03; BYTE $0x68 // la 2,872(2)
+ BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x33 // xgr 3,3
+ BYTE $0xA7; BYTE $0x55; BYTE $0x00; BYTE $0x04 // bras 5,lbl1
+ BYTE $0xA7; BYTE $0x39; BYTE $0x00; BYTE $0x01 // lghi 3,1
+ BYTE $0xB9; BYTE $0x02; BYTE $0x00; BYTE $0x33 // lbl1 ltgr 3,3
+ BYTE $0xA7; BYTE $0x74; BYTE $0x00; BYTE $0x08 // brc b'0111',lbl2
+ BYTE $0xE3; BYTE $0x52; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg 5,0(2)
+ BYTE $0xE3; BYTE $0x6A; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x04 // lg 6,0(10)
+ BYTE $0xB9; BYTE $0x82; BYTE $0x00; BYTE $0x99 // lbl2 xgr 9,9
+ BYTE $0xE3; BYTE $0x92; BYTE $0x00; BYTE $0x00; BYTE $0x00; BYTE $0x24 // stg 9,0(2)
+ MOVD R6, value+8(FP) // result in R6
+ MOVD R3, error+16(FP) // error in R3
RET
diff --git a/vendor/golang.org/x/sys/unix/bpxsvc_zos.go b/vendor/golang.org/x/sys/unix/bpxsvc_zos.go
new file mode 100644
index 0000000000000000000000000000000000000000..39d647d863a063f936063ba0d19369d6d05f872b
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/bpxsvc_zos.go
@@ -0,0 +1,657 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos
+
+package unix
+
+import (
+ "bytes"
+ "fmt"
+ "unsafe"
+)
+
+//go:noescape
+func bpxcall(plist []unsafe.Pointer, bpx_offset int64)
+
+//go:noescape
+func A2e([]byte)
+
+//go:noescape
+func E2a([]byte)
+
+const (
+ BPX4STA = 192 // stat
+ BPX4FST = 104 // fstat
+ BPX4LST = 132 // lstat
+ BPX4OPN = 156 // open
+ BPX4CLO = 72 // close
+ BPX4CHR = 500 // chattr
+ BPX4FCR = 504 // fchattr
+ BPX4LCR = 1180 // lchattr
+ BPX4CTW = 492 // cond_timed_wait
+ BPX4GTH = 1056 // __getthent
+ BPX4PTQ = 412 // pthread_quiesc
+ BPX4PTR = 320 // ptrace
+)
+
+const (
+ //options
+ //byte1
+ BPX_OPNFHIGH = 0x80
+ //byte2
+ BPX_OPNFEXEC = 0x80
+ //byte3
+ BPX_O_NOLARGEFILE = 0x08
+ BPX_O_LARGEFILE = 0x04
+ BPX_O_ASYNCSIG = 0x02
+ BPX_O_SYNC = 0x01
+ //byte4
+ BPX_O_CREXCL = 0xc0
+ BPX_O_CREAT = 0x80
+ BPX_O_EXCL = 0x40
+ BPX_O_NOCTTY = 0x20
+ BPX_O_TRUNC = 0x10
+ BPX_O_APPEND = 0x08
+ BPX_O_NONBLOCK = 0x04
+ BPX_FNDELAY = 0x04
+ BPX_O_RDWR = 0x03
+ BPX_O_RDONLY = 0x02
+ BPX_O_WRONLY = 0x01
+ BPX_O_ACCMODE = 0x03
+ BPX_O_GETFL = 0x0f
+
+ //mode
+ // byte1 (file type)
+ BPX_FT_DIR = 1
+ BPX_FT_CHARSPEC = 2
+ BPX_FT_REGFILE = 3
+ BPX_FT_FIFO = 4
+ BPX_FT_SYMLINK = 5
+ BPX_FT_SOCKET = 6
+ //byte3
+ BPX_S_ISUID = 0x08
+ BPX_S_ISGID = 0x04
+ BPX_S_ISVTX = 0x02
+ BPX_S_IRWXU1 = 0x01
+ BPX_S_IRUSR = 0x01
+ //byte4
+ BPX_S_IRWXU2 = 0xc0
+ BPX_S_IWUSR = 0x80
+ BPX_S_IXUSR = 0x40
+ BPX_S_IRWXG = 0x38
+ BPX_S_IRGRP = 0x20
+ BPX_S_IWGRP = 0x10
+ BPX_S_IXGRP = 0x08
+ BPX_S_IRWXOX = 0x07
+ BPX_S_IROTH = 0x04
+ BPX_S_IWOTH = 0x02
+ BPX_S_IXOTH = 0x01
+
+ CW_INTRPT = 1
+ CW_CONDVAR = 32
+ CW_TIMEOUT = 64
+
+ PGTHA_NEXT = 2
+ PGTHA_CURRENT = 1
+ PGTHA_FIRST = 0
+ PGTHA_LAST = 3
+ PGTHA_PROCESS = 0x80
+ PGTHA_CONTTY = 0x40
+ PGTHA_PATH = 0x20
+ PGTHA_COMMAND = 0x10
+ PGTHA_FILEDATA = 0x08
+ PGTHA_THREAD = 0x04
+ PGTHA_PTAG = 0x02
+ PGTHA_COMMANDLONG = 0x01
+ PGTHA_THREADFAST = 0x80
+ PGTHA_FILEPATH = 0x40
+ PGTHA_THDSIGMASK = 0x20
+ // thread quiece mode
+ QUIESCE_TERM int32 = 1
+ QUIESCE_FORCE int32 = 2
+ QUIESCE_QUERY int32 = 3
+ QUIESCE_FREEZE int32 = 4
+ QUIESCE_UNFREEZE int32 = 5
+ FREEZE_THIS_THREAD int32 = 6
+ FREEZE_EXIT int32 = 8
+ QUIESCE_SRB int32 = 9
+)
+
+type Pgtha struct {
+ Pid uint32 // 0
+ Tid0 uint32 // 4
+ Tid1 uint32
+ Accesspid byte // C
+ Accesstid byte // D
+ Accessasid uint16 // E
+ Loginname [8]byte // 10
+ Flag1 byte // 18
+ Flag1b2 byte // 19
+}
+
+type Bpxystat_t struct { // DSECT BPXYSTAT
+ St_id [4]uint8 // 0
+ St_length uint16 // 0x4
+ St_version uint16 // 0x6
+ St_mode uint32 // 0x8
+ St_ino uint32 // 0xc
+ St_dev uint32 // 0x10
+ St_nlink uint32 // 0x14
+ St_uid uint32 // 0x18
+ St_gid uint32 // 0x1c
+ St_size uint64 // 0x20
+ St_atime uint32 // 0x28
+ St_mtime uint32 // 0x2c
+ St_ctime uint32 // 0x30
+ St_rdev uint32 // 0x34
+ St_auditoraudit uint32 // 0x38
+ St_useraudit uint32 // 0x3c
+ St_blksize uint32 // 0x40
+ St_createtime uint32 // 0x44
+ St_auditid [4]uint32 // 0x48
+ St_res01 uint32 // 0x58
+ Ft_ccsid uint16 // 0x5c
+ Ft_flags uint16 // 0x5e
+ St_res01a [2]uint32 // 0x60
+ St_res02 uint32 // 0x68
+ St_blocks uint32 // 0x6c
+ St_opaque [3]uint8 // 0x70
+ St_visible uint8 // 0x73
+ St_reftime uint32 // 0x74
+ St_fid uint64 // 0x78
+ St_filefmt uint8 // 0x80
+ St_fspflag2 uint8 // 0x81
+ St_res03 [2]uint8 // 0x82
+ St_ctimemsec uint32 // 0x84
+ St_seclabel [8]uint8 // 0x88
+ St_res04 [4]uint8 // 0x90
+ // end of version 1
+ _ uint32 // 0x94
+ St_atime64 uint64 // 0x98
+ St_mtime64 uint64 // 0xa0
+ St_ctime64 uint64 // 0xa8
+ St_createtime64 uint64 // 0xb0
+ St_reftime64 uint64 // 0xb8
+ _ uint64 // 0xc0
+ St_res05 [16]uint8 // 0xc8
+ // end of version 2
+}
+
+type BpxFilestatus struct {
+ Oflag1 byte
+ Oflag2 byte
+ Oflag3 byte
+ Oflag4 byte
+}
+
+type BpxMode struct {
+ Ftype byte
+ Mode1 byte
+ Mode2 byte
+ Mode3 byte
+}
+
+// Thr attribute structure for extended attributes
+type Bpxyatt_t struct { // DSECT BPXYATT
+ Att_id [4]uint8
+ Att_version uint16
+ Att_res01 [2]uint8
+ Att_setflags1 uint8
+ Att_setflags2 uint8
+ Att_setflags3 uint8
+ Att_setflags4 uint8
+ Att_mode uint32
+ Att_uid uint32
+ Att_gid uint32
+ Att_opaquemask [3]uint8
+ Att_visblmaskres uint8
+ Att_opaque [3]uint8
+ Att_visibleres uint8
+ Att_size_h uint32
+ Att_size_l uint32
+ Att_atime uint32
+ Att_mtime uint32
+ Att_auditoraudit uint32
+ Att_useraudit uint32
+ Att_ctime uint32
+ Att_reftime uint32
+ // end of version 1
+ Att_filefmt uint8
+ Att_res02 [3]uint8
+ Att_filetag uint32
+ Att_res03 [8]uint8
+ // end of version 2
+ Att_atime64 uint64
+ Att_mtime64 uint64
+ Att_ctime64 uint64
+ Att_reftime64 uint64
+ Att_seclabel [8]uint8
+ Att_ver3res02 [8]uint8
+ // end of version 3
+}
+
+func BpxOpen(name string, options *BpxFilestatus, mode *BpxMode) (rv int32, rc int32, rn int32) {
+ if len(name) < 1024 {
+ var namebuf [1024]byte
+ sz := int32(copy(namebuf[:], name))
+ A2e(namebuf[:sz])
+ var parms [7]unsafe.Pointer
+ parms[0] = unsafe.Pointer(&sz)
+ parms[1] = unsafe.Pointer(&namebuf[0])
+ parms[2] = unsafe.Pointer(options)
+ parms[3] = unsafe.Pointer(mode)
+ parms[4] = unsafe.Pointer(&rv)
+ parms[5] = unsafe.Pointer(&rc)
+ parms[6] = unsafe.Pointer(&rn)
+ bpxcall(parms[:], BPX4OPN)
+ return rv, rc, rn
+ }
+ return -1, -1, -1
+}
+
+func BpxClose(fd int32) (rv int32, rc int32, rn int32) {
+ var parms [4]unsafe.Pointer
+ parms[0] = unsafe.Pointer(&fd)
+ parms[1] = unsafe.Pointer(&rv)
+ parms[2] = unsafe.Pointer(&rc)
+ parms[3] = unsafe.Pointer(&rn)
+ bpxcall(parms[:], BPX4CLO)
+ return rv, rc, rn
+}
+
+func BpxFileFStat(fd int32, st *Bpxystat_t) (rv int32, rc int32, rn int32) {
+ st.St_id = [4]uint8{0xe2, 0xe3, 0xc1, 0xe3}
+ st.St_version = 2
+ stat_sz := uint32(unsafe.Sizeof(*st))
+ var parms [6]unsafe.Pointer
+ parms[0] = unsafe.Pointer(&fd)
+ parms[1] = unsafe.Pointer(&stat_sz)
+ parms[2] = unsafe.Pointer(st)
+ parms[3] = unsafe.Pointer(&rv)
+ parms[4] = unsafe.Pointer(&rc)
+ parms[5] = unsafe.Pointer(&rn)
+ bpxcall(parms[:], BPX4FST)
+ return rv, rc, rn
+}
+
+func BpxFileStat(name string, st *Bpxystat_t) (rv int32, rc int32, rn int32) {
+ if len(name) < 1024 {
+ var namebuf [1024]byte
+ sz := int32(copy(namebuf[:], name))
+ A2e(namebuf[:sz])
+ st.St_id = [4]uint8{0xe2, 0xe3, 0xc1, 0xe3}
+ st.St_version = 2
+ stat_sz := uint32(unsafe.Sizeof(*st))
+ var parms [7]unsafe.Pointer
+ parms[0] = unsafe.Pointer(&sz)
+ parms[1] = unsafe.Pointer(&namebuf[0])
+ parms[2] = unsafe.Pointer(&stat_sz)
+ parms[3] = unsafe.Pointer(st)
+ parms[4] = unsafe.Pointer(&rv)
+ parms[5] = unsafe.Pointer(&rc)
+ parms[6] = unsafe.Pointer(&rn)
+ bpxcall(parms[:], BPX4STA)
+ return rv, rc, rn
+ }
+ return -1, -1, -1
+}
+
+func BpxFileLStat(name string, st *Bpxystat_t) (rv int32, rc int32, rn int32) {
+ if len(name) < 1024 {
+ var namebuf [1024]byte
+ sz := int32(copy(namebuf[:], name))
+ A2e(namebuf[:sz])
+ st.St_id = [4]uint8{0xe2, 0xe3, 0xc1, 0xe3}
+ st.St_version = 2
+ stat_sz := uint32(unsafe.Sizeof(*st))
+ var parms [7]unsafe.Pointer
+ parms[0] = unsafe.Pointer(&sz)
+ parms[1] = unsafe.Pointer(&namebuf[0])
+ parms[2] = unsafe.Pointer(&stat_sz)
+ parms[3] = unsafe.Pointer(st)
+ parms[4] = unsafe.Pointer(&rv)
+ parms[5] = unsafe.Pointer(&rc)
+ parms[6] = unsafe.Pointer(&rn)
+ bpxcall(parms[:], BPX4LST)
+ return rv, rc, rn
+ }
+ return -1, -1, -1
+}
+
+func BpxChattr(path string, attr *Bpxyatt_t) (rv int32, rc int32, rn int32) {
+ if len(path) >= 1024 {
+ return -1, -1, -1
+ }
+ var namebuf [1024]byte
+ sz := int32(copy(namebuf[:], path))
+ A2e(namebuf[:sz])
+ attr_sz := uint32(unsafe.Sizeof(*attr))
+ var parms [7]unsafe.Pointer
+ parms[0] = unsafe.Pointer(&sz)
+ parms[1] = unsafe.Pointer(&namebuf[0])
+ parms[2] = unsafe.Pointer(&attr_sz)
+ parms[3] = unsafe.Pointer(attr)
+ parms[4] = unsafe.Pointer(&rv)
+ parms[5] = unsafe.Pointer(&rc)
+ parms[6] = unsafe.Pointer(&rn)
+ bpxcall(parms[:], BPX4CHR)
+ return rv, rc, rn
+}
+
+func BpxLchattr(path string, attr *Bpxyatt_t) (rv int32, rc int32, rn int32) {
+ if len(path) >= 1024 {
+ return -1, -1, -1
+ }
+ var namebuf [1024]byte
+ sz := int32(copy(namebuf[:], path))
+ A2e(namebuf[:sz])
+ attr_sz := uint32(unsafe.Sizeof(*attr))
+ var parms [7]unsafe.Pointer
+ parms[0] = unsafe.Pointer(&sz)
+ parms[1] = unsafe.Pointer(&namebuf[0])
+ parms[2] = unsafe.Pointer(&attr_sz)
+ parms[3] = unsafe.Pointer(attr)
+ parms[4] = unsafe.Pointer(&rv)
+ parms[5] = unsafe.Pointer(&rc)
+ parms[6] = unsafe.Pointer(&rn)
+ bpxcall(parms[:], BPX4LCR)
+ return rv, rc, rn
+}
+
+func BpxFchattr(fd int32, attr *Bpxyatt_t) (rv int32, rc int32, rn int32) {
+ attr_sz := uint32(unsafe.Sizeof(*attr))
+ var parms [6]unsafe.Pointer
+ parms[0] = unsafe.Pointer(&fd)
+ parms[1] = unsafe.Pointer(&attr_sz)
+ parms[2] = unsafe.Pointer(attr)
+ parms[3] = unsafe.Pointer(&rv)
+ parms[4] = unsafe.Pointer(&rc)
+ parms[5] = unsafe.Pointer(&rn)
+ bpxcall(parms[:], BPX4FCR)
+ return rv, rc, rn
+}
+
+func BpxCondTimedWait(sec uint32, nsec uint32, events uint32, secrem *uint32, nsecrem *uint32) (rv int32, rc int32, rn int32) {
+ var parms [8]unsafe.Pointer
+ parms[0] = unsafe.Pointer(&sec)
+ parms[1] = unsafe.Pointer(&nsec)
+ parms[2] = unsafe.Pointer(&events)
+ parms[3] = unsafe.Pointer(secrem)
+ parms[4] = unsafe.Pointer(nsecrem)
+ parms[5] = unsafe.Pointer(&rv)
+ parms[6] = unsafe.Pointer(&rc)
+ parms[7] = unsafe.Pointer(&rn)
+ bpxcall(parms[:], BPX4CTW)
+ return rv, rc, rn
+}
+func BpxGetthent(in *Pgtha, outlen *uint32, out unsafe.Pointer) (rv int32, rc int32, rn int32) {
+ var parms [7]unsafe.Pointer
+ inlen := uint32(26) // nothing else will work. Go says Pgtha is 28-byte because of alignment, but Pgtha is "packed" and must be 26-byte
+ parms[0] = unsafe.Pointer(&inlen)
+ parms[1] = unsafe.Pointer(&in)
+ parms[2] = unsafe.Pointer(outlen)
+ parms[3] = unsafe.Pointer(&out)
+ parms[4] = unsafe.Pointer(&rv)
+ parms[5] = unsafe.Pointer(&rc)
+ parms[6] = unsafe.Pointer(&rn)
+ bpxcall(parms[:], BPX4GTH)
+ return rv, rc, rn
+}
+func ZosJobname() (jobname string, err error) {
+ var pgtha Pgtha
+ pgtha.Pid = uint32(Getpid())
+ pgtha.Accesspid = PGTHA_CURRENT
+ pgtha.Flag1 = PGTHA_PROCESS
+ var out [256]byte
+ var outlen uint32
+ outlen = 256
+ rv, rc, rn := BpxGetthent(&pgtha, &outlen, unsafe.Pointer(&out[0]))
+ if rv == 0 {
+ gthc := []byte{0x87, 0xa3, 0x88, 0x83} // 'gthc' in ebcdic
+ ix := bytes.Index(out[:], gthc)
+ if ix == -1 {
+ err = fmt.Errorf("BPX4GTH: gthc return data not found")
+ return
+ }
+ jn := out[ix+80 : ix+88] // we didn't declare Pgthc, but jobname is 8-byte at offset 80
+ E2a(jn)
+ jobname = string(bytes.TrimRight(jn, " "))
+
+ } else {
+ err = fmt.Errorf("BPX4GTH: rc=%d errno=%d reason=code=0x%x", rv, rc, rn)
+ }
+ return
+}
+func Bpx4ptq(code int32, data string) (rv int32, rc int32, rn int32) {
+ var userdata [8]byte
+ var parms [5]unsafe.Pointer
+ copy(userdata[:], data+" ")
+ A2e(userdata[:])
+ parms[0] = unsafe.Pointer(&code)
+ parms[1] = unsafe.Pointer(&userdata[0])
+ parms[2] = unsafe.Pointer(&rv)
+ parms[3] = unsafe.Pointer(&rc)
+ parms[4] = unsafe.Pointer(&rn)
+ bpxcall(parms[:], BPX4PTQ)
+ return rv, rc, rn
+}
+
+const (
+ PT_TRACE_ME = 0 // Debug this process
+ PT_READ_I = 1 // Read a full word
+ PT_READ_D = 2 // Read a full word
+ PT_READ_U = 3 // Read control info
+ PT_WRITE_I = 4 //Write a full word
+ PT_WRITE_D = 5 //Write a full word
+ PT_CONTINUE = 7 //Continue the process
+ PT_KILL = 8 //Terminate the process
+ PT_READ_GPR = 11 // Read GPR, CR, PSW
+ PT_READ_FPR = 12 // Read FPR
+ PT_READ_VR = 13 // Read VR
+ PT_WRITE_GPR = 14 // Write GPR, CR, PSW
+ PT_WRITE_FPR = 15 // Write FPR
+ PT_WRITE_VR = 16 // Write VR
+ PT_READ_BLOCK = 17 // Read storage
+ PT_WRITE_BLOCK = 19 // Write storage
+ PT_READ_GPRH = 20 // Read GPRH
+ PT_WRITE_GPRH = 21 // Write GPRH
+ PT_REGHSET = 22 // Read all GPRHs
+ PT_ATTACH = 30 // Attach to a process
+ PT_DETACH = 31 // Detach from a process
+ PT_REGSET = 32 // Read all GPRs
+ PT_REATTACH = 33 // Reattach to a process
+ PT_LDINFO = 34 // Read loader info
+ PT_MULTI = 35 // Multi process mode
+ PT_LD64INFO = 36 // RMODE64 Info Area
+ PT_BLOCKREQ = 40 // Block request
+ PT_THREAD_INFO = 60 // Read thread info
+ PT_THREAD_MODIFY = 61
+ PT_THREAD_READ_FOCUS = 62
+ PT_THREAD_WRITE_FOCUS = 63
+ PT_THREAD_HOLD = 64
+ PT_THREAD_SIGNAL = 65
+ PT_EXPLAIN = 66
+ PT_EVENTS = 67
+ PT_THREAD_INFO_EXTENDED = 68
+ PT_REATTACH2 = 71
+ PT_CAPTURE = 72
+ PT_UNCAPTURE = 73
+ PT_GET_THREAD_TCB = 74
+ PT_GET_ALET = 75
+ PT_SWAPIN = 76
+ PT_EXTENDED_EVENT = 98
+ PT_RECOVER = 99 // Debug a program check
+ PT_GPR0 = 0 // General purpose register 0
+ PT_GPR1 = 1 // General purpose register 1
+ PT_GPR2 = 2 // General purpose register 2
+ PT_GPR3 = 3 // General purpose register 3
+ PT_GPR4 = 4 // General purpose register 4
+ PT_GPR5 = 5 // General purpose register 5
+ PT_GPR6 = 6 // General purpose register 6
+ PT_GPR7 = 7 // General purpose register 7
+ PT_GPR8 = 8 // General purpose register 8
+ PT_GPR9 = 9 // General purpose register 9
+ PT_GPR10 = 10 // General purpose register 10
+ PT_GPR11 = 11 // General purpose register 11
+ PT_GPR12 = 12 // General purpose register 12
+ PT_GPR13 = 13 // General purpose register 13
+ PT_GPR14 = 14 // General purpose register 14
+ PT_GPR15 = 15 // General purpose register 15
+ PT_FPR0 = 16 // Floating point register 0
+ PT_FPR1 = 17 // Floating point register 1
+ PT_FPR2 = 18 // Floating point register 2
+ PT_FPR3 = 19 // Floating point register 3
+ PT_FPR4 = 20 // Floating point register 4
+ PT_FPR5 = 21 // Floating point register 5
+ PT_FPR6 = 22 // Floating point register 6
+ PT_FPR7 = 23 // Floating point register 7
+ PT_FPR8 = 24 // Floating point register 8
+ PT_FPR9 = 25 // Floating point register 9
+ PT_FPR10 = 26 // Floating point register 10
+ PT_FPR11 = 27 // Floating point register 11
+ PT_FPR12 = 28 // Floating point register 12
+ PT_FPR13 = 29 // Floating point register 13
+ PT_FPR14 = 30 // Floating point register 14
+ PT_FPR15 = 31 // Floating point register 15
+ PT_FPC = 32 // Floating point control register
+ PT_PSW = 40 // PSW
+ PT_PSW0 = 40 // Left half of the PSW
+ PT_PSW1 = 41 // Right half of the PSW
+ PT_CR0 = 42 // Control register 0
+ PT_CR1 = 43 // Control register 1
+ PT_CR2 = 44 // Control register 2
+ PT_CR3 = 45 // Control register 3
+ PT_CR4 = 46 // Control register 4
+ PT_CR5 = 47 // Control register 5
+ PT_CR6 = 48 // Control register 6
+ PT_CR7 = 49 // Control register 7
+ PT_CR8 = 50 // Control register 8
+ PT_CR9 = 51 // Control register 9
+ PT_CR10 = 52 // Control register 10
+ PT_CR11 = 53 // Control register 11
+ PT_CR12 = 54 // Control register 12
+ PT_CR13 = 55 // Control register 13
+ PT_CR14 = 56 // Control register 14
+ PT_CR15 = 57 // Control register 15
+ PT_GPRH0 = 58 // GP High register 0
+ PT_GPRH1 = 59 // GP High register 1
+ PT_GPRH2 = 60 // GP High register 2
+ PT_GPRH3 = 61 // GP High register 3
+ PT_GPRH4 = 62 // GP High register 4
+ PT_GPRH5 = 63 // GP High register 5
+ PT_GPRH6 = 64 // GP High register 6
+ PT_GPRH7 = 65 // GP High register 7
+ PT_GPRH8 = 66 // GP High register 8
+ PT_GPRH9 = 67 // GP High register 9
+ PT_GPRH10 = 68 // GP High register 10
+ PT_GPRH11 = 69 // GP High register 11
+ PT_GPRH12 = 70 // GP High register 12
+ PT_GPRH13 = 71 // GP High register 13
+ PT_GPRH14 = 72 // GP High register 14
+ PT_GPRH15 = 73 // GP High register 15
+ PT_VR0 = 74 // Vector register 0
+ PT_VR1 = 75 // Vector register 1
+ PT_VR2 = 76 // Vector register 2
+ PT_VR3 = 77 // Vector register 3
+ PT_VR4 = 78 // Vector register 4
+ PT_VR5 = 79 // Vector register 5
+ PT_VR6 = 80 // Vector register 6
+ PT_VR7 = 81 // Vector register 7
+ PT_VR8 = 82 // Vector register 8
+ PT_VR9 = 83 // Vector register 9
+ PT_VR10 = 84 // Vector register 10
+ PT_VR11 = 85 // Vector register 11
+ PT_VR12 = 86 // Vector register 12
+ PT_VR13 = 87 // Vector register 13
+ PT_VR14 = 88 // Vector register 14
+ PT_VR15 = 89 // Vector register 15
+ PT_VR16 = 90 // Vector register 16
+ PT_VR17 = 91 // Vector register 17
+ PT_VR18 = 92 // Vector register 18
+ PT_VR19 = 93 // Vector register 19
+ PT_VR20 = 94 // Vector register 20
+ PT_VR21 = 95 // Vector register 21
+ PT_VR22 = 96 // Vector register 22
+ PT_VR23 = 97 // Vector register 23
+ PT_VR24 = 98 // Vector register 24
+ PT_VR25 = 99 // Vector register 25
+ PT_VR26 = 100 // Vector register 26
+ PT_VR27 = 101 // Vector register 27
+ PT_VR28 = 102 // Vector register 28
+ PT_VR29 = 103 // Vector register 29
+ PT_VR30 = 104 // Vector register 30
+ PT_VR31 = 105 // Vector register 31
+ PT_PSWG = 106 // PSWG
+ PT_PSWG0 = 106 // Bytes 0-3
+ PT_PSWG1 = 107 // Bytes 4-7
+ PT_PSWG2 = 108 // Bytes 8-11 (IA high word)
+ PT_PSWG3 = 109 // Bytes 12-15 (IA low word)
+)
+
+func Bpx4ptr(request int32, pid int32, addr unsafe.Pointer, data unsafe.Pointer, buffer unsafe.Pointer) (rv int32, rc int32, rn int32) {
+ var parms [8]unsafe.Pointer
+ parms[0] = unsafe.Pointer(&request)
+ parms[1] = unsafe.Pointer(&pid)
+ parms[2] = unsafe.Pointer(&addr)
+ parms[3] = unsafe.Pointer(&data)
+ parms[4] = unsafe.Pointer(&buffer)
+ parms[5] = unsafe.Pointer(&rv)
+ parms[6] = unsafe.Pointer(&rc)
+ parms[7] = unsafe.Pointer(&rn)
+ bpxcall(parms[:], BPX4PTR)
+ return rv, rc, rn
+}
+
+func copyU8(val uint8, dest []uint8) int {
+ if len(dest) < 1 {
+ return 0
+ }
+ dest[0] = val
+ return 1
+}
+
+func copyU8Arr(src, dest []uint8) int {
+ if len(dest) < len(src) {
+ return 0
+ }
+ for i, v := range src {
+ dest[i] = v
+ }
+ return len(src)
+}
+
+func copyU16(val uint16, dest []uint16) int {
+ if len(dest) < 1 {
+ return 0
+ }
+ dest[0] = val
+ return 1
+}
+
+func copyU32(val uint32, dest []uint32) int {
+ if len(dest) < 1 {
+ return 0
+ }
+ dest[0] = val
+ return 1
+}
+
+func copyU32Arr(src, dest []uint32) int {
+ if len(dest) < len(src) {
+ return 0
+ }
+ for i, v := range src {
+ dest[i] = v
+ }
+ return len(src)
+}
+
+func copyU64(val uint64, dest []uint64) int {
+ if len(dest) < 1 {
+ return 0
+ }
+ dest[0] = val
+ return 1
+}
diff --git a/vendor/golang.org/x/sys/unix/bpxsvc_zos.s b/vendor/golang.org/x/sys/unix/bpxsvc_zos.s
new file mode 100644
index 0000000000000000000000000000000000000000..4bd4a179821bdc7e1bb6ad08caf45bb6803e7fae
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/bpxsvc_zos.s
@@ -0,0 +1,192 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+#include "go_asm.h"
+#include "textflag.h"
+
+// function to call USS assembly language services
+//
+// doc: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_3.1.0/com.ibm.zos.v3r1.bpxb100/bit64env.htm
+//
+// arg1 unsafe.Pointer array that ressembles an OS PLIST
+//
+// arg2 function offset as in
+// doc: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_3.1.0/com.ibm.zos.v3r1.bpxb100/bpx2cr_List_of_offsets.htm
+//
+// func bpxcall(plist []unsafe.Pointer, bpx_offset int64)
+
+TEXT ·bpxcall(SB), NOSPLIT|NOFRAME, $0
+ MOVD plist_base+0(FP), R1 // r1 points to plist
+ MOVD bpx_offset+24(FP), R2 // r2 offset to BPX vector table
+ MOVD R14, R7 // save r14
+ MOVD R15, R8 // save r15
+ MOVWZ 16(R0), R9
+ MOVWZ 544(R9), R9
+ MOVWZ 24(R9), R9 // call vector in r9
+ ADD R2, R9 // add offset to vector table
+ MOVWZ (R9), R9 // r9 points to entry point
+ BYTE $0x0D // BL R14,R9 --> basr r14,r9
+ BYTE $0xE9 // clobbers 0,1,14,15
+ MOVD R8, R15 // restore 15
+ JMP R7 // return via saved return address
+
+// func A2e(arr [] byte)
+// code page conversion from 819 to 1047
+TEXT ·A2e(SB), NOSPLIT|NOFRAME, $0
+ MOVD arg_base+0(FP), R2 // pointer to arry of characters
+ MOVD arg_len+8(FP), R3 // count
+ XOR R0, R0
+ XOR R1, R1
+ BYTE $0xA7; BYTE $0x15; BYTE $0x00; BYTE $0x82 // BRAS 1,(2+(256/2))
+
+ // ASCII -> EBCDIC conversion table:
+ BYTE $0x00; BYTE $0x01; BYTE $0x02; BYTE $0x03
+ BYTE $0x37; BYTE $0x2d; BYTE $0x2e; BYTE $0x2f
+ BYTE $0x16; BYTE $0x05; BYTE $0x15; BYTE $0x0b
+ BYTE $0x0c; BYTE $0x0d; BYTE $0x0e; BYTE $0x0f
+ BYTE $0x10; BYTE $0x11; BYTE $0x12; BYTE $0x13
+ BYTE $0x3c; BYTE $0x3d; BYTE $0x32; BYTE $0x26
+ BYTE $0x18; BYTE $0x19; BYTE $0x3f; BYTE $0x27
+ BYTE $0x1c; BYTE $0x1d; BYTE $0x1e; BYTE $0x1f
+ BYTE $0x40; BYTE $0x5a; BYTE $0x7f; BYTE $0x7b
+ BYTE $0x5b; BYTE $0x6c; BYTE $0x50; BYTE $0x7d
+ BYTE $0x4d; BYTE $0x5d; BYTE $0x5c; BYTE $0x4e
+ BYTE $0x6b; BYTE $0x60; BYTE $0x4b; BYTE $0x61
+ BYTE $0xf0; BYTE $0xf1; BYTE $0xf2; BYTE $0xf3
+ BYTE $0xf4; BYTE $0xf5; BYTE $0xf6; BYTE $0xf7
+ BYTE $0xf8; BYTE $0xf9; BYTE $0x7a; BYTE $0x5e
+ BYTE $0x4c; BYTE $0x7e; BYTE $0x6e; BYTE $0x6f
+ BYTE $0x7c; BYTE $0xc1; BYTE $0xc2; BYTE $0xc3
+ BYTE $0xc4; BYTE $0xc5; BYTE $0xc6; BYTE $0xc7
+ BYTE $0xc8; BYTE $0xc9; BYTE $0xd1; BYTE $0xd2
+ BYTE $0xd3; BYTE $0xd4; BYTE $0xd5; BYTE $0xd6
+ BYTE $0xd7; BYTE $0xd8; BYTE $0xd9; BYTE $0xe2
+ BYTE $0xe3; BYTE $0xe4; BYTE $0xe5; BYTE $0xe6
+ BYTE $0xe7; BYTE $0xe8; BYTE $0xe9; BYTE $0xad
+ BYTE $0xe0; BYTE $0xbd; BYTE $0x5f; BYTE $0x6d
+ BYTE $0x79; BYTE $0x81; BYTE $0x82; BYTE $0x83
+ BYTE $0x84; BYTE $0x85; BYTE $0x86; BYTE $0x87
+ BYTE $0x88; BYTE $0x89; BYTE $0x91; BYTE $0x92
+ BYTE $0x93; BYTE $0x94; BYTE $0x95; BYTE $0x96
+ BYTE $0x97; BYTE $0x98; BYTE $0x99; BYTE $0xa2
+ BYTE $0xa3; BYTE $0xa4; BYTE $0xa5; BYTE $0xa6
+ BYTE $0xa7; BYTE $0xa8; BYTE $0xa9; BYTE $0xc0
+ BYTE $0x4f; BYTE $0xd0; BYTE $0xa1; BYTE $0x07
+ BYTE $0x20; BYTE $0x21; BYTE $0x22; BYTE $0x23
+ BYTE $0x24; BYTE $0x25; BYTE $0x06; BYTE $0x17
+ BYTE $0x28; BYTE $0x29; BYTE $0x2a; BYTE $0x2b
+ BYTE $0x2c; BYTE $0x09; BYTE $0x0a; BYTE $0x1b
+ BYTE $0x30; BYTE $0x31; BYTE $0x1a; BYTE $0x33
+ BYTE $0x34; BYTE $0x35; BYTE $0x36; BYTE $0x08
+ BYTE $0x38; BYTE $0x39; BYTE $0x3a; BYTE $0x3b
+ BYTE $0x04; BYTE $0x14; BYTE $0x3e; BYTE $0xff
+ BYTE $0x41; BYTE $0xaa; BYTE $0x4a; BYTE $0xb1
+ BYTE $0x9f; BYTE $0xb2; BYTE $0x6a; BYTE $0xb5
+ BYTE $0xbb; BYTE $0xb4; BYTE $0x9a; BYTE $0x8a
+ BYTE $0xb0; BYTE $0xca; BYTE $0xaf; BYTE $0xbc
+ BYTE $0x90; BYTE $0x8f; BYTE $0xea; BYTE $0xfa
+ BYTE $0xbe; BYTE $0xa0; BYTE $0xb6; BYTE $0xb3
+ BYTE $0x9d; BYTE $0xda; BYTE $0x9b; BYTE $0x8b
+ BYTE $0xb7; BYTE $0xb8; BYTE $0xb9; BYTE $0xab
+ BYTE $0x64; BYTE $0x65; BYTE $0x62; BYTE $0x66
+ BYTE $0x63; BYTE $0x67; BYTE $0x9e; BYTE $0x68
+ BYTE $0x74; BYTE $0x71; BYTE $0x72; BYTE $0x73
+ BYTE $0x78; BYTE $0x75; BYTE $0x76; BYTE $0x77
+ BYTE $0xac; BYTE $0x69; BYTE $0xed; BYTE $0xee
+ BYTE $0xeb; BYTE $0xef; BYTE $0xec; BYTE $0xbf
+ BYTE $0x80; BYTE $0xfd; BYTE $0xfe; BYTE $0xfb
+ BYTE $0xfc; BYTE $0xba; BYTE $0xae; BYTE $0x59
+ BYTE $0x44; BYTE $0x45; BYTE $0x42; BYTE $0x46
+ BYTE $0x43; BYTE $0x47; BYTE $0x9c; BYTE $0x48
+ BYTE $0x54; BYTE $0x51; BYTE $0x52; BYTE $0x53
+ BYTE $0x58; BYTE $0x55; BYTE $0x56; BYTE $0x57
+ BYTE $0x8c; BYTE $0x49; BYTE $0xcd; BYTE $0xce
+ BYTE $0xcb; BYTE $0xcf; BYTE $0xcc; BYTE $0xe1
+ BYTE $0x70; BYTE $0xdd; BYTE $0xde; BYTE $0xdb
+ BYTE $0xdc; BYTE $0x8d; BYTE $0x8e; BYTE $0xdf
+
+retry:
+ WORD $0xB9931022 // TROO 2,2,b'0001'
+ BVS retry
+ RET
+
+// func e2a(arr [] byte)
+// code page conversion from 1047 to 819
+TEXT ·E2a(SB), NOSPLIT|NOFRAME, $0
+ MOVD arg_base+0(FP), R2 // pointer to arry of characters
+ MOVD arg_len+8(FP), R3 // count
+ XOR R0, R0
+ XOR R1, R1
+ BYTE $0xA7; BYTE $0x15; BYTE $0x00; BYTE $0x82 // BRAS 1,(2+(256/2))
+
+ // EBCDIC -> ASCII conversion table:
+ BYTE $0x00; BYTE $0x01; BYTE $0x02; BYTE $0x03
+ BYTE $0x9c; BYTE $0x09; BYTE $0x86; BYTE $0x7f
+ BYTE $0x97; BYTE $0x8d; BYTE $0x8e; BYTE $0x0b
+ BYTE $0x0c; BYTE $0x0d; BYTE $0x0e; BYTE $0x0f
+ BYTE $0x10; BYTE $0x11; BYTE $0x12; BYTE $0x13
+ BYTE $0x9d; BYTE $0x0a; BYTE $0x08; BYTE $0x87
+ BYTE $0x18; BYTE $0x19; BYTE $0x92; BYTE $0x8f
+ BYTE $0x1c; BYTE $0x1d; BYTE $0x1e; BYTE $0x1f
+ BYTE $0x80; BYTE $0x81; BYTE $0x82; BYTE $0x83
+ BYTE $0x84; BYTE $0x85; BYTE $0x17; BYTE $0x1b
+ BYTE $0x88; BYTE $0x89; BYTE $0x8a; BYTE $0x8b
+ BYTE $0x8c; BYTE $0x05; BYTE $0x06; BYTE $0x07
+ BYTE $0x90; BYTE $0x91; BYTE $0x16; BYTE $0x93
+ BYTE $0x94; BYTE $0x95; BYTE $0x96; BYTE $0x04
+ BYTE $0x98; BYTE $0x99; BYTE $0x9a; BYTE $0x9b
+ BYTE $0x14; BYTE $0x15; BYTE $0x9e; BYTE $0x1a
+ BYTE $0x20; BYTE $0xa0; BYTE $0xe2; BYTE $0xe4
+ BYTE $0xe0; BYTE $0xe1; BYTE $0xe3; BYTE $0xe5
+ BYTE $0xe7; BYTE $0xf1; BYTE $0xa2; BYTE $0x2e
+ BYTE $0x3c; BYTE $0x28; BYTE $0x2b; BYTE $0x7c
+ BYTE $0x26; BYTE $0xe9; BYTE $0xea; BYTE $0xeb
+ BYTE $0xe8; BYTE $0xed; BYTE $0xee; BYTE $0xef
+ BYTE $0xec; BYTE $0xdf; BYTE $0x21; BYTE $0x24
+ BYTE $0x2a; BYTE $0x29; BYTE $0x3b; BYTE $0x5e
+ BYTE $0x2d; BYTE $0x2f; BYTE $0xc2; BYTE $0xc4
+ BYTE $0xc0; BYTE $0xc1; BYTE $0xc3; BYTE $0xc5
+ BYTE $0xc7; BYTE $0xd1; BYTE $0xa6; BYTE $0x2c
+ BYTE $0x25; BYTE $0x5f; BYTE $0x3e; BYTE $0x3f
+ BYTE $0xf8; BYTE $0xc9; BYTE $0xca; BYTE $0xcb
+ BYTE $0xc8; BYTE $0xcd; BYTE $0xce; BYTE $0xcf
+ BYTE $0xcc; BYTE $0x60; BYTE $0x3a; BYTE $0x23
+ BYTE $0x40; BYTE $0x27; BYTE $0x3d; BYTE $0x22
+ BYTE $0xd8; BYTE $0x61; BYTE $0x62; BYTE $0x63
+ BYTE $0x64; BYTE $0x65; BYTE $0x66; BYTE $0x67
+ BYTE $0x68; BYTE $0x69; BYTE $0xab; BYTE $0xbb
+ BYTE $0xf0; BYTE $0xfd; BYTE $0xfe; BYTE $0xb1
+ BYTE $0xb0; BYTE $0x6a; BYTE $0x6b; BYTE $0x6c
+ BYTE $0x6d; BYTE $0x6e; BYTE $0x6f; BYTE $0x70
+ BYTE $0x71; BYTE $0x72; BYTE $0xaa; BYTE $0xba
+ BYTE $0xe6; BYTE $0xb8; BYTE $0xc6; BYTE $0xa4
+ BYTE $0xb5; BYTE $0x7e; BYTE $0x73; BYTE $0x74
+ BYTE $0x75; BYTE $0x76; BYTE $0x77; BYTE $0x78
+ BYTE $0x79; BYTE $0x7a; BYTE $0xa1; BYTE $0xbf
+ BYTE $0xd0; BYTE $0x5b; BYTE $0xde; BYTE $0xae
+ BYTE $0xac; BYTE $0xa3; BYTE $0xa5; BYTE $0xb7
+ BYTE $0xa9; BYTE $0xa7; BYTE $0xb6; BYTE $0xbc
+ BYTE $0xbd; BYTE $0xbe; BYTE $0xdd; BYTE $0xa8
+ BYTE $0xaf; BYTE $0x5d; BYTE $0xb4; BYTE $0xd7
+ BYTE $0x7b; BYTE $0x41; BYTE $0x42; BYTE $0x43
+ BYTE $0x44; BYTE $0x45; BYTE $0x46; BYTE $0x47
+ BYTE $0x48; BYTE $0x49; BYTE $0xad; BYTE $0xf4
+ BYTE $0xf6; BYTE $0xf2; BYTE $0xf3; BYTE $0xf5
+ BYTE $0x7d; BYTE $0x4a; BYTE $0x4b; BYTE $0x4c
+ BYTE $0x4d; BYTE $0x4e; BYTE $0x4f; BYTE $0x50
+ BYTE $0x51; BYTE $0x52; BYTE $0xb9; BYTE $0xfb
+ BYTE $0xfc; BYTE $0xf9; BYTE $0xfa; BYTE $0xff
+ BYTE $0x5c; BYTE $0xf7; BYTE $0x53; BYTE $0x54
+ BYTE $0x55; BYTE $0x56; BYTE $0x57; BYTE $0x58
+ BYTE $0x59; BYTE $0x5a; BYTE $0xb2; BYTE $0xd4
+ BYTE $0xd6; BYTE $0xd2; BYTE $0xd3; BYTE $0xd5
+ BYTE $0x30; BYTE $0x31; BYTE $0x32; BYTE $0x33
+ BYTE $0x34; BYTE $0x35; BYTE $0x36; BYTE $0x37
+ BYTE $0x38; BYTE $0x39; BYTE $0xb3; BYTE $0xdb
+ BYTE $0xdc; BYTE $0xd9; BYTE $0xda; BYTE $0x9f
+
+retry:
+ WORD $0xB9931022 // TROO 2,2,b'0001'
+ BVS retry
+ RET
diff --git a/vendor/golang.org/x/sys/unix/epoll_zos.go b/vendor/golang.org/x/sys/unix/epoll_zos.go
deleted file mode 100644
index 7753fddea8174f8269316188817c30abbe7bc253..0000000000000000000000000000000000000000
--- a/vendor/golang.org/x/sys/unix/epoll_zos.go
+++ /dev/null
@@ -1,220 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build zos && s390x
-
-package unix
-
-import (
- "sync"
-)
-
-// This file simulates epoll on z/OS using poll.
-
-// Analogous to epoll_event on Linux.
-// TODO(neeilan): Pad is because the Linux kernel expects a 96-bit struct. We never pass this to the kernel; remove?
-type EpollEvent struct {
- Events uint32
- Fd int32
- Pad int32
-}
-
-const (
- EPOLLERR = 0x8
- EPOLLHUP = 0x10
- EPOLLIN = 0x1
- EPOLLMSG = 0x400
- EPOLLOUT = 0x4
- EPOLLPRI = 0x2
- EPOLLRDBAND = 0x80
- EPOLLRDNORM = 0x40
- EPOLLWRBAND = 0x200
- EPOLLWRNORM = 0x100
- EPOLL_CTL_ADD = 0x1
- EPOLL_CTL_DEL = 0x2
- EPOLL_CTL_MOD = 0x3
- // The following constants are part of the epoll API, but represent
- // currently unsupported functionality on z/OS.
- // EPOLL_CLOEXEC = 0x80000
- // EPOLLET = 0x80000000
- // EPOLLONESHOT = 0x40000000
- // EPOLLRDHUP = 0x2000 // Typically used with edge-triggered notis
- // EPOLLEXCLUSIVE = 0x10000000 // Exclusive wake-up mode
- // EPOLLWAKEUP = 0x20000000 // Relies on Linux's BLOCK_SUSPEND capability
-)
-
-// TODO(neeilan): We can eliminate these epToPoll / pToEpoll calls by using identical mask values for POLL/EPOLL
-// constants where possible The lower 16 bits of epoll events (uint32) can fit any system poll event (int16).
-
-// epToPollEvt converts epoll event field to poll equivalent.
-// In epoll, Events is a 32-bit field, while poll uses 16 bits.
-func epToPollEvt(events uint32) int16 {
- var ep2p = map[uint32]int16{
- EPOLLIN: POLLIN,
- EPOLLOUT: POLLOUT,
- EPOLLHUP: POLLHUP,
- EPOLLPRI: POLLPRI,
- EPOLLERR: POLLERR,
- }
-
- var pollEvts int16 = 0
- for epEvt, pEvt := range ep2p {
- if (events & epEvt) != 0 {
- pollEvts |= pEvt
- }
- }
-
- return pollEvts
-}
-
-// pToEpollEvt converts 16 bit poll event bitfields to 32-bit epoll event fields.
-func pToEpollEvt(revents int16) uint32 {
- var p2ep = map[int16]uint32{
- POLLIN: EPOLLIN,
- POLLOUT: EPOLLOUT,
- POLLHUP: EPOLLHUP,
- POLLPRI: EPOLLPRI,
- POLLERR: EPOLLERR,
- }
-
- var epollEvts uint32 = 0
- for pEvt, epEvt := range p2ep {
- if (revents & pEvt) != 0 {
- epollEvts |= epEvt
- }
- }
-
- return epollEvts
-}
-
-// Per-process epoll implementation.
-type epollImpl struct {
- mu sync.Mutex
- epfd2ep map[int]*eventPoll
- nextEpfd int
-}
-
-// eventPoll holds a set of file descriptors being watched by the process. A process can have multiple epoll instances.
-// On Linux, this is an in-kernel data structure accessed through a fd.
-type eventPoll struct {
- mu sync.Mutex
- fds map[int]*EpollEvent
-}
-
-// epoll impl for this process.
-var impl epollImpl = epollImpl{
- epfd2ep: make(map[int]*eventPoll),
- nextEpfd: 0,
-}
-
-func (e *epollImpl) epollcreate(size int) (epfd int, err error) {
- e.mu.Lock()
- defer e.mu.Unlock()
- epfd = e.nextEpfd
- e.nextEpfd++
-
- e.epfd2ep[epfd] = &eventPoll{
- fds: make(map[int]*EpollEvent),
- }
- return epfd, nil
-}
-
-func (e *epollImpl) epollcreate1(flag int) (fd int, err error) {
- return e.epollcreate(4)
-}
-
-func (e *epollImpl) epollctl(epfd int, op int, fd int, event *EpollEvent) (err error) {
- e.mu.Lock()
- defer e.mu.Unlock()
-
- ep, ok := e.epfd2ep[epfd]
- if !ok {
-
- return EBADF
- }
-
- switch op {
- case EPOLL_CTL_ADD:
- // TODO(neeilan): When we make epfds and fds disjoint, detect epoll
- // loops here (instances watching each other) and return ELOOP.
- if _, ok := ep.fds[fd]; ok {
- return EEXIST
- }
- ep.fds[fd] = event
- case EPOLL_CTL_MOD:
- if _, ok := ep.fds[fd]; !ok {
- return ENOENT
- }
- ep.fds[fd] = event
- case EPOLL_CTL_DEL:
- if _, ok := ep.fds[fd]; !ok {
- return ENOENT
- }
- delete(ep.fds, fd)
-
- }
- return nil
-}
-
-// Must be called while holding ep.mu
-func (ep *eventPoll) getFds() []int {
- fds := make([]int, len(ep.fds))
- for fd := range ep.fds {
- fds = append(fds, fd)
- }
- return fds
-}
-
-func (e *epollImpl) epollwait(epfd int, events []EpollEvent, msec int) (n int, err error) {
- e.mu.Lock() // in [rare] case of concurrent epollcreate + epollwait
- ep, ok := e.epfd2ep[epfd]
-
- if !ok {
- e.mu.Unlock()
- return 0, EBADF
- }
-
- pollfds := make([]PollFd, 4)
- for fd, epollevt := range ep.fds {
- pollfds = append(pollfds, PollFd{Fd: int32(fd), Events: epToPollEvt(epollevt.Events)})
- }
- e.mu.Unlock()
-
- n, err = Poll(pollfds, msec)
- if err != nil {
- return n, err
- }
-
- i := 0
- for _, pFd := range pollfds {
- if pFd.Revents != 0 {
- events[i] = EpollEvent{Fd: pFd.Fd, Events: pToEpollEvt(pFd.Revents)}
- i++
- }
-
- if i == n {
- break
- }
- }
-
- return n, nil
-}
-
-func EpollCreate(size int) (fd int, err error) {
- return impl.epollcreate(size)
-}
-
-func EpollCreate1(flag int) (fd int, err error) {
- return impl.epollcreate1(flag)
-}
-
-func EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
- return impl.epollctl(epfd, op, fd, event)
-}
-
-// Because EpollWait mutates events, the caller is expected to coordinate
-// concurrent access if calling with the same epfd from multiple goroutines.
-func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
- return impl.epollwait(epfd, events, msec)
-}
diff --git a/vendor/golang.org/x/sys/unix/fcntl.go b/vendor/golang.org/x/sys/unix/fcntl.go
index 58c6bfc70f6e96173150502557e30a9f800dd347..6200876fb28cc49c25e68739d8aac01b5df40a34 100644
--- a/vendor/golang.org/x/sys/unix/fcntl.go
+++ b/vendor/golang.org/x/sys/unix/fcntl.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build dragonfly || freebsd || linux || netbsd || openbsd
+//go:build dragonfly || freebsd || linux || netbsd
package unix
diff --git a/vendor/golang.org/x/sys/unix/fstatfs_zos.go b/vendor/golang.org/x/sys/unix/fstatfs_zos.go
deleted file mode 100644
index c8bde601e772336736ec494940f5fc326c41dd2d..0000000000000000000000000000000000000000
--- a/vendor/golang.org/x/sys/unix/fstatfs_zos.go
+++ /dev/null
@@ -1,163 +0,0 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build zos && s390x
-
-package unix
-
-import (
- "unsafe"
-)
-
-// This file simulates fstatfs on z/OS using fstatvfs and w_getmntent.
-
-func Fstatfs(fd int, stat *Statfs_t) (err error) {
- var stat_v Statvfs_t
- err = Fstatvfs(fd, &stat_v)
- if err == nil {
- // populate stat
- stat.Type = 0
- stat.Bsize = stat_v.Bsize
- stat.Blocks = stat_v.Blocks
- stat.Bfree = stat_v.Bfree
- stat.Bavail = stat_v.Bavail
- stat.Files = stat_v.Files
- stat.Ffree = stat_v.Ffree
- stat.Fsid = stat_v.Fsid
- stat.Namelen = stat_v.Namemax
- stat.Frsize = stat_v.Frsize
- stat.Flags = stat_v.Flag
- for passn := 0; passn < 5; passn++ {
- switch passn {
- case 0:
- err = tryGetmntent64(stat)
- break
- case 1:
- err = tryGetmntent128(stat)
- break
- case 2:
- err = tryGetmntent256(stat)
- break
- case 3:
- err = tryGetmntent512(stat)
- break
- case 4:
- err = tryGetmntent1024(stat)
- break
- default:
- break
- }
- //proceed to return if: err is nil (found), err is nonnil but not ERANGE (another error occurred)
- if err == nil || err != nil && err != ERANGE {
- break
- }
- }
- }
- return err
-}
-
-func tryGetmntent64(stat *Statfs_t) (err error) {
- var mnt_ent_buffer struct {
- header W_Mnth
- filesys_info [64]W_Mntent
- }
- var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
- fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
- if err != nil {
- return err
- }
- err = ERANGE //return ERANGE if no match is found in this batch
- for i := 0; i < fs_count; i++ {
- if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
- stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
- err = nil
- break
- }
- }
- return err
-}
-
-func tryGetmntent128(stat *Statfs_t) (err error) {
- var mnt_ent_buffer struct {
- header W_Mnth
- filesys_info [128]W_Mntent
- }
- var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
- fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
- if err != nil {
- return err
- }
- err = ERANGE //return ERANGE if no match is found in this batch
- for i := 0; i < fs_count; i++ {
- if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
- stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
- err = nil
- break
- }
- }
- return err
-}
-
-func tryGetmntent256(stat *Statfs_t) (err error) {
- var mnt_ent_buffer struct {
- header W_Mnth
- filesys_info [256]W_Mntent
- }
- var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
- fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
- if err != nil {
- return err
- }
- err = ERANGE //return ERANGE if no match is found in this batch
- for i := 0; i < fs_count; i++ {
- if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
- stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
- err = nil
- break
- }
- }
- return err
-}
-
-func tryGetmntent512(stat *Statfs_t) (err error) {
- var mnt_ent_buffer struct {
- header W_Mnth
- filesys_info [512]W_Mntent
- }
- var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
- fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
- if err != nil {
- return err
- }
- err = ERANGE //return ERANGE if no match is found in this batch
- for i := 0; i < fs_count; i++ {
- if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
- stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
- err = nil
- break
- }
- }
- return err
-}
-
-func tryGetmntent1024(stat *Statfs_t) (err error) {
- var mnt_ent_buffer struct {
- header W_Mnth
- filesys_info [1024]W_Mntent
- }
- var buffer_size int = int(unsafe.Sizeof(mnt_ent_buffer))
- fs_count, err := W_Getmntent((*byte)(unsafe.Pointer(&mnt_ent_buffer)), buffer_size)
- if err != nil {
- return err
- }
- err = ERANGE //return ERANGE if no match is found in this batch
- for i := 0; i < fs_count; i++ {
- if stat.Fsid == uint64(mnt_ent_buffer.filesys_info[i].Dev) {
- stat.Type = uint32(mnt_ent_buffer.filesys_info[i].Fstname[0])
- err = nil
- break
- }
- }
- return err
-}
diff --git a/vendor/golang.org/x/sys/unix/ioctl_linux.go b/vendor/golang.org/x/sys/unix/ioctl_linux.go
index 0d12c0851adf20163670405cb287e59e6233da47..7ca4fa12aa673c6bbdaaac287ea68eb43408ff03 100644
--- a/vendor/golang.org/x/sys/unix/ioctl_linux.go
+++ b/vendor/golang.org/x/sys/unix/ioctl_linux.go
@@ -58,6 +58,102 @@ func IoctlGetEthtoolDrvinfo(fd int, ifname string) (*EthtoolDrvinfo, error) {
return &value, err
}
+// IoctlGetEthtoolTsInfo fetches ethtool timestamping and PHC
+// association for the network device specified by ifname.
+func IoctlGetEthtoolTsInfo(fd int, ifname string) (*EthtoolTsInfo, error) {
+ ifr, err := NewIfreq(ifname)
+ if err != nil {
+ return nil, err
+ }
+
+ value := EthtoolTsInfo{Cmd: ETHTOOL_GET_TS_INFO}
+ ifrd := ifr.withData(unsafe.Pointer(&value))
+
+ err = ioctlIfreqData(fd, SIOCETHTOOL, &ifrd)
+ return &value, err
+}
+
+// IoctlGetHwTstamp retrieves the hardware timestamping configuration
+// for the network device specified by ifname.
+func IoctlGetHwTstamp(fd int, ifname string) (*HwTstampConfig, error) {
+ ifr, err := NewIfreq(ifname)
+ if err != nil {
+ return nil, err
+ }
+
+ value := HwTstampConfig{}
+ ifrd := ifr.withData(unsafe.Pointer(&value))
+
+ err = ioctlIfreqData(fd, SIOCGHWTSTAMP, &ifrd)
+ return &value, err
+}
+
+// IoctlSetHwTstamp updates the hardware timestamping configuration for
+// the network device specified by ifname.
+func IoctlSetHwTstamp(fd int, ifname string, cfg *HwTstampConfig) error {
+ ifr, err := NewIfreq(ifname)
+ if err != nil {
+ return err
+ }
+ ifrd := ifr.withData(unsafe.Pointer(cfg))
+ return ioctlIfreqData(fd, SIOCSHWTSTAMP, &ifrd)
+}
+
+// FdToClockID derives the clock ID from the file descriptor number
+// - see clock_gettime(3), FD_TO_CLOCKID macros. The resulting ID is
+// suitable for system calls like ClockGettime.
+func FdToClockID(fd int) int32 { return int32((int(^fd) << 3) | 3) }
+
+// IoctlPtpClockGetcaps returns the description of a given PTP device.
+func IoctlPtpClockGetcaps(fd int) (*PtpClockCaps, error) {
+ var value PtpClockCaps
+ err := ioctlPtr(fd, PTP_CLOCK_GETCAPS2, unsafe.Pointer(&value))
+ return &value, err
+}
+
+// IoctlPtpSysOffsetPrecise returns a description of the clock
+// offset compared to the system clock.
+func IoctlPtpSysOffsetPrecise(fd int) (*PtpSysOffsetPrecise, error) {
+ var value PtpSysOffsetPrecise
+ err := ioctlPtr(fd, PTP_SYS_OFFSET_PRECISE2, unsafe.Pointer(&value))
+ return &value, err
+}
+
+// IoctlPtpSysOffsetExtended returns an extended description of the
+// clock offset compared to the system clock. The samples parameter
+// specifies the desired number of measurements.
+func IoctlPtpSysOffsetExtended(fd int, samples uint) (*PtpSysOffsetExtended, error) {
+ value := PtpSysOffsetExtended{Samples: uint32(samples)}
+ err := ioctlPtr(fd, PTP_SYS_OFFSET_EXTENDED2, unsafe.Pointer(&value))
+ return &value, err
+}
+
+// IoctlPtpPinGetfunc returns the configuration of the specified
+// I/O pin on given PTP device.
+func IoctlPtpPinGetfunc(fd int, index uint) (*PtpPinDesc, error) {
+ value := PtpPinDesc{Index: uint32(index)}
+ err := ioctlPtr(fd, PTP_PIN_GETFUNC2, unsafe.Pointer(&value))
+ return &value, err
+}
+
+// IoctlPtpPinSetfunc updates configuration of the specified PTP
+// I/O pin.
+func IoctlPtpPinSetfunc(fd int, pd *PtpPinDesc) error {
+ return ioctlPtr(fd, PTP_PIN_SETFUNC2, unsafe.Pointer(pd))
+}
+
+// IoctlPtpPeroutRequest configures the periodic output mode of the
+// PTP I/O pins.
+func IoctlPtpPeroutRequest(fd int, r *PtpPeroutRequest) error {
+ return ioctlPtr(fd, PTP_PEROUT_REQUEST2, unsafe.Pointer(r))
+}
+
+// IoctlPtpExttsRequest configures the external timestamping mode
+// of the PTP I/O pins.
+func IoctlPtpExttsRequest(fd int, r *PtpExttsRequest) error {
+ return ioctlPtr(fd, PTP_EXTTS_REQUEST2, unsafe.Pointer(r))
+}
+
// IoctlGetWatchdogInfo fetches information about a watchdog device from the
// Linux watchdog API. For more information, see:
// https://www.kernel.org/doc/html/latest/watchdog/watchdog-api.html.
@@ -231,3 +327,8 @@ func IoctlLoopGetStatus64(fd int) (*LoopInfo64, error) {
func IoctlLoopSetStatus64(fd int, value *LoopInfo64) error {
return ioctlPtr(fd, LOOP_SET_STATUS64, unsafe.Pointer(value))
}
+
+// IoctlLoopConfigure configures all loop device parameters in a single step
+func IoctlLoopConfigure(fd int, value *LoopConfig) error {
+ return ioctlPtr(fd, LOOP_CONFIGURE, unsafe.Pointer(value))
+}
diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh
index cbe24150a7a8ab6c1935736886ab9022c7961ca1..6ab02b6c3122afd5e2ea1a7cf7f31a43342746fb 100644
--- a/vendor/golang.org/x/sys/unix/mkerrors.sh
+++ b/vendor/golang.org/x/sys/unix/mkerrors.sh
@@ -58,6 +58,7 @@ includes_Darwin='
#define _DARWIN_USE_64_BIT_INODE
#define __APPLE_USE_RFC_3542
#include <stdint.h>
+#include <sys/stdio.h>
#include <sys/attr.h>
#include <sys/clonefile.h>
#include <sys/kern_control.h>
@@ -157,6 +158,16 @@ includes_Linux='
#endif
#define _GNU_SOURCE
+// See the description in unix/linux/types.go
+#if defined(__ARM_EABI__) || \
+ (defined(__mips__) && (_MIPS_SIM == _ABIO32)) || \
+ (defined(__powerpc__) && (!defined(__powerpc64__)))
+# ifdef _TIME_BITS
+# undef _TIME_BITS
+# endif
+# define _TIME_BITS 32
+#endif
+
// <sys/ioctl.h> is broken on powerpc64, as it fails to include definitions of
// these structures. We just include them copied from <bits/termios.h>.
#if defined(__powerpc__)
@@ -248,12 +259,14 @@ struct ltchars {
#include <linux/module.h>
#include <linux/mount.h>
#include <linux/netfilter/nfnetlink.h>
+#include <linux/netfilter/nf_tables.h>
#include <linux/netlink.h>
#include <linux/net_namespace.h>
#include <linux/nfc.h>
#include <linux/nsfs.h>
#include <linux/perf_event.h>
#include <linux/pps.h>
+#include <linux/ptp_clock.h>
#include <linux/ptrace.h>
#include <linux/random.h>
#include <linux/reboot.h>
@@ -262,6 +275,7 @@ struct ltchars {
#include <linux/sched.h>
#include <linux/seccomp.h>
#include <linux/serial.h>
+#include <linux/sock_diag.h>
#include <linux/sockios.h>
#include <linux/taskstats.h>
#include <linux/tipc.h>
@@ -283,10 +297,6 @@ struct ltchars {
#include <asm/termbits.h>
#endif
-#ifndef MSG_FASTOPEN
-#define MSG_FASTOPEN 0x20000000
-#endif
-
#ifndef PTRACE_GETREGS
#define PTRACE_GETREGS 0xc
#endif
@@ -295,14 +305,6 @@ struct ltchars {
#define PTRACE_SETREGS 0xd
#endif
-#ifndef SOL_NETLINK
-#define SOL_NETLINK 270
-#endif
-
-#ifndef SOL_SMC
-#define SOL_SMC 286
-#endif
-
#ifdef SOL_BLUETOOTH
// SPARC includes this in /usr/include/sparc64-linux-gnu/bits/socket.h
// but it is already in bluetooth_linux.go
@@ -319,10 +321,23 @@ struct ltchars {
#undef TIPC_WAIT_FOREVER
#define TIPC_WAIT_FOREVER 0xffffffff
-// Copied from linux/l2tp.h
-// Including linux/l2tp.h here causes conflicts between linux/in.h
-// and netinet/in.h included via net/route.h above.
-#define IPPROTO_L2TP 115
+// Copied from linux/netfilter/nf_nat.h
+// Including linux/netfilter/nf_nat.h here causes conflicts between linux/in.h
+// and netinet/in.h.
+#define NF_NAT_RANGE_MAP_IPS (1 << 0)
+#define NF_NAT_RANGE_PROTO_SPECIFIED (1 << 1)
+#define NF_NAT_RANGE_PROTO_RANDOM (1 << 2)
+#define NF_NAT_RANGE_PERSISTENT (1 << 3)
+#define NF_NAT_RANGE_PROTO_RANDOM_FULLY (1 << 4)
+#define NF_NAT_RANGE_PROTO_OFFSET (1 << 5)
+#define NF_NAT_RANGE_NETMAP (1 << 6)
+#define NF_NAT_RANGE_PROTO_RANDOM_ALL \
+ (NF_NAT_RANGE_PROTO_RANDOM | NF_NAT_RANGE_PROTO_RANDOM_FULLY)
+#define NF_NAT_RANGE_MASK \
+ (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED | \
+ NF_NAT_RANGE_PROTO_RANDOM | NF_NAT_RANGE_PERSISTENT | \
+ NF_NAT_RANGE_PROTO_RANDOM_FULLY | NF_NAT_RANGE_PROTO_OFFSET | \
+ NF_NAT_RANGE_NETMAP)
// Copied from linux/hid.h.
// Keep in sync with the size of the referenced fields.
@@ -519,9 +534,11 @@ ccflags="$@"
$2 ~ /^LOCK_(SH|EX|NB|UN)$/ ||
$2 ~ /^LO_(KEY|NAME)_SIZE$/ ||
$2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ ||
+ $2 == "LOOP_CONFIGURE" ||
$2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MREMAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ ||
$2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ ||
$2 ~ /^NFC_.*_(MAX)?SIZE$/ ||
+ $2 ~ /^PTP_/ ||
$2 ~ /^RAW_PAYLOAD_/ ||
$2 ~ /^[US]F_/ ||
$2 ~ /^TP_STATUS_/ ||
@@ -546,6 +563,8 @@ ccflags="$@"
$2 !~ "NLA_TYPE_MASK" &&
$2 !~ /^RTC_VL_(ACCURACY|BACKUP|DATA)/ &&
$2 ~ /^(NETLINK|NLM|NLMSG|NLA|IFA|IFAN|RT|RTC|RTCF|RTN|RTPROT|RTNH|ARPHRD|ETH_P|NETNSA)_/ ||
+ $2 ~ /^SOCK_|SK_DIAG_|SKNLGRP_$/ ||
+ $2 ~ /^(CONNECT|SAE)_/ ||
$2 ~ /^FIORDCHK$/ ||
$2 ~ /^SIOC/ ||
$2 ~ /^TIOC/ ||
@@ -560,7 +579,7 @@ ccflags="$@"
$2 ~ /^RLIMIT_(AS|CORE|CPU|DATA|FSIZE|LOCKS|MEMLOCK|MSGQUEUE|NICE|NOFILE|NPROC|RSS|RTPRIO|RTTIME|SIGPENDING|STACK)|RLIM_INFINITY/ ||
$2 ~ /^PRIO_(PROCESS|PGRP|USER)/ ||
$2 ~ /^CLONE_[A-Z_]+/ ||
- $2 !~ /^(BPF_TIMEVAL|BPF_FIB_LOOKUP_[A-Z]+)$/ &&
+ $2 !~ /^(BPF_TIMEVAL|BPF_FIB_LOOKUP_[A-Z]+|BPF_F_LINK)$/ &&
$2 ~ /^(BPF|DLT)_/ ||
$2 ~ /^AUDIT_/ ||
$2 ~ /^(CLOCK|TIMER)_/ ||
@@ -581,7 +600,7 @@ ccflags="$@"
$2 ~ /^KEY_(SPEC|REQKEY_DEFL)_/ ||
$2 ~ /^KEYCTL_/ ||
$2 ~ /^PERF_/ ||
- $2 ~ /^SECCOMP_MODE_/ ||
+ $2 ~ /^SECCOMP_/ ||
$2 ~ /^SEEK_/ ||
$2 ~ /^SCHED_/ ||
$2 ~ /^SPLICE_/ ||
@@ -602,6 +621,9 @@ ccflags="$@"
$2 ~ /^FSOPT_/ ||
$2 ~ /^WDIO[CFS]_/ ||
$2 ~ /^NFN/ ||
+ $2 !~ /^NFT_META_IIFTYPE/ &&
+ $2 ~ /^NFT_/ ||
+ $2 ~ /^NF_NAT_/ ||
$2 ~ /^XDP_/ ||
$2 ~ /^RWF_/ ||
$2 ~ /^(HDIO|WIN|SMART)_/ ||
@@ -646,7 +668,7 @@ errors=$(
signals=$(
echo '#include <signal.h>' | $CC -x c - -E -dM $ccflags |
awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print $2 }' |
- grep -v 'SIGSTKSIZE\|SIGSTKSZ\|SIGRT\|SIGMAX64' |
+ grep -E -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT|SIGMAX64)' |
sort
)
@@ -656,7 +678,7 @@ echo '#include <errno.h>' | $CC -x c - -E -dM $ccflags |
sort >_error.grep
echo '#include <signal.h>' | $CC -x c - -E -dM $ccflags |
awk '$1=="#define" && $2 ~ /^SIG[A-Z0-9]+$/ { print "^\t" $2 "[ \t]*=" }' |
- grep -v 'SIGSTKSIZE\|SIGSTKSZ\|SIGRT\|SIGMAX64' |
+ grep -E -v '(SIGSTKSIZE|SIGSTKSZ|SIGRT|SIGMAX64)' |
sort >_signal.grep
echo '// mkerrors.sh' "$@"
diff --git a/vendor/golang.org/x/sys/unix/mmap_nomremap.go b/vendor/golang.org/x/sys/unix/mmap_nomremap.go
index 4b68e59780a2352b61dd88a7cb2b567264b247e9..7f602ffd26d4fae392377a8fe27fb6ca41aaa825 100644
--- a/vendor/golang.org/x/sys/unix/mmap_nomremap.go
+++ b/vendor/golang.org/x/sys/unix/mmap_nomremap.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build aix || darwin || dragonfly || freebsd || openbsd || solaris
+//go:build aix || darwin || dragonfly || freebsd || openbsd || solaris || zos
package unix
diff --git a/vendor/golang.org/x/sys/unix/mremap.go b/vendor/golang.org/x/sys/unix/mremap.go
index fd45fe529da517e2ebd898a823534034936687bb..3a5e776f895aae7aa0cf30d25e515705080090b6 100644
--- a/vendor/golang.org/x/sys/unix/mremap.go
+++ b/vendor/golang.org/x/sys/unix/mremap.go
@@ -50,3 +50,8 @@ func (m *mremapMmapper) Mremap(oldData []byte, newLength int, flags int) (data [
func Mremap(oldData []byte, newLength int, flags int) (data []byte, err error) {
return mapper.Mremap(oldData, newLength, flags)
}
+
+func MremapPtr(oldAddr unsafe.Pointer, oldSize uintptr, newAddr unsafe.Pointer, newSize uintptr, flags int) (ret unsafe.Pointer, err error) {
+ xaddr, err := mapper.mremap(uintptr(oldAddr), oldSize, newSize, flags, uintptr(newAddr))
+ return unsafe.Pointer(xaddr), err
+}
diff --git a/vendor/golang.org/x/sys/unix/pagesize_unix.go b/vendor/golang.org/x/sys/unix/pagesize_unix.go
index 4d0a3430edc5e26ff147fcbfc070a9e250367e4d..0482408d7c6c1b87d40d63ec4beae305b9c804ca 100644
--- a/vendor/golang.org/x/sys/unix/pagesize_unix.go
+++ b/vendor/golang.org/x/sys/unix/pagesize_unix.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
// For Unix, get the pagesize from the runtime.
diff --git a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
index 130398b6b767ef2693d80517ec33a1568d625d92..b903c00604b99ca03e350d62447e91aa7f3d4606 100644
--- a/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
+++ b/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build darwin
+//go:build darwin || zos
package unix
diff --git a/vendor/golang.org/x/sys/unix/sockcmsg_zos.go b/vendor/golang.org/x/sys/unix/sockcmsg_zos.go
new file mode 100644
index 0000000000000000000000000000000000000000..3e53dbc0286d094111e40065e21059dc543fd00e
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/sockcmsg_zos.go
@@ -0,0 +1,58 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Socket control messages
+
+package unix
+
+import "unsafe"
+
+// UnixCredentials encodes credentials into a socket control message
+// for sending to another process. This can be used for
+// authentication.
+func UnixCredentials(ucred *Ucred) []byte {
+ b := make([]byte, CmsgSpace(SizeofUcred))
+ h := (*Cmsghdr)(unsafe.Pointer(&b[0]))
+ h.Level = SOL_SOCKET
+ h.Type = SCM_CREDENTIALS
+ h.SetLen(CmsgLen(SizeofUcred))
+ *(*Ucred)(h.data(0)) = *ucred
+ return b
+}
+
+// ParseUnixCredentials decodes a socket control message that contains
+// credentials in a Ucred structure. To receive such a message, the
+// SO_PASSCRED option must be enabled on the socket.
+func ParseUnixCredentials(m *SocketControlMessage) (*Ucred, error) {
+ if m.Header.Level != SOL_SOCKET {
+ return nil, EINVAL
+ }
+ if m.Header.Type != SCM_CREDENTIALS {
+ return nil, EINVAL
+ }
+ ucred := *(*Ucred)(unsafe.Pointer(&m.Data[0]))
+ return &ucred, nil
+}
+
+// PktInfo4 encodes Inet4Pktinfo into a socket control message of type IP_PKTINFO.
+func PktInfo4(info *Inet4Pktinfo) []byte {
+ b := make([]byte, CmsgSpace(SizeofInet4Pktinfo))
+ h := (*Cmsghdr)(unsafe.Pointer(&b[0]))
+ h.Level = SOL_IP
+ h.Type = IP_PKTINFO
+ h.SetLen(CmsgLen(SizeofInet4Pktinfo))
+ *(*Inet4Pktinfo)(h.data(0)) = *info
+ return b
+}
+
+// PktInfo6 encodes Inet6Pktinfo into a socket control message of type IPV6_PKTINFO.
+func PktInfo6(info *Inet6Pktinfo) []byte {
+ b := make([]byte, CmsgSpace(SizeofInet6Pktinfo))
+ h := (*Cmsghdr)(unsafe.Pointer(&b[0]))
+ h.Level = SOL_IPV6
+ h.Type = IPV6_PKTINFO
+ h.SetLen(CmsgLen(SizeofInet6Pktinfo))
+ *(*Inet6Pktinfo)(h.data(0)) = *info
+ return b
+}
diff --git a/vendor/golang.org/x/sys/unix/symaddr_zos_s390x.s b/vendor/golang.org/x/sys/unix/symaddr_zos_s390x.s
new file mode 100644
index 0000000000000000000000000000000000000000..3c4f33cb6a8022b36872915657d30ea552aa3540
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/symaddr_zos_s390x.s
@@ -0,0 +1,75 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build zos && s390x && gc
+
+#include "textflag.h"
+
+// provide the address of function variable to be fixed up.
+
+TEXT ·getPipe2Addr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Pipe2(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+TEXT ·get_FlockAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Flock(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+TEXT ·get_GetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Getxattr(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+TEXT ·get_NanosleepAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Nanosleep(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+TEXT ·get_SetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Setxattr(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+TEXT ·get_Wait4Addr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Wait4(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+TEXT ·get_MountAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Mount(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+TEXT ·get_UnmountAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Unmount(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+TEXT ·get_UtimesNanoAtAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·UtimesNanoAt(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+TEXT ·get_UtimesNanoAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·UtimesNano(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+TEXT ·get_MkfifoatAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Mkfifoat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+TEXT ·get_ChtagAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Chtag(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+TEXT ·get_ReadlinkatAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Readlinkat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
diff --git a/vendor/golang.org/x/sys/unix/syscall_aix.go b/vendor/golang.org/x/sys/unix/syscall_aix.go
index 67ce6cef2d5c4990629b90eb43d888b90612d671..6f15ba1eaff6571878742b4d058e084f30afa6f2 100644
--- a/vendor/golang.org/x/sys/unix/syscall_aix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_aix.go
@@ -360,7 +360,7 @@ func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int,
var status _C_int
var r Pid_t
err = ERESTART
- // AIX wait4 may return with ERESTART errno, while the processus is still
+ // AIX wait4 may return with ERESTART errno, while the process is still
// active.
for err == ERESTART {
r, err = wait4(Pid_t(pid), &status, options, rusage)
diff --git a/vendor/golang.org/x/sys/unix/syscall_bsd.go b/vendor/golang.org/x/sys/unix/syscall_bsd.go
index 6f328e3a5541791d337ba83d0e108a25ce59cc5a..a00c3e5450b3f235ed1655de3858cecf315b070c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_bsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_bsd.go
@@ -316,7 +316,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
if err != nil {
return "", err
}
- return string(buf[:vallen-1]), nil
+ return ByteSliceToString(buf[:vallen]), nil
}
//sys recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go
index 59542a897d236606075760f33aa41563d692280b..099867deedec638201fadb9eb6241893e8761dc3 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go
@@ -402,6 +402,18 @@ func IoctlSetIfreqMTU(fd int, ifreq *IfreqMTU) error {
return ioctlPtr(fd, SIOCSIFMTU, unsafe.Pointer(ifreq))
}
+//sys renamexNp(from string, to string, flag uint32) (err error)
+
+func RenamexNp(from string, to string, flag uint32) (err error) {
+ return renamexNp(from, to, flag)
+}
+
+//sys renameatxNp(fromfd int, from string, tofd int, to string, flag uint32) (err error)
+
+func RenameatxNp(fromfd int, from string, tofd int, to string, flag uint32) (err error) {
+ return renameatxNp(fromfd, from, tofd, to, flag)
+}
+
//sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS_SYSCTL
func Uname(uname *Utsname) error {
@@ -542,6 +554,55 @@ func SysctlKinfoProcSlice(name string, args ...int) ([]KinfoProc, error) {
}
}
+//sys pthread_chdir_np(path string) (err error)
+
+func PthreadChdir(path string) (err error) {
+ return pthread_chdir_np(path)
+}
+
+//sys pthread_fchdir_np(fd int) (err error)
+
+func PthreadFchdir(fd int) (err error) {
+ return pthread_fchdir_np(fd)
+}
+
+// Connectx calls connectx(2) to initiate a connection on a socket.
+//
+// srcIf, srcAddr, and dstAddr are filled into a [SaEndpoints] struct and passed as the endpoints argument.
+//
+// - srcIf is the optional source interface index. 0 means unspecified.
+// - srcAddr is the optional source address. nil means unspecified.
+// - dstAddr is the destination address.
+//
+// On success, Connectx returns the number of bytes enqueued for transmission.
+func Connectx(fd int, srcIf uint32, srcAddr, dstAddr Sockaddr, associd SaeAssocID, flags uint32, iov []Iovec, connid *SaeConnID) (n uintptr, err error) {
+ endpoints := SaEndpoints{
+ Srcif: srcIf,
+ }
+
+ if srcAddr != nil {
+ addrp, addrlen, err := srcAddr.sockaddr()
+ if err != nil {
+ return 0, err
+ }
+ endpoints.Srcaddr = (*RawSockaddr)(addrp)
+ endpoints.Srcaddrlen = uint32(addrlen)
+ }
+
+ if dstAddr != nil {
+ addrp, addrlen, err := dstAddr.sockaddr()
+ if err != nil {
+ return 0, err
+ }
+ endpoints.Dstaddr = (*RawSockaddr)(addrp)
+ endpoints.Dstaddrlen = uint32(addrlen)
+ }
+
+ err = connectx(fd, &endpoints, associd, flags, iov, &n, connid)
+ return
+}
+
+//sys connectx(fd int, endpoints *SaEndpoints, associd SaeAssocID, flags uint32, iov []Iovec, n *uintptr, connid *SaeConnID) (err error)
//sys sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error)
//sys shmat(id int, addr uintptr, flag int) (ret uintptr, err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
index 16dc6993799ffc36e481d50accbf25eb8092f086..2f0fa76e4f65b17d55eba7a6996a43c73f3d3253 100644
--- a/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
+++ b/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build darwin && go1.12
+//go:build darwin
package unix
diff --git a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
index 97cb916f2c90ef178ea7d14f319ff73360ef2210..be8c0020701ee4ccbc415fb16e00108033093c5b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
+++ b/vendor/golang.org/x/sys/unix/syscall_dragonfly.go
@@ -246,6 +246,18 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
return sendfile(outfd, infd, offset, count)
}
+func Dup3(oldfd, newfd, flags int) error {
+ if oldfd == newfd || flags&^O_CLOEXEC != 0 {
+ return EINVAL
+ }
+ how := F_DUP2FD
+ if flags&O_CLOEXEC != 0 {
+ how = F_DUP2FD_CLOEXEC
+ }
+ _, err := fcntl(oldfd, how, newfd)
+ return err
+}
+
/*
* Exposed directly
*/
diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd.go b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
index 64d1bb4dba587e0ab140a1e8e548139365b51ef4..2b57e0f73bb8e74b37bbb1a9a641d5aea4ac81f1 100644
--- a/vendor/golang.org/x/sys/unix/syscall_freebsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_freebsd.go
@@ -13,6 +13,7 @@
package unix
import (
+ "errors"
"sync"
"unsafe"
)
@@ -169,25 +170,26 @@ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
func Uname(uname *Utsname) error {
mib := []_C_int{CTL_KERN, KERN_OSTYPE}
n := unsafe.Sizeof(uname.Sysname)
- if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil {
+ // Suppress ENOMEM errors to be compatible with the C library __xuname() implementation.
+ if err := sysctl(mib, &uname.Sysname[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
return err
}
mib = []_C_int{CTL_KERN, KERN_HOSTNAME}
n = unsafe.Sizeof(uname.Nodename)
- if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil {
+ if err := sysctl(mib, &uname.Nodename[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
return err
}
mib = []_C_int{CTL_KERN, KERN_OSRELEASE}
n = unsafe.Sizeof(uname.Release)
- if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil {
+ if err := sysctl(mib, &uname.Release[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
return err
}
mib = []_C_int{CTL_KERN, KERN_VERSION}
n = unsafe.Sizeof(uname.Version)
- if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil {
+ if err := sysctl(mib, &uname.Version[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
return err
}
@@ -205,7 +207,7 @@ func Uname(uname *Utsname) error {
mib = []_C_int{CTL_HW, HW_MACHINE}
n = unsafe.Sizeof(uname.Machine)
- if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil {
+ if err := sysctl(mib, &uname.Machine[0], &n, nil, 0); err != nil && !errors.Is(err, ENOMEM) {
return err
}
diff --git a/vendor/golang.org/x/sys/unix/syscall_hurd.go b/vendor/golang.org/x/sys/unix/syscall_hurd.go
index ba46651f8e38a4aaddbbfc5c3f1de1d006af109e..a6a2d2fc2b90c5c8f0efdb88bb72bc8997400ad9 100644
--- a/vendor/golang.org/x/sys/unix/syscall_hurd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_hurd.go
@@ -11,6 +11,7 @@ package unix
int ioctl(int, unsigned long int, uintptr_t);
*/
import "C"
+import "unsafe"
func ioctl(fd int, req uint, arg uintptr) (err error) {
r0, er := C.ioctl(C.int(fd), C.ulong(req), C.uintptr_t(arg))
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go
index a5e1c10e341b44eddae3ba2583dbed7eef0479cf..230a94549a7a278527848109714e2e3285888732 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux.go
@@ -61,15 +61,23 @@ func FanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname string) (
}
//sys fchmodat(dirfd int, path string, mode uint32) (err error)
-
-func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
- // Linux fchmodat doesn't support the flags parameter. Mimick glibc's behavior
- // and check the flags. Otherwise the mode would be applied to the symlink
- // destination which is not what the user expects.
- if flags&^AT_SYMLINK_NOFOLLOW != 0 {
- return EINVAL
- } else if flags&AT_SYMLINK_NOFOLLOW != 0 {
- return EOPNOTSUPP
+//sys fchmodat2(dirfd int, path string, mode uint32, flags int) (err error)
+
+func Fchmodat(dirfd int, path string, mode uint32, flags int) error {
+ // Linux fchmodat doesn't support the flags parameter, but fchmodat2 does.
+ // Try fchmodat2 if flags are specified.
+ if flags != 0 {
+ err := fchmodat2(dirfd, path, mode, flags)
+ if err == ENOSYS {
+ // fchmodat2 isn't available. If the flags are known to be valid,
+ // return EOPNOTSUPP to indicate that fchmodat doesn't support them.
+ if flags&^(AT_SYMLINK_NOFOLLOW|AT_EMPTY_PATH) != 0 {
+ return EINVAL
+ } else if flags&(AT_SYMLINK_NOFOLLOW|AT_EMPTY_PATH) != 0 {
+ return EOPNOTSUPP
+ }
+ }
+ return err
}
return fchmodat(dirfd, path, mode)
}
@@ -1287,6 +1295,48 @@ func GetsockoptTCPInfo(fd, level, opt int) (*TCPInfo, error) {
return &value, err
}
+// GetsockoptTCPCCVegasInfo returns algorithm specific congestion control information for a socket using the "vegas"
+// algorithm.
+//
+// The socket's congestion control algorighm can be retrieved via [GetsockoptString] with the [TCP_CONGESTION] option:
+//
+// algo, err := unix.GetsockoptString(fd, unix.IPPROTO_TCP, unix.TCP_CONGESTION)
+func GetsockoptTCPCCVegasInfo(fd, level, opt int) (*TCPVegasInfo, error) {
+ var value [SizeofTCPCCInfo / 4]uint32 // ensure proper alignment
+ vallen := _Socklen(SizeofTCPCCInfo)
+ err := getsockopt(fd, level, opt, unsafe.Pointer(&value[0]), &vallen)
+ out := (*TCPVegasInfo)(unsafe.Pointer(&value[0]))
+ return out, err
+}
+
+// GetsockoptTCPCCDCTCPInfo returns algorithm specific congestion control information for a socket using the "dctp"
+// algorithm.
+//
+// The socket's congestion control algorighm can be retrieved via [GetsockoptString] with the [TCP_CONGESTION] option:
+//
+// algo, err := unix.GetsockoptString(fd, unix.IPPROTO_TCP, unix.TCP_CONGESTION)
+func GetsockoptTCPCCDCTCPInfo(fd, level, opt int) (*TCPDCTCPInfo, error) {
+ var value [SizeofTCPCCInfo / 4]uint32 // ensure proper alignment
+ vallen := _Socklen(SizeofTCPCCInfo)
+ err := getsockopt(fd, level, opt, unsafe.Pointer(&value[0]), &vallen)
+ out := (*TCPDCTCPInfo)(unsafe.Pointer(&value[0]))
+ return out, err
+}
+
+// GetsockoptTCPCCBBRInfo returns algorithm specific congestion control information for a socket using the "bbr"
+// algorithm.
+//
+// The socket's congestion control algorighm can be retrieved via [GetsockoptString] with the [TCP_CONGESTION] option:
+//
+// algo, err := unix.GetsockoptString(fd, unix.IPPROTO_TCP, unix.TCP_CONGESTION)
+func GetsockoptTCPCCBBRInfo(fd, level, opt int) (*TCPBBRInfo, error) {
+ var value [SizeofTCPCCInfo / 4]uint32 // ensure proper alignment
+ vallen := _Socklen(SizeofTCPCCInfo)
+ err := getsockopt(fd, level, opt, unsafe.Pointer(&value[0]), &vallen)
+ out := (*TCPBBRInfo)(unsafe.Pointer(&value[0]))
+ return out, err
+}
+
// GetsockoptString returns the string value of the socket option opt for the
// socket associated with fd at the given socket level.
func GetsockoptString(fd, level, opt int) (string, error) {
@@ -1302,7 +1352,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
return "", err
}
}
- return string(buf[:vallen-1]), nil
+ return ByteSliceToString(buf[:vallen]), nil
}
func GetsockoptTpacketStats(fd, level, opt int) (*TpacketStats, error) {
@@ -1810,6 +1860,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
//sys ClockAdjtime(clockid int32, buf *Timex) (state int, err error)
//sys ClockGetres(clockid int32, res *Timespec) (err error)
//sys ClockGettime(clockid int32, time *Timespec) (err error)
+//sys ClockSettime(clockid int32, time *Timespec) (err error)
//sys ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error)
//sys Close(fd int) (err error)
//sys CloseRange(first uint, last uint, flags uint) (err error)
@@ -1841,6 +1892,105 @@ func Dup2(oldfd, newfd int) error {
//sys Fsmount(fd int, flags int, mountAttrs int) (fsfd int, err error)
//sys Fsopen(fsName string, flags int) (fd int, err error)
//sys Fspick(dirfd int, pathName string, flags int) (fd int, err error)
+
+//sys fsconfig(fd int, cmd uint, key *byte, value *byte, aux int) (err error)
+
+func fsconfigCommon(fd int, cmd uint, key string, value *byte, aux int) (err error) {
+ var keyp *byte
+ if keyp, err = BytePtrFromString(key); err != nil {
+ return
+ }
+ return fsconfig(fd, cmd, keyp, value, aux)
+}
+
+// FsconfigSetFlag is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_FLAG.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+func FsconfigSetFlag(fd int, key string) (err error) {
+ return fsconfigCommon(fd, FSCONFIG_SET_FLAG, key, nil, 0)
+}
+
+// FsconfigSetString is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_STRING.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+// value is the parameter value to set.
+func FsconfigSetString(fd int, key string, value string) (err error) {
+ var valuep *byte
+ if valuep, err = BytePtrFromString(value); err != nil {
+ return
+ }
+ return fsconfigCommon(fd, FSCONFIG_SET_STRING, key, valuep, 0)
+}
+
+// FsconfigSetBinary is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_BINARY.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+// value is the parameter value to set.
+func FsconfigSetBinary(fd int, key string, value []byte) (err error) {
+ if len(value) == 0 {
+ return EINVAL
+ }
+ return fsconfigCommon(fd, FSCONFIG_SET_BINARY, key, &value[0], len(value))
+}
+
+// FsconfigSetPath is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_PATH.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+// path is a non-empty path for specified key.
+// atfd is a file descriptor at which to start lookup from or AT_FDCWD.
+func FsconfigSetPath(fd int, key string, path string, atfd int) (err error) {
+ var valuep *byte
+ if valuep, err = BytePtrFromString(path); err != nil {
+ return
+ }
+ return fsconfigCommon(fd, FSCONFIG_SET_PATH, key, valuep, atfd)
+}
+
+// FsconfigSetPathEmpty is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_PATH_EMPTY. The same as
+// FconfigSetPath but with AT_PATH_EMPTY implied.
+func FsconfigSetPathEmpty(fd int, key string, path string, atfd int) (err error) {
+ var valuep *byte
+ if valuep, err = BytePtrFromString(path); err != nil {
+ return
+ }
+ return fsconfigCommon(fd, FSCONFIG_SET_PATH_EMPTY, key, valuep, atfd)
+}
+
+// FsconfigSetFd is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_SET_FD.
+//
+// fd is the filesystem context to act upon.
+// key the parameter key to set.
+// value is a file descriptor to be assigned to specified key.
+func FsconfigSetFd(fd int, key string, value int) (err error) {
+ return fsconfigCommon(fd, FSCONFIG_SET_FD, key, nil, value)
+}
+
+// FsconfigCreate is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_CMD_CREATE.
+//
+// fd is the filesystem context to act upon.
+func FsconfigCreate(fd int) (err error) {
+ return fsconfig(fd, FSCONFIG_CMD_CREATE, nil, nil, 0)
+}
+
+// FsconfigReconfigure is equivalent to fsconfig(2) called
+// with cmd == FSCONFIG_CMD_RECONFIGURE.
+//
+// fd is the filesystem context to act upon.
+func FsconfigReconfigure(fd int) (err error) {
+ return fsconfig(fd, FSCONFIG_CMD_RECONFIGURE, nil, nil, 0)
+}
+
//sys Getdents(fd int, buf []byte) (n int, err error) = SYS_GETDENTS64
//sysnb Getpgid(pid int) (pgid int, err error)
@@ -1852,7 +2002,26 @@ func Getpgrp() (pid int) {
//sysnb Getpid() (pid int)
//sysnb Getppid() (ppid int)
//sys Getpriority(which int, who int) (prio int, err error)
-//sys Getrandom(buf []byte, flags int) (n int, err error)
+
+func Getrandom(buf []byte, flags int) (n int, err error) {
+ vdsoRet, supported := vgetrandom(buf, uint32(flags))
+ if supported {
+ if vdsoRet < 0 {
+ return 0, errnoErr(syscall.Errno(-vdsoRet))
+ }
+ return vdsoRet, nil
+ }
+ var p *byte
+ if len(buf) > 0 {
+ p = &buf[0]
+ }
+ r, _, e := Syscall(SYS_GETRANDOM, uintptr(unsafe.Pointer(p)), uintptr(len(buf)), uintptr(flags))
+ if e != 0 {
+ return 0, errnoErr(e)
+ }
+ return int(r), nil
+}
+
//sysnb Getrusage(who int, rusage *Rusage) (err error)
//sysnb Getsid(pid int) (sid int, err error)
//sysnb Gettid() (tid int)
@@ -2485,3 +2654,4 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) {
}
//sys Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error)
+//sys Mseal(b []byte, flags uint) (err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
index cf2ee6c75ef3d3905f8a6575b00500bc246d483d..745e5c7e6c0d5d6cde926549e394f8c541e7371b 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
@@ -182,3 +182,5 @@ func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error
}
return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
}
+
+const SYS_FSTATAT = SYS_NEWFSTATAT
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
index 3d0e98451f8a78933ecf08740b1f6e744f0d627a..dd2262a40799a2cdeb02e40a4526aa8b3533c258 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
@@ -214,3 +214,5 @@ func KexecFileLoad(kernelFd int, initrdFd int, cmdline string, flags int) error
}
return kexecFileLoad(kernelFd, initrdFd, cmdlineLen, cmdline, flags)
}
+
+const SYS_FSTATAT = SYS_NEWFSTATAT
diff --git a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
index 6f5a288944dfe604dd0f33b5b32e5d91b827c3f1..8cf3670bda630e22ea33151e00c3895c72dda69c 100644
--- a/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
@@ -187,3 +187,5 @@ func RISCVHWProbe(pairs []RISCVHWProbePairs, set *CPUSet, flags uint) (err error
}
return riscvHWProbe(pairs, setSize, set, flags)
}
+
+const SYS_FSTATAT = SYS_NEWFSTATAT
diff --git a/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
index d2882ee04f741c8087e3538a6bf247b0ae533358..b86ded549c662a7dbf38cb5382bf9cece1546912 100644
--- a/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+++ b/vendor/golang.org/x/sys/unix/syscall_openbsd.go
@@ -166,6 +166,20 @@ func Getresgid() (rgid, egid, sgid int) {
//sys sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
+//sys fcntl(fd int, cmd int, arg int) (n int, err error)
+//sys fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) = SYS_FCNTL
+
+// FcntlInt performs a fcntl syscall on fd with the provided command and argument.
+func FcntlInt(fd uintptr, cmd, arg int) (int, error) {
+ return fcntl(int(fd), cmd, arg)
+}
+
+// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command.
+func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error {
+ _, err := fcntlPtr(int(fd), cmd, unsafe.Pointer(lk))
+ return err
+}
+
//sys ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error)
func Ppoll(fds []PollFd, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
@@ -279,6 +293,7 @@ func Uname(uname *Utsname) error {
//sys Mkfifoat(dirfd int, path string, mode uint32) (err error)
//sys Mknod(path string, mode uint32, dev int) (err error)
//sys Mknodat(dirfd int, path string, mode uint32, dev int) (err error)
+//sys Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error)
//sys Nanosleep(time *Timespec, leftover *Timespec) (err error)
//sys Open(path string, mode int, perm uint32) (fd int, err error)
//sys Openat(dirfd int, path string, mode int, perm uint32) (fd int, err error)
diff --git a/vendor/golang.org/x/sys/unix/syscall_solaris.go b/vendor/golang.org/x/sys/unix/syscall_solaris.go
index 60c8142d49efd37888f2df1c329044202f9fa14a..21974af064ddc38e765f3543cda0a9ca29aa44aa 100644
--- a/vendor/golang.org/x/sys/unix/syscall_solaris.go
+++ b/vendor/golang.org/x/sys/unix/syscall_solaris.go
@@ -158,7 +158,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
if err != nil {
return "", err
}
- return string(buf[:vallen-1]), nil
+ return ByteSliceToString(buf[:vallen]), nil
}
const ImplementsGetwd = true
diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go
index 77081de8c7de75ac729814dff15aee9a64760c3a..4e92e5aa40628b3a913cbf6f55f9429ef9e7b08e 100644
--- a/vendor/golang.org/x/sys/unix/syscall_unix.go
+++ b/vendor/golang.org/x/sys/unix/syscall_unix.go
@@ -154,6 +154,15 @@ func Munmap(b []byte) (err error) {
return mapper.Munmap(b)
}
+func MmapPtr(fd int, offset int64, addr unsafe.Pointer, length uintptr, prot int, flags int) (ret unsafe.Pointer, err error) {
+ xaddr, err := mapper.mmap(uintptr(addr), length, prot, flags, fd, offset)
+ return unsafe.Pointer(xaddr), err
+}
+
+func MunmapPtr(addr unsafe.Pointer, length uintptr) (err error) {
+ return mapper.munmap(uintptr(addr), length)
+}
+
func Read(fd int, p []byte) (n int, err error) {
n, err = read(fd, p)
if raceenabled {
diff --git a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
index d99d05f1bc14cf13c7d164c34228a52b9fe84a9a..7bf5c04bb0ae0d539b6082d0b5d60f3f4202f74a 100644
--- a/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
@@ -4,11 +4,21 @@
//go:build zos && s390x
+// Many of the following syscalls are not available on all versions of z/OS.
+// Some missing calls have legacy implementations/simulations but others
+// will be missing completely. To achieve consistent failing behaviour on
+// legacy systems, we first test the function pointer via a safeloading
+// mechanism to see if the function exists on a given system. Then execution
+// is branched to either continue the function call, or return an error.
+
package unix
import (
"bytes"
"fmt"
+ "os"
+ "reflect"
+ "regexp"
"runtime"
"sort"
"strings"
@@ -17,17 +27,205 @@ import (
"unsafe"
)
+//go:noescape
+func initZosLibVec()
+
+//go:noescape
+func GetZosLibVec() uintptr
+
+func init() {
+ initZosLibVec()
+ r0, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS_____GETENV_A<<4, uintptr(unsafe.Pointer(&([]byte("__ZOS_XSYSTRACE\x00"))[0])))
+ if r0 != 0 {
+ n, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___ATOI_A<<4, r0)
+ ZosTraceLevel = int(n)
+ r0, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS_____GETENV_A<<4, uintptr(unsafe.Pointer(&([]byte("__ZOS_XSYSTRACEFD\x00"))[0])))
+ if r0 != 0 {
+ fd, _, _ := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___ATOI_A<<4, r0)
+ f := os.NewFile(fd, "zostracefile")
+ if f != nil {
+ ZosTracefile = f
+ }
+ }
+
+ }
+}
+
+//go:noescape
+func CallLeFuncWithErr(funcdesc uintptr, parms ...uintptr) (ret, errno2 uintptr, err Errno)
+
+//go:noescape
+func CallLeFuncWithPtrReturn(funcdesc uintptr, parms ...uintptr) (ret, errno2 uintptr, err Errno)
+
+// -------------------------------
+// pointer validity test
+// good pointer returns 0
+// bad pointer returns 1
+//
+//go:nosplit
+func ptrtest(uintptr) uint64
+
+// Load memory at ptr location with error handling if the location is invalid
+//
+//go:noescape
+func safeload(ptr uintptr) (value uintptr, error uintptr)
+
const (
- O_CLOEXEC = 0 // Dummy value (not supported).
- AF_LOCAL = AF_UNIX // AF_LOCAL is an alias for AF_UNIX
+ entrypointLocationOffset = 8 // From function descriptor
+
+ xplinkEyecatcher = 0x00c300c500c500f1 // ".C.E.E.1"
+ eyecatcherOffset = 16 // From function entrypoint (negative)
+ ppa1LocationOffset = 8 // From function entrypoint (negative)
+
+ nameLenOffset = 0x14 // From PPA1 start
+ nameOffset = 0x16 // From PPA1 start
)
-func syscall_syscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_rawsyscall(trap, a1, a2, a3 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_syscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_rawsyscall6(trap, a1, a2, a3, a4, a5, a6 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_syscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno)
-func syscall_rawsyscall9(trap, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err Errno)
+func getPpaOffset(funcptr uintptr) int64 {
+ entrypoint, err := safeload(funcptr + entrypointLocationOffset)
+ if err != 0 {
+ return -1
+ }
+
+ // XPLink functions have ".C.E.E.1" as the first 8 bytes (EBCDIC)
+ val, err := safeload(entrypoint - eyecatcherOffset)
+ if err != 0 {
+ return -1
+ }
+ if val != xplinkEyecatcher {
+ return -1
+ }
+
+ ppaoff, err := safeload(entrypoint - ppa1LocationOffset)
+ if err != 0 {
+ return -1
+ }
+
+ ppaoff >>= 32
+ return int64(ppaoff)
+}
+
+//-------------------------------
+// function descriptor pointer validity test
+// good pointer returns 0
+// bad pointer returns 1
+
+// TODO: currently mksyscall_zos_s390x.go generate empty string for funcName
+// have correct funcName pass to the funcptrtest function
+func funcptrtest(funcptr uintptr, funcName string) uint64 {
+ entrypoint, err := safeload(funcptr + entrypointLocationOffset)
+ if err != 0 {
+ return 1
+ }
+
+ ppaoff := getPpaOffset(funcptr)
+ if ppaoff == -1 {
+ return 1
+ }
+
+ // PPA1 offset value is from the start of the entire function block, not the entrypoint
+ ppa1 := (entrypoint - eyecatcherOffset) + uintptr(ppaoff)
+
+ nameLen, err := safeload(ppa1 + nameLenOffset)
+ if err != 0 {
+ return 1
+ }
+
+ nameLen >>= 48
+ if nameLen > 128 {
+ return 1
+ }
+
+ // no function name input to argument end here
+ if funcName == "" {
+ return 0
+ }
+
+ var funcname [128]byte
+ for i := 0; i < int(nameLen); i += 8 {
+ v, err := safeload(ppa1 + nameOffset + uintptr(i))
+ if err != 0 {
+ return 1
+ }
+ funcname[i] = byte(v >> 56)
+ funcname[i+1] = byte(v >> 48)
+ funcname[i+2] = byte(v >> 40)
+ funcname[i+3] = byte(v >> 32)
+ funcname[i+4] = byte(v >> 24)
+ funcname[i+5] = byte(v >> 16)
+ funcname[i+6] = byte(v >> 8)
+ funcname[i+7] = byte(v)
+ }
+
+ runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4, // __e2a_l
+ []uintptr{uintptr(unsafe.Pointer(&funcname[0])), nameLen})
+
+ name := string(funcname[:nameLen])
+ if name != funcName {
+ return 1
+ }
+
+ return 0
+}
+
+// For detection of capabilities on a system.
+// Is function descriptor f a valid function?
+func isValidLeFunc(f uintptr) error {
+ ret := funcptrtest(f, "")
+ if ret != 0 {
+ return fmt.Errorf("Bad pointer, not an LE function ")
+ }
+ return nil
+}
+
+// Retrieve function name from descriptor
+func getLeFuncName(f uintptr) (string, error) {
+ // assume it has been checked, only check ppa1 validity here
+ entry := ((*[2]uintptr)(unsafe.Pointer(f)))[1]
+ preamp := ((*[4]uint32)(unsafe.Pointer(entry - eyecatcherOffset)))
+
+ offsetPpa1 := preamp[2]
+ if offsetPpa1 > 0x0ffff {
+ return "", fmt.Errorf("PPA1 offset seems too big 0x%x\n", offsetPpa1)
+ }
+
+ ppa1 := uintptr(unsafe.Pointer(preamp)) + uintptr(offsetPpa1)
+ res := ptrtest(ppa1)
+ if res != 0 {
+ return "", fmt.Errorf("PPA1 address not valid")
+ }
+
+ size := *(*uint16)(unsafe.Pointer(ppa1 + nameLenOffset))
+ if size > 128 {
+ return "", fmt.Errorf("Function name seems too long, length=%d\n", size)
+ }
+
+ var name [128]byte
+ funcname := (*[128]byte)(unsafe.Pointer(ppa1 + nameOffset))
+ copy(name[0:size], funcname[0:size])
+
+ runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4, // __e2a_l
+ []uintptr{uintptr(unsafe.Pointer(&name[0])), uintptr(size)})
+
+ return string(name[:size]), nil
+}
+
+// Check z/OS version
+func zosLeVersion() (version, release uint32) {
+ p1 := (*(*uintptr)(unsafe.Pointer(uintptr(1208)))) >> 32
+ p1 = *(*uintptr)(unsafe.Pointer(uintptr(p1 + 88)))
+ p1 = *(*uintptr)(unsafe.Pointer(uintptr(p1 + 8)))
+ p1 = *(*uintptr)(unsafe.Pointer(uintptr(p1 + 984)))
+ vrm := *(*uint32)(unsafe.Pointer(p1 + 80))
+ version = (vrm & 0x00ff0000) >> 16
+ release = (vrm & 0x0000ff00) >> 8
+ return
+}
+
+// returns a zos C FILE * for stdio fd 0, 1, 2
+func ZosStdioFilep(fd int32) uintptr {
+ return uintptr(*(*uint64)(unsafe.Pointer(uintptr(*(*uint64)(unsafe.Pointer(uintptr(*(*uint64)(unsafe.Pointer(uintptr(uint64(*(*uint32)(unsafe.Pointer(uintptr(1208)))) + 80))) + uint64((fd+2)<<3))))))))
+}
func copyStat(stat *Stat_t, statLE *Stat_LE_t) {
stat.Dev = uint64(statLE.Dev)
@@ -65,6 +263,21 @@ func (d *Dirent) NameString() string {
}
}
+func DecodeData(dest []byte, sz int, val uint64) {
+ for i := 0; i < sz; i++ {
+ dest[sz-1-i] = byte((val >> (uint64(i * 8))) & 0xff)
+ }
+}
+
+func EncodeData(data []byte) uint64 {
+ var value uint64
+ sz := len(data)
+ for i := 0; i < sz; i++ {
+ value |= uint64(data[i]) << uint64(((sz - i - 1) * 8))
+ }
+ return value
+}
+
func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) {
if sa.Port < 0 || sa.Port > 0xFFFF {
return nil, 0, EINVAL
@@ -74,7 +287,9 @@ func (sa *SockaddrInet4) sockaddr() (unsafe.Pointer, _Socklen, error) {
p := (*[2]byte)(unsafe.Pointer(&sa.raw.Port))
p[0] = byte(sa.Port >> 8)
p[1] = byte(sa.Port)
- sa.raw.Addr = sa.Addr
+ for i := 0; i < len(sa.Addr); i++ {
+ sa.raw.Addr[i] = sa.Addr[i]
+ }
return unsafe.Pointer(&sa.raw), _Socklen(sa.raw.Len), nil
}
@@ -88,7 +303,9 @@ func (sa *SockaddrInet6) sockaddr() (unsafe.Pointer, _Socklen, error) {
p[0] = byte(sa.Port >> 8)
p[1] = byte(sa.Port)
sa.raw.Scope_id = sa.ZoneId
- sa.raw.Addr = sa.Addr
+ for i := 0; i < len(sa.Addr); i++ {
+ sa.raw.Addr[i] = sa.Addr[i]
+ }
return unsafe.Pointer(&sa.raw), _Socklen(sa.raw.Len), nil
}
@@ -146,7 +363,9 @@ func anyToSockaddr(_ int, rsa *RawSockaddrAny) (Sockaddr, error) {
sa := new(SockaddrInet4)
p := (*[2]byte)(unsafe.Pointer(&pp.Port))
sa.Port = int(p[0])<<8 + int(p[1])
- sa.Addr = pp.Addr
+ for i := 0; i < len(sa.Addr); i++ {
+ sa.Addr[i] = pp.Addr[i]
+ }
return sa, nil
case AF_INET6:
@@ -155,7 +374,9 @@ func anyToSockaddr(_ int, rsa *RawSockaddrAny) (Sockaddr, error) {
p := (*[2]byte)(unsafe.Pointer(&pp.Port))
sa.Port = int(p[0])<<8 + int(p[1])
sa.ZoneId = pp.Scope_id
- sa.Addr = pp.Addr
+ for i := 0; i < len(sa.Addr); i++ {
+ sa.Addr[i] = pp.Addr[i]
+ }
return sa, nil
}
return nil, EAFNOSUPPORT
@@ -177,6 +398,43 @@ func Accept(fd int) (nfd int, sa Sockaddr, err error) {
return
}
+func Accept4(fd int, flags int) (nfd int, sa Sockaddr, err error) {
+ var rsa RawSockaddrAny
+ var len _Socklen = SizeofSockaddrAny
+ nfd, err = accept4(fd, &rsa, &len, flags)
+ if err != nil {
+ return
+ }
+ if len > SizeofSockaddrAny {
+ panic("RawSockaddrAny too small")
+ }
+ // TODO(neeilan): Remove 0 in call
+ sa, err = anyToSockaddr(0, &rsa)
+ if err != nil {
+ Close(nfd)
+ nfd = 0
+ }
+ return
+}
+
+func Ctermid() (tty string, err error) {
+ var termdev [1025]byte
+ runtime.EnterSyscall()
+ r0, err2, err1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___CTERMID_A<<4, uintptr(unsafe.Pointer(&termdev[0])))
+ runtime.ExitSyscall()
+ if r0 == 0 {
+ return "", fmt.Errorf("%s (errno2=0x%x)\n", err1.Error(), err2)
+ }
+ s := string(termdev[:])
+ idx := strings.Index(s, string(rune(0)))
+ if idx == -1 {
+ tty = s
+ } else {
+ tty = s[:idx]
+ }
+ return
+}
+
func (iov *Iovec) SetLen(length int) {
iov.Len = uint64(length)
}
@@ -190,10 +448,16 @@ func (cmsg *Cmsghdr) SetLen(length int) {
}
//sys fcntl(fd int, cmd int, arg int) (val int, err error)
+//sys Flistxattr(fd int, dest []byte) (sz int, err error) = SYS___FLISTXATTR_A
+//sys Fremovexattr(fd int, attr string) (err error) = SYS___FREMOVEXATTR_A
//sys read(fd int, p []byte) (n int, err error)
//sys write(fd int, p []byte) (n int, err error)
+//sys Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) = SYS___FGETXATTR_A
+//sys Fsetxattr(fd int, attr string, data []byte, flag int) (err error) = SYS___FSETXATTR_A
+
//sys accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) = SYS___ACCEPT_A
+//sys accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) = SYS___ACCEPT4_A
//sys bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) = SYS___BIND_A
//sys connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) = SYS___CONNECT_A
//sysnb getgroups(n int, list *_Gid_t) (nn int, err error)
@@ -204,6 +468,7 @@ func (cmsg *Cmsghdr) SetLen(length int) {
//sysnb socketpair(domain int, typ int, proto int, fd *[2]int32) (err error)
//sysnb getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) = SYS___GETPEERNAME_A
//sysnb getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) = SYS___GETSOCKNAME_A
+//sys Removexattr(path string, attr string) (err error) = SYS___REMOVEXATTR_A
//sys recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error) = SYS___RECVFROM_A
//sys sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (err error) = SYS___SENDTO_A
//sys recvmsg(s int, msg *Msghdr, flags int) (n int, err error) = SYS___RECVMSG_A
@@ -212,6 +477,10 @@ func (cmsg *Cmsghdr) SetLen(length int) {
//sys munmap(addr uintptr, length uintptr) (err error) = SYS_MUNMAP
//sys ioctl(fd int, req int, arg uintptr) (err error) = SYS_IOCTL
//sys ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) = SYS_IOCTL
+//sys shmat(id int, addr uintptr, flag int) (ret uintptr, err error) = SYS_SHMAT
+//sys shmctl(id int, cmd int, buf *SysvShmDesc) (result int, err error) = SYS_SHMCTL64
+//sys shmdt(addr uintptr) (err error) = SYS_SHMDT
+//sys shmget(key int, size int, flag int) (id int, err error) = SYS_SHMGET
//sys Access(path string, mode uint32) (err error) = SYS___ACCESS_A
//sys Chdir(path string) (err error) = SYS___CHDIR_A
@@ -220,14 +489,31 @@ func (cmsg *Cmsghdr) SetLen(length int) {
//sys Creat(path string, mode uint32) (fd int, err error) = SYS___CREAT_A
//sys Dup(oldfd int) (fd int, err error)
//sys Dup2(oldfd int, newfd int) (err error)
+//sys Dup3(oldfd int, newfd int, flags int) (err error) = SYS_DUP3
+//sys Dirfd(dirp uintptr) (fd int, err error) = SYS_DIRFD
+//sys EpollCreate(size int) (fd int, err error) = SYS_EPOLL_CREATE
+//sys EpollCreate1(flags int) (fd int, err error) = SYS_EPOLL_CREATE1
+//sys EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) = SYS_EPOLL_CTL
+//sys EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) = SYS_EPOLL_PWAIT
+//sys EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) = SYS_EPOLL_WAIT
//sys Errno2() (er2 int) = SYS___ERRNO2
-//sys Err2ad() (eadd *int) = SYS___ERR2AD
+//sys Eventfd(initval uint, flags int) (fd int, err error) = SYS_EVENTFD
//sys Exit(code int)
+//sys Faccessat(dirfd int, path string, mode uint32, flags int) (err error) = SYS___FACCESSAT_A
+
+func Faccessat2(dirfd int, path string, mode uint32, flags int) (err error) {
+ return Faccessat(dirfd, path, mode, flags)
+}
+
//sys Fchdir(fd int) (err error)
//sys Fchmod(fd int, mode uint32) (err error)
+//sys Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) = SYS___FCHMODAT_A
//sys Fchown(fd int, uid int, gid int) (err error)
+//sys Fchownat(fd int, path string, uid int, gid int, flags int) (err error) = SYS___FCHOWNAT_A
//sys FcntlInt(fd uintptr, cmd int, arg int) (retval int, err error) = SYS_FCNTL
+//sys Fdatasync(fd int) (err error) = SYS_FDATASYNC
//sys fstat(fd int, stat *Stat_LE_t) (err error)
+//sys fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) = SYS___FSTATAT_A
func Fstat(fd int, stat *Stat_t) (err error) {
var statLE Stat_LE_t
@@ -236,28 +522,208 @@ func Fstat(fd int, stat *Stat_t) (err error) {
return
}
+func Fstatat(dirfd int, path string, stat *Stat_t, flags int) (err error) {
+ var statLE Stat_LE_t
+ err = fstatat(dirfd, path, &statLE, flags)
+ copyStat(stat, &statLE)
+ return
+}
+
+func impl_Getxattr(path string, attr string, dest []byte) (sz int, err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(attr)
+ if err != nil {
+ return
+ }
+ var _p2 unsafe.Pointer
+ if len(dest) > 0 {
+ _p2 = unsafe.Pointer(&dest[0])
+ } else {
+ _p2 = unsafe.Pointer(&_zero)
+ }
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)))
+ sz = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_GetxattrAddr() *(func(path string, attr string, dest []byte) (sz int, err error))
+
+var Getxattr = enter_Getxattr
+
+func enter_Getxattr(path string, attr string, dest []byte) (sz int, err error) {
+ funcref := get_GetxattrAddr()
+ if validGetxattr() {
+ *funcref = impl_Getxattr
+ } else {
+ *funcref = error_Getxattr
+ }
+ return (*funcref)(path, attr, dest)
+}
+
+func error_Getxattr(path string, attr string, dest []byte) (sz int, err error) {
+ return -1, ENOSYS
+}
+
+func validGetxattr() bool {
+ if funcptrtest(GetZosLibVec()+SYS___GETXATTR_A<<4, "") == 0 {
+ if name, err := getLeFuncName(GetZosLibVec() + SYS___GETXATTR_A<<4); err == nil {
+ return name == "__getxattr_a"
+ }
+ }
+ return false
+}
+
+//sys Lgetxattr(link string, attr string, dest []byte) (sz int, err error) = SYS___LGETXATTR_A
+//sys Lsetxattr(path string, attr string, data []byte, flags int) (err error) = SYS___LSETXATTR_A
+
+func impl_Setxattr(path string, attr string, data []byte, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(attr)
+ if err != nil {
+ return
+ }
+ var _p2 unsafe.Pointer
+ if len(data) > 0 {
+ _p2 = unsafe.Pointer(&data[0])
+ } else {
+ _p2 = unsafe.Pointer(&_zero)
+ }
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_SetxattrAddr() *(func(path string, attr string, data []byte, flags int) (err error))
+
+var Setxattr = enter_Setxattr
+
+func enter_Setxattr(path string, attr string, data []byte, flags int) (err error) {
+ funcref := get_SetxattrAddr()
+ if validSetxattr() {
+ *funcref = impl_Setxattr
+ } else {
+ *funcref = error_Setxattr
+ }
+ return (*funcref)(path, attr, data, flags)
+}
+
+func error_Setxattr(path string, attr string, data []byte, flags int) (err error) {
+ return ENOSYS
+}
+
+func validSetxattr() bool {
+ if funcptrtest(GetZosLibVec()+SYS___SETXATTR_A<<4, "") == 0 {
+ if name, err := getLeFuncName(GetZosLibVec() + SYS___SETXATTR_A<<4); err == nil {
+ return name == "__setxattr_a"
+ }
+ }
+ return false
+}
+
+//sys Fstatfs(fd int, buf *Statfs_t) (err error) = SYS_FSTATFS
//sys Fstatvfs(fd int, stat *Statvfs_t) (err error) = SYS_FSTATVFS
//sys Fsync(fd int) (err error)
+//sys Futimes(fd int, tv []Timeval) (err error) = SYS_FUTIMES
+//sys Futimesat(dirfd int, path string, tv []Timeval) (err error) = SYS___FUTIMESAT_A
//sys Ftruncate(fd int, length int64) (err error)
-//sys Getpagesize() (pgsize int) = SYS_GETPAGESIZE
+//sys Getrandom(buf []byte, flags int) (n int, err error) = SYS_GETRANDOM
+//sys InotifyInit() (fd int, err error) = SYS_INOTIFY_INIT
+//sys InotifyInit1(flags int) (fd int, err error) = SYS_INOTIFY_INIT1
+//sys InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) = SYS___INOTIFY_ADD_WATCH_A
+//sys InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) = SYS_INOTIFY_RM_WATCH
+//sys Listxattr(path string, dest []byte) (sz int, err error) = SYS___LISTXATTR_A
+//sys Llistxattr(path string, dest []byte) (sz int, err error) = SYS___LLISTXATTR_A
+//sys Lremovexattr(path string, attr string) (err error) = SYS___LREMOVEXATTR_A
+//sys Lutimes(path string, tv []Timeval) (err error) = SYS___LUTIMES_A
//sys Mprotect(b []byte, prot int) (err error) = SYS_MPROTECT
//sys Msync(b []byte, flags int) (err error) = SYS_MSYNC
+//sys Console2(cmsg *ConsMsg2, modstr *byte, concmd *uint32) (err error) = SYS___CONSOLE2
+
+// Pipe2 begin
+
+//go:nosplit
+func getPipe2Addr() *(func([]int, int) error)
+
+var Pipe2 = pipe2Enter
+
+func pipe2Enter(p []int, flags int) (err error) {
+ if funcptrtest(GetZosLibVec()+SYS_PIPE2<<4, "") == 0 {
+ *getPipe2Addr() = pipe2Impl
+ } else {
+ *getPipe2Addr() = pipe2Error
+ }
+ return (*getPipe2Addr())(p, flags)
+}
+
+func pipe2Impl(p []int, flags int) (err error) {
+ var pp [2]_C_int
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PIPE2<<4, uintptr(unsafe.Pointer(&pp[0])), uintptr(flags))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ } else {
+ p[0] = int(pp[0])
+ p[1] = int(pp[1])
+ }
+ return
+}
+func pipe2Error(p []int, flags int) (err error) {
+ return fmt.Errorf("Pipe2 is not available on this system")
+}
+
+// Pipe2 end
+
//sys Poll(fds []PollFd, timeout int) (n int, err error) = SYS_POLL
+
+func Readdir(dir uintptr) (dirent *Dirent, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___READDIR_A<<4, uintptr(dir))
+ runtime.ExitSyscall()
+ dirent = (*Dirent)(unsafe.Pointer(r0))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//sys Readdir_r(dirp uintptr, entry *direntLE, result **direntLE) (err error) = SYS___READDIR_R_A
+//sys Statfs(path string, buf *Statfs_t) (err error) = SYS___STATFS_A
+//sys Syncfs(fd int) (err error) = SYS_SYNCFS
//sys Times(tms *Tms) (ticks uintptr, err error) = SYS_TIMES
//sys W_Getmntent(buff *byte, size int) (lastsys int, err error) = SYS_W_GETMNTENT
//sys W_Getmntent_A(buff *byte, size int) (lastsys int, err error) = SYS___W_GETMNTENT_A
//sys mount_LE(path string, filesystem string, fstype string, mtm uint32, parmlen int32, parm string) (err error) = SYS___MOUNT_A
-//sys unmount(filesystem string, mtm int) (err error) = SYS___UMOUNT_A
+//sys unmount_LE(filesystem string, mtm int) (err error) = SYS___UMOUNT_A
//sys Chroot(path string) (err error) = SYS___CHROOT_A
//sys Select(nmsgsfds int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (ret int, err error) = SYS_SELECT
-//sysnb Uname(buf *Utsname) (err error) = SYS___UNAME_A
+//sysnb Uname(buf *Utsname) (err error) = SYS_____OSNAME_A
+//sys Unshare(flags int) (err error) = SYS_UNSHARE
func Ptsname(fd int) (name string, err error) {
- r0, _, e1 := syscall_syscall(SYS___PTSNAME_A, uintptr(fd), 0, 0)
- name = u2s(unsafe.Pointer(r0))
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___PTSNAME_A<<4, uintptr(fd))
+ runtime.ExitSyscall()
+ if r0 == 0 {
+ err = errnoErr2(e1, e2)
+ } else {
+ name = u2s(unsafe.Pointer(r0))
}
return
}
@@ -272,13 +738,19 @@ func u2s(cstr unsafe.Pointer) string {
}
func Close(fd int) (err error) {
- _, _, e1 := syscall_syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_CLOSE<<4, uintptr(fd))
+ runtime.ExitSyscall()
for i := 0; e1 == EAGAIN && i < 10; i++ {
- _, _, _ = syscall_syscall(SYS_USLEEP, uintptr(10), 0, 0)
- _, _, e1 = syscall_syscall(SYS_CLOSE, uintptr(fd), 0, 0)
+ runtime.EnterSyscall()
+ CallLeFuncWithErr(GetZosLibVec()+SYS_USLEEP<<4, uintptr(10))
+ runtime.ExitSyscall()
+ runtime.EnterSyscall()
+ r0, e2, e1 = CallLeFuncWithErr(GetZosLibVec()+SYS_CLOSE<<4, uintptr(fd))
+ runtime.ExitSyscall()
}
- if e1 != 0 {
- err = errnoErr(e1)
+ if r0 != 0 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -288,9 +760,24 @@ func Madvise(b []byte, advice int) (err error) {
return
}
+func Mmap(fd int, offset int64, length int, prot int, flags int) (data []byte, err error) {
+ return mapper.Mmap(fd, offset, length, prot, flags)
+}
+
+func Munmap(b []byte) (err error) {
+ return mapper.Munmap(b)
+}
+
+func MmapPtr(fd int, offset int64, addr unsafe.Pointer, length uintptr, prot int, flags int) (ret unsafe.Pointer, err error) {
+ xaddr, err := mapper.mmap(uintptr(addr), length, prot, flags, fd, offset)
+ return unsafe.Pointer(xaddr), err
+}
+
+func MunmapPtr(addr unsafe.Pointer, length uintptr) (err error) {
+ return mapper.munmap(uintptr(addr), length)
+}
+
//sys Gethostname(buf []byte) (err error) = SYS___GETHOSTNAME_A
-//sysnb Getegid() (egid int)
-//sysnb Geteuid() (uid int)
//sysnb Getgid() (gid int)
//sysnb Getpid() (pid int)
//sysnb Getpgid(pid int) (pgid int, err error) = SYS_GETPGID
@@ -317,11 +804,14 @@ func Getrusage(who int, rusage *Rusage) (err error) {
return
}
+//sys Getegid() (egid int) = SYS_GETEGID
+//sys Geteuid() (euid int) = SYS_GETEUID
//sysnb Getsid(pid int) (sid int, err error) = SYS_GETSID
//sysnb Getuid() (uid int)
//sysnb Kill(pid int, sig Signal) (err error)
//sys Lchown(path string, uid int, gid int) (err error) = SYS___LCHOWN_A
//sys Link(path string, link string) (err error) = SYS___LINK_A
+//sys Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) = SYS___LINKAT_A
//sys Listen(s int, n int) (err error)
//sys lstat(path string, stat *Stat_LE_t) (err error) = SYS___LSTAT_A
@@ -332,15 +822,150 @@ func Lstat(path string, stat *Stat_t) (err error) {
return
}
+// for checking symlinks begins with $VERSION/ $SYSNAME/ $SYSSYMR/ $SYSSYMA/
+func isSpecialPath(path []byte) (v bool) {
+ var special = [4][8]byte{
+ {'V', 'E', 'R', 'S', 'I', 'O', 'N', '/'},
+ {'S', 'Y', 'S', 'N', 'A', 'M', 'E', '/'},
+ {'S', 'Y', 'S', 'S', 'Y', 'M', 'R', '/'},
+ {'S', 'Y', 'S', 'S', 'Y', 'M', 'A', '/'}}
+
+ var i, j int
+ for i = 0; i < len(special); i++ {
+ for j = 0; j < len(special[i]); j++ {
+ if path[j] != special[i][j] {
+ break
+ }
+ }
+ if j == len(special[i]) {
+ return true
+ }
+ }
+ return false
+}
+
+func realpath(srcpath string, abspath []byte) (pathlen int, errno int) {
+ var source [1024]byte
+ copy(source[:], srcpath)
+ source[len(srcpath)] = 0
+ ret := runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___REALPATH_A<<4, //__realpath_a()
+ []uintptr{uintptr(unsafe.Pointer(&source[0])),
+ uintptr(unsafe.Pointer(&abspath[0]))})
+ if ret != 0 {
+ index := bytes.IndexByte(abspath[:], byte(0))
+ if index != -1 {
+ return index, 0
+ }
+ } else {
+ errptr := (*int)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4, []uintptr{}))) //__errno()
+ return 0, *errptr
+ }
+ return 0, 245 // EBADDATA 245
+}
+
+func Readlink(path string, buf []byte) (n int, err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ var _p1 unsafe.Pointer
+ if len(buf) > 0 {
+ _p1 = unsafe.Pointer(&buf[0])
+ } else {
+ _p1 = unsafe.Pointer(&_zero)
+ }
+ n = int(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___READLINK_A<<4,
+ []uintptr{uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf))}))
+ runtime.KeepAlive(unsafe.Pointer(_p0))
+ if n == -1 {
+ value := *(*int32)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4, []uintptr{})))
+ err = errnoErr(Errno(value))
+ } else {
+ if buf[0] == '$' {
+ if isSpecialPath(buf[1:9]) {
+ cnt, err1 := realpath(path, buf)
+ if err1 == 0 {
+ n = cnt
+ }
+ }
+ }
+ }
+ return
+}
+
+func impl_Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ var _p1 unsafe.Pointer
+ if len(buf) > 0 {
+ _p1 = unsafe.Pointer(&buf[0])
+ } else {
+ _p1 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___READLINKAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
+ runtime.ExitSyscall()
+ n = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ return n, err
+ } else {
+ if buf[0] == '$' {
+ if isSpecialPath(buf[1:9]) {
+ cnt, err1 := realpath(path, buf)
+ if err1 == 0 {
+ n = cnt
+ }
+ }
+ }
+ }
+ return
+}
+
+//go:nosplit
+func get_ReadlinkatAddr() *(func(dirfd int, path string, buf []byte) (n int, err error))
+
+var Readlinkat = enter_Readlinkat
+
+func enter_Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+ funcref := get_ReadlinkatAddr()
+ if funcptrtest(GetZosLibVec()+SYS___READLINKAT_A<<4, "") == 0 {
+ *funcref = impl_Readlinkat
+ } else {
+ *funcref = error_Readlinkat
+ }
+ return (*funcref)(dirfd, path, buf)
+}
+
+func error_Readlinkat(dirfd int, path string, buf []byte) (n int, err error) {
+ n = -1
+ err = ENOSYS
+ return
+}
+
//sys Mkdir(path string, mode uint32) (err error) = SYS___MKDIR_A
+//sys Mkdirat(dirfd int, path string, mode uint32) (err error) = SYS___MKDIRAT_A
//sys Mkfifo(path string, mode uint32) (err error) = SYS___MKFIFO_A
//sys Mknod(path string, mode uint32, dev int) (err error) = SYS___MKNOD_A
+//sys Mknodat(dirfd int, path string, mode uint32, dev int) (err error) = SYS___MKNODAT_A
+//sys PivotRoot(newroot string, oldroot string) (err error) = SYS___PIVOT_ROOT_A
//sys Pread(fd int, p []byte, offset int64) (n int, err error)
//sys Pwrite(fd int, p []byte, offset int64) (n int, err error)
-//sys Readlink(path string, buf []byte) (n int, err error) = SYS___READLINK_A
+//sys Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) = SYS___PRCTL_A
+//sysnb Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) = SYS_PRLIMIT
//sys Rename(from string, to string) (err error) = SYS___RENAME_A
+//sys Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) = SYS___RENAMEAT_A
+//sys Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) = SYS___RENAMEAT2_A
//sys Rmdir(path string) (err error) = SYS___RMDIR_A
//sys Seek(fd int, offset int64, whence int) (off int64, err error) = SYS_LSEEK
+//sys Setegid(egid int) (err error) = SYS_SETEGID
+//sys Seteuid(euid int) (err error) = SYS_SETEUID
+//sys Sethostname(p []byte) (err error) = SYS___SETHOSTNAME_A
+//sys Setns(fd int, nstype int) (err error) = SYS_SETNS
//sys Setpriority(which int, who int, prio int) (err error)
//sysnb Setpgid(pid int, pgid int) (err error) = SYS_SETPGID
//sysnb Setrlimit(resource int, lim *Rlimit) (err error)
@@ -360,32 +985,57 @@ func Stat(path string, sta *Stat_t) (err error) {
}
//sys Symlink(path string, link string) (err error) = SYS___SYMLINK_A
+//sys Symlinkat(oldPath string, dirfd int, newPath string) (err error) = SYS___SYMLINKAT_A
//sys Sync() = SYS_SYNC
//sys Truncate(path string, length int64) (err error) = SYS___TRUNCATE_A
//sys Tcgetattr(fildes int, termptr *Termios) (err error) = SYS_TCGETATTR
//sys Tcsetattr(fildes int, when int, termptr *Termios) (err error) = SYS_TCSETATTR
//sys Umask(mask int) (oldmask int)
//sys Unlink(path string) (err error) = SYS___UNLINK_A
+//sys Unlinkat(dirfd int, path string, flags int) (err error) = SYS___UNLINKAT_A
//sys Utime(path string, utim *Utimbuf) (err error) = SYS___UTIME_A
//sys open(path string, mode int, perm uint32) (fd int, err error) = SYS___OPEN_A
func Open(path string, mode int, perm uint32) (fd int, err error) {
+ if mode&O_ACCMODE == 0 {
+ mode |= O_RDONLY
+ }
return open(path, mode, perm)
}
-func Mkfifoat(dirfd int, path string, mode uint32) (err error) {
- wd, err := Getwd()
- if err != nil {
- return err
+//sys openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) = SYS___OPENAT_A
+
+func Openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+ if flags&O_ACCMODE == 0 {
+ flags |= O_RDONLY
}
+ return openat(dirfd, path, flags, mode)
+}
- if err := Fchdir(dirfd); err != nil {
- return err
+//sys openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) = SYS___OPENAT2_A
+
+func Openat2(dirfd int, path string, how *OpenHow) (fd int, err error) {
+ if how.Flags&O_ACCMODE == 0 {
+ how.Flags |= O_RDONLY
}
- defer Chdir(wd)
+ return openat2(dirfd, path, how, SizeofOpenHow)
+}
- return Mkfifo(path, mode)
+func ZosFdToPath(dirfd int) (path string, err error) {
+ var buffer [1024]byte
+ runtime.EnterSyscall()
+ ret, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_W_IOCTL<<4, uintptr(dirfd), 17, 1024, uintptr(unsafe.Pointer(&buffer[0])))
+ runtime.ExitSyscall()
+ if ret == 0 {
+ zb := bytes.IndexByte(buffer[:], 0)
+ if zb == -1 {
+ zb = len(buffer)
+ }
+ CallLeFuncWithErr(GetZosLibVec()+SYS___E2A_L<<4, uintptr(unsafe.Pointer(&buffer[0])), uintptr(zb))
+ return string(buffer[:zb]), nil
+ }
+ return "", errnoErr2(e1, e2)
}
//sys remove(path string) (err error)
@@ -403,10 +1053,12 @@ func Getcwd(buf []byte) (n int, err error) {
} else {
p = unsafe.Pointer(&_zero)
}
- _, _, e := syscall_syscall(SYS___GETCWD_A, uintptr(p), uintptr(len(buf)), 0)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___GETCWD_A<<4, uintptr(p), uintptr(len(buf)))
+ runtime.ExitSyscall()
n = clen(buf) + 1
- if e != 0 {
- err = errnoErr(e)
+ if r0 == 0 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -520,9 +1172,41 @@ func (w WaitStatus) StopSignal() Signal {
func (w WaitStatus) TrapCause() int { return -1 }
+//sys waitid(idType int, id int, info *Siginfo, options int) (err error)
+
+func Waitid(idType int, id int, info *Siginfo, options int, rusage *Rusage) (err error) {
+ return waitid(idType, id, info, options)
+}
+
//sys waitpid(pid int, wstatus *_C_int, options int) (wpid int, err error)
-func Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
+func impl_Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WAIT4<<4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options), uintptr(unsafe.Pointer(rusage)))
+ runtime.ExitSyscall()
+ wpid = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_Wait4Addr() *(func(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error))
+
+var Wait4 = enter_Wait4
+
+func enter_Wait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
+ funcref := get_Wait4Addr()
+ if funcptrtest(GetZosLibVec()+SYS_WAIT4<<4, "") == 0 {
+ *funcref = impl_Wait4
+ } else {
+ *funcref = legacyWait4
+ }
+ return (*funcref)(pid, wstatus, options, rusage)
+}
+
+func legacyWait4(pid int, wstatus *WaitStatus, options int, rusage *Rusage) (wpid int, err error) {
// TODO(mundaym): z/OS doesn't have wait4. I don't think getrusage does what we want.
// At the moment rusage will not be touched.
var status _C_int
@@ -571,23 +1255,62 @@ func Pipe(p []int) (err error) {
}
var pp [2]_C_int
err = pipe(&pp)
- if err == nil {
- p[0] = int(pp[0])
- p[1] = int(pp[1])
- }
+ p[0] = int(pp[0])
+ p[1] = int(pp[1])
return
}
//sys utimes(path string, timeval *[2]Timeval) (err error) = SYS___UTIMES_A
func Utimes(path string, tv []Timeval) (err error) {
+ if tv == nil {
+ return utimes(path, nil)
+ }
if len(tv) != 2 {
return EINVAL
}
return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
}
-func UtimesNano(path string, ts []Timespec) error {
+//sys utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) = SYS___UTIMENSAT_A
+
+func validUtimensat() bool {
+ if funcptrtest(GetZosLibVec()+SYS___UTIMENSAT_A<<4, "") == 0 {
+ if name, err := getLeFuncName(GetZosLibVec() + SYS___UTIMENSAT_A<<4); err == nil {
+ return name == "__utimensat_a"
+ }
+ }
+ return false
+}
+
+// Begin UtimesNano
+
+//go:nosplit
+func get_UtimesNanoAddr() *(func(path string, ts []Timespec) (err error))
+
+var UtimesNano = enter_UtimesNano
+
+func enter_UtimesNano(path string, ts []Timespec) (err error) {
+ funcref := get_UtimesNanoAddr()
+ if validUtimensat() {
+ *funcref = utimesNanoImpl
+ } else {
+ *funcref = legacyUtimesNano
+ }
+ return (*funcref)(path, ts)
+}
+
+func utimesNanoImpl(path string, ts []Timespec) (err error) {
+ if ts == nil {
+ return utimensat(AT_FDCWD, path, nil, 0)
+ }
+ if len(ts) != 2 {
+ return EINVAL
+ }
+ return utimensat(AT_FDCWD, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), 0)
+}
+
+func legacyUtimesNano(path string, ts []Timespec) (err error) {
if len(ts) != 2 {
return EINVAL
}
@@ -600,6 +1323,70 @@ func UtimesNano(path string, ts []Timespec) error {
return utimes(path, (*[2]Timeval)(unsafe.Pointer(&tv[0])))
}
+// End UtimesNano
+
+// Begin UtimesNanoAt
+
+//go:nosplit
+func get_UtimesNanoAtAddr() *(func(dirfd int, path string, ts []Timespec, flags int) (err error))
+
+var UtimesNanoAt = enter_UtimesNanoAt
+
+func enter_UtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) (err error) {
+ funcref := get_UtimesNanoAtAddr()
+ if validUtimensat() {
+ *funcref = utimesNanoAtImpl
+ } else {
+ *funcref = legacyUtimesNanoAt
+ }
+ return (*funcref)(dirfd, path, ts, flags)
+}
+
+func utimesNanoAtImpl(dirfd int, path string, ts []Timespec, flags int) (err error) {
+ if ts == nil {
+ return utimensat(dirfd, path, nil, flags)
+ }
+ if len(ts) != 2 {
+ return EINVAL
+ }
+ return utimensat(dirfd, path, (*[2]Timespec)(unsafe.Pointer(&ts[0])), flags)
+}
+
+func legacyUtimesNanoAt(dirfd int, path string, ts []Timespec, flags int) (err error) {
+ if path[0] != '/' {
+ dirPath, err := ZosFdToPath(dirfd)
+ if err != nil {
+ return err
+ }
+ path = dirPath + "/" + path
+ }
+ if flags == AT_SYMLINK_NOFOLLOW {
+ if len(ts) != 2 {
+ return EINVAL
+ }
+
+ if ts[0].Nsec >= 5e8 {
+ ts[0].Sec++
+ }
+ ts[0].Nsec = 0
+ if ts[1].Nsec >= 5e8 {
+ ts[1].Sec++
+ }
+ ts[1].Nsec = 0
+
+ // Not as efficient as it could be because Timespec and
+ // Timeval have different types in the different OSes
+ tv := []Timeval{
+ NsecToTimeval(TimespecToNsec(ts[0])),
+ NsecToTimeval(TimespecToNsec(ts[1])),
+ }
+ return Lutimes(path, tv)
+ }
+ return UtimesNano(path, ts)
+}
+
+// End UtimesNanoAt
+
func Getsockname(fd int) (sa Sockaddr, err error) {
var rsa RawSockaddrAny
var len _Socklen = SizeofSockaddrAny
@@ -1104,7 +1891,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
return "", err
}
- return string(buf[:vallen-1]), nil
+ return ByteSliceToString(buf[:vallen]), nil
}
func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) {
@@ -1191,10 +1978,13 @@ func Opendir(name string) (uintptr, error) {
if err != nil {
return 0, err
}
- dir, _, e := syscall_syscall(SYS___OPENDIR_A, uintptr(unsafe.Pointer(p)), 0, 0)
+ err = nil
+ runtime.EnterSyscall()
+ dir, e2, e1 := CallLeFuncWithPtrReturn(GetZosLibVec()+SYS___OPENDIR_A<<4, uintptr(unsafe.Pointer(p)))
+ runtime.ExitSyscall()
runtime.KeepAlive(unsafe.Pointer(p))
- if e != 0 {
- err = errnoErr(e)
+ if dir == 0 {
+ err = errnoErr2(e1, e2)
}
return dir, err
}
@@ -1202,51 +1992,27 @@ func Opendir(name string) (uintptr, error) {
// clearsyscall.Errno resets the errno value to 0.
func clearErrno()
-func Readdir(dir uintptr) (*Dirent, error) {
- var ent Dirent
- var res uintptr
- // __readdir_r_a returns errno at the end of the directory stream, rather than 0.
- // Therefore to avoid false positives we clear errno before calling it.
-
- // TODO(neeilan): Commented this out to get sys/unix compiling on z/OS. Uncomment and fix. Error: "undefined: clearsyscall"
- //clearsyscall.Errno() // TODO(mundaym): check pre-emption rules.
-
- e, _, _ := syscall_syscall(SYS___READDIR_R_A, dir, uintptr(unsafe.Pointer(&ent)), uintptr(unsafe.Pointer(&res)))
- var err error
- if e != 0 {
- err = errnoErr(Errno(e))
- }
- if res == 0 {
- return nil, err
- }
- return &ent, err
-}
-
-func readdir_r(dirp uintptr, entry *direntLE, result **direntLE) (err error) {
- r0, _, e1 := syscall_syscall(SYS___READDIR_R_A, dirp, uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
- if int64(r0) == -1 {
- err = errnoErr(Errno(e1))
- }
- return
-}
-
func Closedir(dir uintptr) error {
- _, _, e := syscall_syscall(SYS_CLOSEDIR, dir, 0, 0)
- if e != 0 {
- return errnoErr(e)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_CLOSEDIR<<4, dir)
+ runtime.ExitSyscall()
+ if r0 != 0 {
+ return errnoErr2(e1, e2)
}
return nil
}
func Seekdir(dir uintptr, pos int) {
- _, _, _ = syscall_syscall(SYS_SEEKDIR, dir, uintptr(pos), 0)
+ runtime.EnterSyscall()
+ CallLeFuncWithErr(GetZosLibVec()+SYS_SEEKDIR<<4, dir, uintptr(pos))
+ runtime.ExitSyscall()
}
func Telldir(dir uintptr) (int, error) {
- p, _, e := syscall_syscall(SYS_TELLDIR, dir, 0, 0)
+ p, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TELLDIR<<4, dir)
pos := int(p)
- if pos == -1 {
- return pos, errnoErr(e)
+ if int64(p) == -1 {
+ return pos, errnoErr2(e1, e2)
}
return pos, nil
}
@@ -1261,19 +2027,55 @@ func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error {
*(*int64)(unsafe.Pointer(&flock[4])) = lk.Start
*(*int64)(unsafe.Pointer(&flock[12])) = lk.Len
*(*int32)(unsafe.Pointer(&flock[20])) = lk.Pid
- _, _, errno := syscall_syscall(SYS_FCNTL, fd, uintptr(cmd), uintptr(unsafe.Pointer(&flock)))
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, fd, uintptr(cmd), uintptr(unsafe.Pointer(&flock)))
+ runtime.ExitSyscall()
lk.Type = *(*int16)(unsafe.Pointer(&flock[0]))
lk.Whence = *(*int16)(unsafe.Pointer(&flock[2]))
lk.Start = *(*int64)(unsafe.Pointer(&flock[4]))
lk.Len = *(*int64)(unsafe.Pointer(&flock[12]))
lk.Pid = *(*int32)(unsafe.Pointer(&flock[20]))
- if errno == 0 {
+ if r0 == 0 {
return nil
}
- return errno
+ return errnoErr2(e1, e2)
+}
+
+func impl_Flock(fd int, how int) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FLOCK<<4, uintptr(fd), uintptr(how))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
}
-func Flock(fd int, how int) error {
+//go:nosplit
+func get_FlockAddr() *(func(fd int, how int) (err error))
+
+var Flock = enter_Flock
+
+func validFlock(fp uintptr) bool {
+ if funcptrtest(GetZosLibVec()+SYS_FLOCK<<4, "") == 0 {
+ if name, err := getLeFuncName(GetZosLibVec() + SYS_FLOCK<<4); err == nil {
+ return name == "flock"
+ }
+ }
+ return false
+}
+
+func enter_Flock(fd int, how int) (err error) {
+ funcref := get_FlockAddr()
+ if validFlock(GetZosLibVec() + SYS_FLOCK<<4) {
+ *funcref = impl_Flock
+ } else {
+ *funcref = legacyFlock
+ }
+ return (*funcref)(fd, how)
+}
+
+func legacyFlock(fd int, how int) error {
var flock_type int16
var fcntl_cmd int
@@ -1307,41 +2109,51 @@ func Flock(fd int, how int) error {
}
func Mlock(b []byte) (err error) {
- _, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_NONSWAP)
+ runtime.ExitSyscall()
+ if r0 != 0 {
+ err = errnoErr2(e1, e2)
}
return
}
func Mlock2(b []byte, flags int) (err error) {
- _, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_NONSWAP)
+ runtime.ExitSyscall()
+ if r0 != 0 {
+ err = errnoErr2(e1, e2)
}
return
}
func Mlockall(flags int) (err error) {
- _, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_NONSWAP, 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_NONSWAP)
+ runtime.ExitSyscall()
+ if r0 != 0 {
+ err = errnoErr2(e1, e2)
}
return
}
func Munlock(b []byte) (err error) {
- _, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_SWAP, 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_SWAP)
+ runtime.ExitSyscall()
+ if r0 != 0 {
+ err = errnoErr2(e1, e2)
}
return
}
func Munlockall() (err error) {
- _, _, e1 := syscall_syscall(SYS___MLOCKALL, _BPX_SWAP, 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MLOCKALL<<4, _BPX_SWAP)
+ runtime.ExitSyscall()
+ if r0 != 0 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1367,20 +2179,109 @@ func ClockGettime(clockid int32, ts *Timespec) error {
ts.Sec = int64(tm.Utime / ticks_per_sec)
ts.Nsec = int64(tm.Utime) * nsec_per_sec / int64(ticks_per_sec)
} else {
- return EINVAL
+ return EINVAL
+ }
+ return nil
+}
+
+// Chtag
+
+//go:nosplit
+func get_ChtagAddr() *(func(path string, ccsid uint64, textbit uint64) error)
+
+var Chtag = enter_Chtag
+
+func enter_Chtag(path string, ccsid uint64, textbit uint64) error {
+ funcref := get_ChtagAddr()
+ if validSetxattr() {
+ *funcref = impl_Chtag
+ } else {
+ *funcref = legacy_Chtag
+ }
+ return (*funcref)(path, ccsid, textbit)
+}
+
+func legacy_Chtag(path string, ccsid uint64, textbit uint64) error {
+ tag := ccsid<<16 | textbit<<15
+ var tag_buff [8]byte
+ DecodeData(tag_buff[:], 8, tag)
+ return Setxattr(path, "filetag", tag_buff[:], XATTR_REPLACE)
+}
+
+func impl_Chtag(path string, ccsid uint64, textbit uint64) error {
+ tag := ccsid<<16 | textbit<<15
+ var tag_buff [4]byte
+ DecodeData(tag_buff[:], 4, tag)
+ return Setxattr(path, "system.filetag", tag_buff[:], XATTR_REPLACE)
+}
+
+// End of Chtag
+
+// Nanosleep
+
+//go:nosplit
+func get_NanosleepAddr() *(func(time *Timespec, leftover *Timespec) error)
+
+var Nanosleep = enter_Nanosleep
+
+func enter_Nanosleep(time *Timespec, leftover *Timespec) error {
+ funcref := get_NanosleepAddr()
+ if funcptrtest(GetZosLibVec()+SYS_NANOSLEEP<<4, "") == 0 {
+ *funcref = impl_Nanosleep
+ } else {
+ *funcref = legacyNanosleep
+ }
+ return (*funcref)(time, leftover)
+}
+
+func impl_Nanosleep(time *Timespec, leftover *Timespec) error {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_NANOSLEEP<<4, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ return errnoErr2(e1, e2)
}
return nil
}
-func Statfs(path string, stat *Statfs_t) (err error) {
- fd, err := open(path, O_RDONLY, 0)
- defer Close(fd)
- if err != nil {
- return err
+func legacyNanosleep(time *Timespec, leftover *Timespec) error {
+ t0 := runtime.Nanotime1()
+ var secrem uint32
+ var nsecrem uint32
+ total := time.Sec*1000000000 + time.Nsec
+ elapsed := runtime.Nanotime1() - t0
+ var rv int32
+ var rc int32
+ var err error
+ // repeatedly sleep for 1 second until less than 1 second left
+ for total-elapsed > 1000000000 {
+ rv, rc, _ = BpxCondTimedWait(uint32(1), uint32(0), uint32(CW_CONDVAR), &secrem, &nsecrem)
+ if rv != 0 && rc != 112 { // 112 is EAGAIN
+ if leftover != nil && rc == 120 { // 120 is EINTR
+ leftover.Sec = int64(secrem)
+ leftover.Nsec = int64(nsecrem)
+ }
+ err = Errno(rc)
+ return err
+ }
+ elapsed = runtime.Nanotime1() - t0
+ }
+ // sleep the remainder
+ if total > elapsed {
+ rv, rc, _ = BpxCondTimedWait(uint32(0), uint32(total-elapsed), uint32(CW_CONDVAR), &secrem, &nsecrem)
}
- return Fstatfs(fd, stat)
+ if leftover != nil && rc == 120 {
+ leftover.Sec = int64(secrem)
+ leftover.Nsec = int64(nsecrem)
+ }
+ if rv != 0 && rc != 112 {
+ err = Errno(rc)
+ }
+ return err
}
+// End of Nanosleep
+
var (
Stdin = 0
Stdout = 1
@@ -1395,6 +2296,9 @@ var (
errENOENT error = syscall.ENOENT
)
+var ZosTraceLevel int
+var ZosTracefile *os.File
+
var (
signalNameMapOnce sync.Once
signalNameMap map[string]syscall.Signal
@@ -1416,6 +2320,56 @@ func errnoErr(e Errno) error {
return e
}
+var reg *regexp.Regexp
+
+// enhanced with zos specific errno2
+func errnoErr2(e Errno, e2 uintptr) error {
+ switch e {
+ case 0:
+ return nil
+ case EAGAIN:
+ return errEAGAIN
+ /*
+ Allow the retrieval of errno2 for EINVAL and ENOENT on zos
+ case EINVAL:
+ return errEINVAL
+ case ENOENT:
+ return errENOENT
+ */
+ }
+ if ZosTraceLevel > 0 {
+ var name string
+ if reg == nil {
+ reg = regexp.MustCompile("(^unix\\.[^/]+$|.*\\/unix\\.[^/]+$)")
+ }
+ i := 1
+ pc, file, line, ok := runtime.Caller(i)
+ if ok {
+ name = runtime.FuncForPC(pc).Name()
+ }
+ for ok && reg.MatchString(runtime.FuncForPC(pc).Name()) {
+ i += 1
+ pc, file, line, ok = runtime.Caller(i)
+ }
+ if ok {
+ if ZosTracefile == nil {
+ ZosConsolePrintf("From %s:%d\n", file, line)
+ ZosConsolePrintf("%s: %s (errno2=0x%x)\n", name, e.Error(), e2)
+ } else {
+ fmt.Fprintf(ZosTracefile, "From %s:%d\n", file, line)
+ fmt.Fprintf(ZosTracefile, "%s: %s (errno2=0x%x)\n", name, e.Error(), e2)
+ }
+ } else {
+ if ZosTracefile == nil {
+ ZosConsolePrintf("%s (errno2=0x%x)\n", e.Error(), e2)
+ } else {
+ fmt.Fprintf(ZosTracefile, "%s (errno2=0x%x)\n", e.Error(), e2)
+ }
+ }
+ }
+ return e
+}
+
// ErrnoName returns the error name for error number e.
func ErrnoName(e Errno) string {
i := sort.Search(len(errorList), func(i int) bool {
@@ -1474,6 +2428,9 @@ func (m *mmapper) Mmap(fd int, offset int64, length int, prot int, flags int) (d
return nil, EINVAL
}
+ // Set __MAP_64 by default
+ flags |= __MAP_64
+
// Map the requested memory.
addr, errno := m.mmap(0, uintptr(length), prot, flags, fd, offset)
if errno != nil {
@@ -1778,83 +2735,170 @@ func Exec(argv0 string, argv []string, envv []string) error {
return syscall.Exec(argv0, argv, envv)
}
-func Mount(source string, target string, fstype string, flags uintptr, data string) (err error) {
+func Getag(path string) (ccsid uint16, flag uint16, err error) {
+ var val [8]byte
+ sz, err := Getxattr(path, "ccsid", val[:])
+ if err != nil {
+ return
+ }
+ ccsid = uint16(EncodeData(val[0:sz]))
+ sz, err = Getxattr(path, "flags", val[:])
+ if err != nil {
+ return
+ }
+ flag = uint16(EncodeData(val[0:sz]) >> 15)
+ return
+}
+
+// Mount begin
+func impl_Mount(source string, target string, fstype string, flags uintptr, data string) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(source)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(target)
+ if err != nil {
+ return
+ }
+ var _p2 *byte
+ _p2, err = BytePtrFromString(fstype)
+ if err != nil {
+ return
+ }
+ var _p3 *byte
+ _p3, err = BytePtrFromString(data)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MOUNT1_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(flags), uintptr(unsafe.Pointer(_p3)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_MountAddr() *(func(source string, target string, fstype string, flags uintptr, data string) (err error))
+
+var Mount = enter_Mount
+
+func enter_Mount(source string, target string, fstype string, flags uintptr, data string) (err error) {
+ funcref := get_MountAddr()
+ if validMount() {
+ *funcref = impl_Mount
+ } else {
+ *funcref = legacyMount
+ }
+ return (*funcref)(source, target, fstype, flags, data)
+}
+
+func legacyMount(source string, target string, fstype string, flags uintptr, data string) (err error) {
if needspace := 8 - len(fstype); needspace <= 0 {
- fstype = fstype[:8]
+ fstype = fstype[0:8]
} else {
- fstype += " "[:needspace]
+ fstype += " "[0:needspace]
}
return mount_LE(target, source, fstype, uint32(flags), int32(len(data)), data)
}
-func Unmount(name string, mtm int) (err error) {
+func validMount() bool {
+ if funcptrtest(GetZosLibVec()+SYS___MOUNT1_A<<4, "") == 0 {
+ if name, err := getLeFuncName(GetZosLibVec() + SYS___MOUNT1_A<<4); err == nil {
+ return name == "__mount1_a"
+ }
+ }
+ return false
+}
+
+// Mount end
+
+// Unmount begin
+func impl_Unmount(target string, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(target)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UMOUNT2_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_UnmountAddr() *(func(target string, flags int) (err error))
+
+var Unmount = enter_Unmount
+
+func enter_Unmount(target string, flags int) (err error) {
+ funcref := get_UnmountAddr()
+ if funcptrtest(GetZosLibVec()+SYS___UMOUNT2_A<<4, "") == 0 {
+ *funcref = impl_Unmount
+ } else {
+ *funcref = legacyUnmount
+ }
+ return (*funcref)(target, flags)
+}
+
+func legacyUnmount(name string, mtm int) (err error) {
// mountpoint is always a full path and starts with a '/'
// check if input string is not a mountpoint but a filesystem name
if name[0] != '/' {
- return unmount(name, mtm)
+ return unmount_LE(name, mtm)
}
// treat name as mountpoint
b2s := func(arr []byte) string {
- nulli := bytes.IndexByte(arr, 0)
- if nulli == -1 {
- return string(arr)
- } else {
- return string(arr[:nulli])
+ var str string
+ for i := 0; i < len(arr); i++ {
+ if arr[i] == 0 {
+ str = string(arr[:i])
+ break
+ }
}
+ return str
}
var buffer struct {
header W_Mnth
fsinfo [64]W_Mntent
}
- fsCount, err := W_Getmntent_A((*byte)(unsafe.Pointer(&buffer)), int(unsafe.Sizeof(buffer)))
- if err != nil {
- return err
- }
- if fsCount == 0 {
- return EINVAL
- }
- for i := 0; i < fsCount; i++ {
- if b2s(buffer.fsinfo[i].Mountpoint[:]) == name {
- err = unmount(b2s(buffer.fsinfo[i].Fsname[:]), mtm)
- break
+ fs_count, err := W_Getmntent_A((*byte)(unsafe.Pointer(&buffer)), int(unsafe.Sizeof(buffer)))
+ if err == nil {
+ err = EINVAL
+ for i := 0; i < fs_count; i++ {
+ if b2s(buffer.fsinfo[i].Mountpoint[:]) == name {
+ err = unmount_LE(b2s(buffer.fsinfo[i].Fsname[:]), mtm)
+ break
+ }
}
+ } else if fs_count == 0 {
+ err = EINVAL
}
return err
}
-func fdToPath(dirfd int) (path string, err error) {
- var buffer [1024]byte
- // w_ctrl()
- ret := runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_W_IOCTL<<4,
- []uintptr{uintptr(dirfd), 17, 1024, uintptr(unsafe.Pointer(&buffer[0]))})
- if ret == 0 {
- zb := bytes.IndexByte(buffer[:], 0)
- if zb == -1 {
- zb = len(buffer)
- }
- // __e2a_l()
- runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4,
- []uintptr{uintptr(unsafe.Pointer(&buffer[0])), uintptr(zb)})
- return string(buffer[:zb]), nil
- }
- // __errno()
- errno := int(*(*int32)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4,
- []uintptr{}))))
- // __errno2()
- errno2 := int(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO2<<4,
- []uintptr{}))
- // strerror_r()
- ret = runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_STRERROR_R<<4,
- []uintptr{uintptr(errno), uintptr(unsafe.Pointer(&buffer[0])), 1024})
- if ret == 0 {
- zb := bytes.IndexByte(buffer[:], 0)
- if zb == -1 {
- zb = len(buffer)
- }
- return "", fmt.Errorf("%s (errno2=0x%x)", buffer[:zb], errno2)
- } else {
- return "", fmt.Errorf("fdToPath errno %d (errno2=0x%x)", errno, errno2)
+// Unmount end
+
+func direntIno(buf []byte) (uint64, bool) {
+ return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
+}
+
+func direntReclen(buf []byte) (uint64, bool) {
+ return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+}
+
+func direntNamlen(buf []byte) (uint64, bool) {
+ reclen, ok := direntReclen(buf)
+ if !ok {
+ return 0, false
}
+ return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true
}
func direntLeToDirentUnix(dirent *direntLE, dir uintptr, path string) (Dirent, error) {
@@ -1896,7 +2940,7 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
}
// Get path from fd to avoid unavailable call (fdopendir)
- path, err := fdToPath(fd)
+ path, err := ZosFdToPath(fd)
if err != nil {
return 0, err
}
@@ -1910,7 +2954,7 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
for {
var entryLE direntLE
var entrypLE *direntLE
- e := readdir_r(d, &entryLE, &entrypLE)
+ e := Readdir_r(d, &entryLE, &entrypLE)
if e != nil {
return n, e
}
@@ -1956,23 +3000,214 @@ func Getdirentries(fd int, buf []byte, basep *uintptr) (n int, err error) {
return n, nil
}
-func ReadDirent(fd int, buf []byte) (n int, err error) {
- var base = (*uintptr)(unsafe.Pointer(new(uint64)))
- return Getdirentries(fd, buf, base)
+func Err2ad() (eadd *int) {
+ r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS___ERR2AD<<4)
+ eadd = (*int)(unsafe.Pointer(r0))
+ return
}
-func direntIno(buf []byte) (uint64, bool) {
- return readInt(buf, unsafe.Offsetof(Dirent{}.Ino), unsafe.Sizeof(Dirent{}.Ino))
+func ZosConsolePrintf(format string, v ...interface{}) (int, error) {
+ type __cmsg struct {
+ _ uint16
+ _ [2]uint8
+ __msg_length uint32
+ __msg uintptr
+ _ [4]uint8
+ }
+ msg := fmt.Sprintf(format, v...)
+ strptr := unsafe.Pointer((*reflect.StringHeader)(unsafe.Pointer(&msg)).Data)
+ len := (*reflect.StringHeader)(unsafe.Pointer(&msg)).Len
+ cmsg := __cmsg{__msg_length: uint32(len), __msg: uintptr(strptr)}
+ cmd := uint32(0)
+ runtime.EnterSyscall()
+ rc, err2, err1 := CallLeFuncWithErr(GetZosLibVec()+SYS_____CONSOLE_A<<4, uintptr(unsafe.Pointer(&cmsg)), 0, uintptr(unsafe.Pointer(&cmd)))
+ runtime.ExitSyscall()
+ if rc != 0 {
+ return 0, fmt.Errorf("%s (errno2=0x%x)\n", err1.Error(), err2)
+ }
+ return 0, nil
+}
+func ZosStringToEbcdicBytes(str string, nullterm bool) (ebcdicBytes []byte) {
+ if nullterm {
+ ebcdicBytes = []byte(str + "\x00")
+ } else {
+ ebcdicBytes = []byte(str)
+ }
+ A2e(ebcdicBytes)
+ return
+}
+func ZosEbcdicBytesToString(b []byte, trimRight bool) (str string) {
+ res := make([]byte, len(b))
+ copy(res, b)
+ E2a(res)
+ if trimRight {
+ str = string(bytes.TrimRight(res, " \x00"))
+ } else {
+ str = string(res)
+ }
+ return
}
-func direntReclen(buf []byte) (uint64, bool) {
- return readInt(buf, unsafe.Offsetof(Dirent{}.Reclen), unsafe.Sizeof(Dirent{}.Reclen))
+func fdToPath(dirfd int) (path string, err error) {
+ var buffer [1024]byte
+ // w_ctrl()
+ ret := runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_W_IOCTL<<4,
+ []uintptr{uintptr(dirfd), 17, 1024, uintptr(unsafe.Pointer(&buffer[0]))})
+ if ret == 0 {
+ zb := bytes.IndexByte(buffer[:], 0)
+ if zb == -1 {
+ zb = len(buffer)
+ }
+ // __e2a_l()
+ runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___E2A_L<<4,
+ []uintptr{uintptr(unsafe.Pointer(&buffer[0])), uintptr(zb)})
+ return string(buffer[:zb]), nil
+ }
+ // __errno()
+ errno := int(*(*int32)(unsafe.Pointer(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO<<4,
+ []uintptr{}))))
+ // __errno2()
+ errno2 := int(runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS___ERRNO2<<4,
+ []uintptr{}))
+ // strerror_r()
+ ret = runtime.CallLeFuncByPtr(runtime.XplinkLibvec+SYS_STRERROR_R<<4,
+ []uintptr{uintptr(errno), uintptr(unsafe.Pointer(&buffer[0])), 1024})
+ if ret == 0 {
+ zb := bytes.IndexByte(buffer[:], 0)
+ if zb == -1 {
+ zb = len(buffer)
+ }
+ return "", fmt.Errorf("%s (errno2=0x%x)", buffer[:zb], errno2)
+ } else {
+ return "", fmt.Errorf("fdToPath errno %d (errno2=0x%x)", errno, errno2)
+ }
}
-func direntNamlen(buf []byte) (uint64, bool) {
- reclen, ok := direntReclen(buf)
- if !ok {
- return 0, false
+func impl_Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
}
- return reclen - uint64(unsafe.Offsetof(Dirent{}.Name)), true
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKFIFOAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_MkfifoatAddr() *(func(dirfd int, path string, mode uint32) (err error))
+
+var Mkfifoat = enter_Mkfifoat
+
+func enter_Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+ funcref := get_MkfifoatAddr()
+ if funcptrtest(GetZosLibVec()+SYS___MKFIFOAT_A<<4, "") == 0 {
+ *funcref = impl_Mkfifoat
+ } else {
+ *funcref = legacy_Mkfifoat
+ }
+ return (*funcref)(dirfd, path, mode)
+}
+
+func legacy_Mkfifoat(dirfd int, path string, mode uint32) (err error) {
+ dirname, err := ZosFdToPath(dirfd)
+ if err != nil {
+ return err
+ }
+ return Mkfifo(dirname+"/"+path, mode)
+}
+
+//sys Posix_openpt(oflag int) (fd int, err error) = SYS_POSIX_OPENPT
+//sys Grantpt(fildes int) (rc int, err error) = SYS_GRANTPT
+//sys Unlockpt(fildes int) (rc int, err error) = SYS_UNLOCKPT
+
+func fcntlAsIs(fd uintptr, cmd int, arg uintptr) (val int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, uintptr(fd), uintptr(cmd), arg)
+ runtime.ExitSyscall()
+ val = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+func Fcntl(fd uintptr, cmd int, op interface{}) (ret int, err error) {
+ switch op.(type) {
+ case *Flock_t:
+ err = FcntlFlock(fd, cmd, op.(*Flock_t))
+ if err != nil {
+ ret = -1
+ }
+ return
+ case int:
+ return FcntlInt(fd, cmd, op.(int))
+ case *F_cnvrt:
+ return fcntlAsIs(fd, cmd, uintptr(unsafe.Pointer(op.(*F_cnvrt))))
+ case unsafe.Pointer:
+ return fcntlAsIs(fd, cmd, uintptr(op.(unsafe.Pointer)))
+ default:
+ return -1, EINVAL
+ }
+ return
+}
+
+func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+ if raceenabled {
+ raceReleaseMerge(unsafe.Pointer(&ioSync))
+ }
+ return sendfile(outfd, infd, offset, count)
+}
+
+func sendfile(outfd int, infd int, offset *int64, count int) (written int, err error) {
+ // TODO: use LE call instead if the call is implemented
+ originalOffset, err := Seek(infd, 0, SEEK_CUR)
+ if err != nil {
+ return -1, err
+ }
+ //start reading data from in_fd
+ if offset != nil {
+ _, err := Seek(infd, *offset, SEEK_SET)
+ if err != nil {
+ return -1, err
+ }
+ }
+
+ buf := make([]byte, count)
+ readBuf := make([]byte, 0)
+ var n int = 0
+ for i := 0; i < count; i += n {
+ n, err := Read(infd, buf)
+ if n == 0 {
+ if err != nil {
+ return -1, err
+ } else { // EOF
+ break
+ }
+ }
+ readBuf = append(readBuf, buf...)
+ buf = buf[0:0]
+ }
+
+ n2, err := Write(outfd, readBuf)
+ if err != nil {
+ return -1, err
+ }
+
+ //When sendfile() returns, this variable will be set to the
+ // offset of the byte following the last byte that was read.
+ if offset != nil {
+ *offset = *offset + int64(n)
+ // If offset is not NULL, then sendfile() does not modify the file
+ // offset of in_fd
+ _, err := Seek(infd, originalOffset, SEEK_SET)
+ if err != nil {
+ return -1, err
+ }
+ }
+ return n2, nil
}
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
index 79a84f18b46d9207c41768a63afd38c90126b01b..672d6b0a8805d8ec9fc42fcf7a1cdca2d9b0b280 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_unix.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build (darwin && !ios) || linux
+//go:build (darwin && !ios) || linux || zos
package unix
diff --git a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
index 9eb0db664cbf83325bf900141313de337f8e2055..8b7977a28c065d192c1780ff5efe0dc06176032c 100644
--- a/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
+++ b/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
-//go:build darwin && !ios
+//go:build (darwin && !ios) || zos
package unix
diff --git a/vendor/golang.org/x/sys/unix/vgetrandom_linux.go b/vendor/golang.org/x/sys/unix/vgetrandom_linux.go
new file mode 100644
index 0000000000000000000000000000000000000000..07ac8e09d1b702b1abd56252d7c6d1135580f559
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/vgetrandom_linux.go
@@ -0,0 +1,13 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build linux && go1.24
+
+package unix
+
+import _ "unsafe"
+
+//go:linkname vgetrandom runtime.vgetrandom
+//go:noescape
+func vgetrandom(p []byte, flags uint32) (ret int, supported bool)
diff --git a/vendor/golang.org/x/sys/unix/vgetrandom_unsupported.go b/vendor/golang.org/x/sys/unix/vgetrandom_unsupported.go
new file mode 100644
index 0000000000000000000000000000000000000000..297e97bce92a6ebc7eeebc067685a2587b5f7e63
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/vgetrandom_unsupported.go
@@ -0,0 +1,11 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !linux || !go1.24
+
+package unix
+
+func vgetrandom(p []byte, flags uint32) (ret int, supported bool) {
+ return -1, false
+}
diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
index e40fa85245f47cb7d80057e1362556976fd26910..d73c4652e6c549ba5214cbc249eaa72274f6ae4a 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
@@ -237,6 +237,9 @@ const (
CLOCK_UPTIME_RAW_APPROX = 0x9
CLONE_NOFOLLOW = 0x1
CLONE_NOOWNERCOPY = 0x2
+ CONNECT_DATA_AUTHENTICATED = 0x4
+ CONNECT_DATA_IDEMPOTENT = 0x2
+ CONNECT_RESUME_ON_READ_WRITE = 0x1
CR0 = 0x0
CR1 = 0x1000
CR2 = 0x2000
@@ -1169,6 +1172,11 @@ const (
PT_WRITE_D = 0x5
PT_WRITE_I = 0x4
PT_WRITE_U = 0x6
+ RENAME_EXCL = 0x4
+ RENAME_NOFOLLOW_ANY = 0x10
+ RENAME_RESERVED1 = 0x8
+ RENAME_SECLUDE = 0x1
+ RENAME_SWAP = 0x2
RLIMIT_AS = 0x5
RLIMIT_CORE = 0x4
RLIMIT_CPU = 0x0
@@ -1260,6 +1268,10 @@ const (
RTV_SSTHRESH = 0x20
RUSAGE_CHILDREN = -0x1
RUSAGE_SELF = 0x0
+ SAE_ASSOCID_ALL = 0xffffffff
+ SAE_ASSOCID_ANY = 0x0
+ SAE_CONNID_ALL = 0xffffffff
+ SAE_CONNID_ANY = 0x0
SCM_CREDS = 0x3
SCM_RIGHTS = 0x1
SCM_TIMESTAMP = 0x2
diff --git a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
index bb02aa6c05647b75f1db94dd7965bac3f66b57d4..4a55a400588946f6f5aa4d3c472f146c9fa938a5 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
@@ -237,6 +237,9 @@ const (
CLOCK_UPTIME_RAW_APPROX = 0x9
CLONE_NOFOLLOW = 0x1
CLONE_NOOWNERCOPY = 0x2
+ CONNECT_DATA_AUTHENTICATED = 0x4
+ CONNECT_DATA_IDEMPOTENT = 0x2
+ CONNECT_RESUME_ON_READ_WRITE = 0x1
CR0 = 0x0
CR1 = 0x1000
CR2 = 0x2000
@@ -1169,6 +1172,11 @@ const (
PT_WRITE_D = 0x5
PT_WRITE_I = 0x4
PT_WRITE_U = 0x6
+ RENAME_EXCL = 0x4
+ RENAME_NOFOLLOW_ANY = 0x10
+ RENAME_RESERVED1 = 0x8
+ RENAME_SECLUDE = 0x1
+ RENAME_SWAP = 0x2
RLIMIT_AS = 0x5
RLIMIT_CORE = 0x4
RLIMIT_CPU = 0x0
@@ -1260,6 +1268,10 @@ const (
RTV_SSTHRESH = 0x20
RUSAGE_CHILDREN = -0x1
RUSAGE_SELF = 0x0
+ SAE_ASSOCID_ALL = 0xffffffff
+ SAE_ASSOCID_ANY = 0x0
+ SAE_CONNID_ALL = 0xffffffff
+ SAE_CONNID_ANY = 0x0
SCM_CREDS = 0x3
SCM_RIGHTS = 0x1
SCM_TIMESTAMP = 0x2
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go
index 9c00cbf512c4783ff773f59cc1683242328b5b5e..6ebc48b3fecd71f891b0aeff1f2f9c8110b9e88d 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go
@@ -321,6 +321,9 @@ const (
AUDIT_INTEGRITY_STATUS = 0x70a
AUDIT_IPC = 0x517
AUDIT_IPC_SET_PERM = 0x51f
+ AUDIT_IPE_ACCESS = 0x58c
+ AUDIT_IPE_CONFIG_CHANGE = 0x58d
+ AUDIT_IPE_POLICY_LOAD = 0x58e
AUDIT_KERNEL = 0x7d0
AUDIT_KERNEL_OTHER = 0x524
AUDIT_KERN_MODULE = 0x532
@@ -457,6 +460,7 @@ const (
B600 = 0x8
B75 = 0x2
B9600 = 0xd
+ BCACHEFS_SUPER_MAGIC = 0xca451a4e
BDEVFS_MAGIC = 0x62646576
BINDERFS_SUPER_MAGIC = 0x6c6f6f70
BINFMTFS_MAGIC = 0x42494e4d
@@ -486,14 +490,16 @@ const (
BPF_F_ANY_ALIGNMENT = 0x2
BPF_F_BEFORE = 0x8
BPF_F_ID = 0x20
- BPF_F_LINK = 0x2000
BPF_F_NETFILTER_IP_DEFRAG = 0x1
BPF_F_QUERY_EFFECTIVE = 0x1
+ BPF_F_REDIRECT_FLAGS = 0x19
BPF_F_REPLACE = 0x4
BPF_F_SLEEPABLE = 0x10
BPF_F_STRICT_ALIGNMENT = 0x1
+ BPF_F_TEST_REG_INVARIANTS = 0x80
BPF_F_TEST_RND_HI32 = 0x4
BPF_F_TEST_RUN_ON_CPU = 0x1
+ BPF_F_TEST_SKB_CHECKSUM_COMPLETE = 0x4
BPF_F_TEST_STATE_FREQ = 0x8
BPF_F_TEST_XDP_LIVE_FRAMES = 0x2
BPF_F_XDP_DEV_BOUND_ONLY = 0x40
@@ -502,6 +508,7 @@ const (
BPF_IMM = 0x0
BPF_IND = 0x40
BPF_JA = 0x0
+ BPF_JCOND = 0xe0
BPF_JEQ = 0x10
BPF_JGE = 0x30
BPF_JGT = 0x20
@@ -657,6 +664,9 @@ const (
CAN_NPROTO = 0x8
CAN_RAW = 0x1
CAN_RAW_FILTER_MAX = 0x200
+ CAN_RAW_XL_VCID_RX_FILTER = 0x4
+ CAN_RAW_XL_VCID_TX_PASS = 0x2
+ CAN_RAW_XL_VCID_TX_SET = 0x1
CAN_RTR_FLAG = 0x40000000
CAN_SFF_ID_BITS = 0xb
CAN_SFF_MASK = 0x7ff
@@ -924,6 +934,7 @@ const (
EPOLL_CTL_ADD = 0x1
EPOLL_CTL_DEL = 0x2
EPOLL_CTL_MOD = 0x3
+ EPOLL_IOC_TYPE = 0x8a
EROFS_SUPER_MAGIC_V1 = 0xe0f5e1e2
ESP_V4_FLOW = 0xa
ESP_V6_FLOW = 0xc
@@ -937,9 +948,6 @@ const (
ETHTOOL_FEC_OFF = 0x4
ETHTOOL_FEC_RS = 0x8
ETHTOOL_FLAG_ALL = 0x7
- ETHTOOL_FLAG_COMPACT_BITSETS = 0x1
- ETHTOOL_FLAG_OMIT_REPLY = 0x2
- ETHTOOL_FLAG_STATS = 0x4
ETHTOOL_FLASHDEV = 0x33
ETHTOOL_FLASH_MAX_FILENAME = 0x80
ETHTOOL_FWVERS_LEN = 0x20
@@ -1162,6 +1170,7 @@ const (
EXTA = 0xe
EXTB = 0xf
F2FS_SUPER_MAGIC = 0xf2f52010
+ FALLOC_FL_ALLOCATE_RANGE = 0x0
FALLOC_FL_COLLAPSE_RANGE = 0x8
FALLOC_FL_INSERT_RANGE = 0x20
FALLOC_FL_KEEP_SIZE = 0x1
@@ -1339,6 +1348,7 @@ const (
F_OFD_SETLK = 0x25
F_OFD_SETLKW = 0x26
F_OK = 0x0
+ F_SEAL_EXEC = 0x20
F_SEAL_FUTURE_WRITE = 0x10
F_SEAL_GROW = 0x4
F_SEAL_SEAL = 0x1
@@ -1627,6 +1637,7 @@ const (
IP_FREEBIND = 0xf
IP_HDRINCL = 0x3
IP_IPSEC_POLICY = 0x10
+ IP_LOCAL_PORT_RANGE = 0x33
IP_MAXPACKET = 0xffff
IP_MAX_MEMBERSHIPS = 0x14
IP_MF = 0x2000
@@ -1653,6 +1664,7 @@ const (
IP_PMTUDISC_OMIT = 0x5
IP_PMTUDISC_PROBE = 0x3
IP_PMTUDISC_WANT = 0x1
+ IP_PROTOCOL = 0x34
IP_RECVERR = 0xb
IP_RECVERR_RFC4884 = 0x1a
IP_RECVFRAGSIZE = 0x19
@@ -1698,6 +1710,8 @@ const (
KEXEC_ARCH_S390 = 0x160000
KEXEC_ARCH_SH = 0x2a0000
KEXEC_ARCH_X86_64 = 0x3e0000
+ KEXEC_CRASH_HOTPLUG_SUPPORT = 0x8
+ KEXEC_FILE_DEBUG = 0x8
KEXEC_FILE_NO_INITRAMFS = 0x4
KEXEC_FILE_ON_CRASH = 0x2
KEXEC_FILE_UNLOAD = 0x1
@@ -1772,6 +1786,7 @@ const (
KEY_SPEC_USER_KEYRING = -0x4
KEY_SPEC_USER_SESSION_KEYRING = -0x5
LANDLOCK_ACCESS_FS_EXECUTE = 0x1
+ LANDLOCK_ACCESS_FS_IOCTL_DEV = 0x8000
LANDLOCK_ACCESS_FS_MAKE_BLOCK = 0x800
LANDLOCK_ACCESS_FS_MAKE_CHAR = 0x40
LANDLOCK_ACCESS_FS_MAKE_DIR = 0x80
@@ -1786,7 +1801,11 @@ const (
LANDLOCK_ACCESS_FS_REMOVE_FILE = 0x20
LANDLOCK_ACCESS_FS_TRUNCATE = 0x4000
LANDLOCK_ACCESS_FS_WRITE_FILE = 0x2
+ LANDLOCK_ACCESS_NET_BIND_TCP = 0x1
+ LANDLOCK_ACCESS_NET_CONNECT_TCP = 0x2
LANDLOCK_CREATE_RULESET_VERSION = 0x1
+ LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET = 0x1
+ LANDLOCK_SCOPE_SIGNAL = 0x2
LINUX_REBOOT_CMD_CAD_OFF = 0x0
LINUX_REBOOT_CMD_CAD_ON = 0x89abcdef
LINUX_REBOOT_CMD_HALT = 0xcdef0123
@@ -1802,6 +1821,7 @@ const (
LOCK_SH = 0x1
LOCK_UN = 0x8
LOOP_CLR_FD = 0x4c01
+ LOOP_CONFIGURE = 0x4c0a
LOOP_CTL_ADD = 0x4c80
LOOP_CTL_GET_FREE = 0x4c82
LOOP_CTL_REMOVE = 0x4c81
@@ -1850,6 +1870,19 @@ const (
MAP_FILE = 0x0
MAP_FIXED = 0x10
MAP_FIXED_NOREPLACE = 0x100000
+ MAP_HUGE_16GB = 0x88000000
+ MAP_HUGE_16KB = 0x38000000
+ MAP_HUGE_16MB = 0x60000000
+ MAP_HUGE_1GB = 0x78000000
+ MAP_HUGE_1MB = 0x50000000
+ MAP_HUGE_256MB = 0x70000000
+ MAP_HUGE_2GB = 0x7c000000
+ MAP_HUGE_2MB = 0x54000000
+ MAP_HUGE_32MB = 0x64000000
+ MAP_HUGE_512KB = 0x4c000000
+ MAP_HUGE_512MB = 0x74000000
+ MAP_HUGE_64KB = 0x40000000
+ MAP_HUGE_8MB = 0x5c000000
MAP_HUGE_MASK = 0x3f
MAP_HUGE_SHIFT = 0x1a
MAP_PRIVATE = 0x2
@@ -1896,6 +1929,9 @@ const (
MNT_DETACH = 0x2
MNT_EXPIRE = 0x4
MNT_FORCE = 0x1
+ MNT_ID_REQ_SIZE_VER0 = 0x18
+ MNT_ID_REQ_SIZE_VER1 = 0x20
+ MNT_NS_INFO_SIZE_VER0 = 0x10
MODULE_INIT_COMPRESSED_FILE = 0x4
MODULE_INIT_IGNORE_MODVERSIONS = 0x1
MODULE_INIT_IGNORE_VERMAGIC = 0x2
@@ -2127,6 +2163,60 @@ const (
NFNL_SUBSYS_QUEUE = 0x3
NFNL_SUBSYS_ULOG = 0x4
NFS_SUPER_MAGIC = 0x6969
+ NFT_CHAIN_FLAGS = 0x7
+ NFT_CHAIN_MAXNAMELEN = 0x100
+ NFT_CT_MAX = 0x17
+ NFT_DATA_RESERVED_MASK = 0xffffff00
+ NFT_DATA_VALUE_MAXLEN = 0x40
+ NFT_EXTHDR_OP_MAX = 0x4
+ NFT_FIB_RESULT_MAX = 0x3
+ NFT_INNER_MASK = 0xf
+ NFT_LOGLEVEL_MAX = 0x8
+ NFT_NAME_MAXLEN = 0x100
+ NFT_NG_MAX = 0x1
+ NFT_OBJECT_CONNLIMIT = 0x5
+ NFT_OBJECT_COUNTER = 0x1
+ NFT_OBJECT_CT_EXPECT = 0x9
+ NFT_OBJECT_CT_HELPER = 0x3
+ NFT_OBJECT_CT_TIMEOUT = 0x7
+ NFT_OBJECT_LIMIT = 0x4
+ NFT_OBJECT_MAX = 0xa
+ NFT_OBJECT_QUOTA = 0x2
+ NFT_OBJECT_SECMARK = 0x8
+ NFT_OBJECT_SYNPROXY = 0xa
+ NFT_OBJECT_TUNNEL = 0x6
+ NFT_OBJECT_UNSPEC = 0x0
+ NFT_OBJ_MAXNAMELEN = 0x100
+ NFT_OSF_MAXGENRELEN = 0x10
+ NFT_QUEUE_FLAG_BYPASS = 0x1
+ NFT_QUEUE_FLAG_CPU_FANOUT = 0x2
+ NFT_QUEUE_FLAG_MASK = 0x3
+ NFT_REG32_COUNT = 0x10
+ NFT_REG32_SIZE = 0x4
+ NFT_REG_MAX = 0x4
+ NFT_REG_SIZE = 0x10
+ NFT_REJECT_ICMPX_MAX = 0x3
+ NFT_RT_MAX = 0x4
+ NFT_SECMARK_CTX_MAXLEN = 0x1000
+ NFT_SET_MAXNAMELEN = 0x100
+ NFT_SOCKET_MAX = 0x3
+ NFT_TABLE_F_MASK = 0x7
+ NFT_TABLE_MAXNAMELEN = 0x100
+ NFT_TRACETYPE_MAX = 0x3
+ NFT_TUNNEL_F_MASK = 0x7
+ NFT_TUNNEL_MAX = 0x1
+ NFT_TUNNEL_MODE_MAX = 0x2
+ NFT_USERDATA_MAXLEN = 0x100
+ NFT_XFRM_KEY_MAX = 0x6
+ NF_NAT_RANGE_MAP_IPS = 0x1
+ NF_NAT_RANGE_MASK = 0x7f
+ NF_NAT_RANGE_NETMAP = 0x40
+ NF_NAT_RANGE_PERSISTENT = 0x8
+ NF_NAT_RANGE_PROTO_OFFSET = 0x20
+ NF_NAT_RANGE_PROTO_RANDOM = 0x4
+ NF_NAT_RANGE_PROTO_RANDOM_ALL = 0x14
+ NF_NAT_RANGE_PROTO_RANDOM_FULLY = 0x10
+ NF_NAT_RANGE_PROTO_SPECIFIED = 0x2
NILFS_SUPER_MAGIC = 0x3434
NL0 = 0x0
NL1 = 0x100
@@ -2246,6 +2336,7 @@ const (
PERF_AUX_FLAG_PARTIAL = 0x4
PERF_AUX_FLAG_PMU_FORMAT_TYPE_MASK = 0xff00
PERF_AUX_FLAG_TRUNCATED = 0x1
+ PERF_BRANCH_ENTRY_INFO_BITS_MAX = 0x21
PERF_BR_ARM64_DEBUG_DATA = 0x7
PERF_BR_ARM64_DEBUG_EXIT = 0x5
PERF_BR_ARM64_DEBUG_HALT = 0x4
@@ -2275,9 +2366,11 @@ const (
PERF_MEM_LVLNUM_IO = 0xa
PERF_MEM_LVLNUM_L1 = 0x1
PERF_MEM_LVLNUM_L2 = 0x2
+ PERF_MEM_LVLNUM_L2_MHB = 0x5
PERF_MEM_LVLNUM_L3 = 0x3
PERF_MEM_LVLNUM_L4 = 0x4
PERF_MEM_LVLNUM_LFB = 0xc
+ PERF_MEM_LVLNUM_MSC = 0x6
PERF_MEM_LVLNUM_NA = 0xf
PERF_MEM_LVLNUM_PMEM = 0xe
PERF_MEM_LVLNUM_RAM = 0xd
@@ -2343,12 +2436,14 @@ const (
PERF_RECORD_MISC_USER = 0x2
PERF_SAMPLE_BRANCH_PLM_ALL = 0x7
PERF_SAMPLE_WEIGHT_TYPE = 0x1004000
+ PID_FS_MAGIC = 0x50494446
PIPEFS_MAGIC = 0x50495045
PPPIOCGNPMODE = 0xc008744c
PPPIOCNEWUNIT = 0xc004743e
PRIO_PGRP = 0x1
PRIO_PROCESS = 0x0
PRIO_USER = 0x2
+ PROCFS_IOCTL_MAGIC = 'f'
PROC_SUPER_MAGIC = 0x9fa0
PROT_EXEC = 0x4
PROT_GROWSDOWN = 0x1000000
@@ -2411,6 +2506,7 @@ const (
PR_MCE_KILL_GET = 0x22
PR_MCE_KILL_LATE = 0x0
PR_MCE_KILL_SET = 0x1
+ PR_MDWE_NO_INHERIT = 0x2
PR_MDWE_REFUSE_EXEC_GAIN = 0x1
PR_MPX_DISABLE_MANAGEMENT = 0x2c
PR_MPX_ENABLE_MANAGEMENT = 0x2b
@@ -2429,6 +2525,23 @@ const (
PR_PAC_GET_ENABLED_KEYS = 0x3d
PR_PAC_RESET_KEYS = 0x36
PR_PAC_SET_ENABLED_KEYS = 0x3c
+ PR_PPC_DEXCR_CTRL_CLEAR = 0x4
+ PR_PPC_DEXCR_CTRL_CLEAR_ONEXEC = 0x10
+ PR_PPC_DEXCR_CTRL_EDITABLE = 0x1
+ PR_PPC_DEXCR_CTRL_MASK = 0x1f
+ PR_PPC_DEXCR_CTRL_SET = 0x2
+ PR_PPC_DEXCR_CTRL_SET_ONEXEC = 0x8
+ PR_PPC_DEXCR_IBRTPD = 0x1
+ PR_PPC_DEXCR_NPHIE = 0x3
+ PR_PPC_DEXCR_SBHE = 0x0
+ PR_PPC_DEXCR_SRAPD = 0x2
+ PR_PPC_GET_DEXCR = 0x48
+ PR_PPC_SET_DEXCR = 0x49
+ PR_RISCV_CTX_SW_FENCEI_OFF = 0x1
+ PR_RISCV_CTX_SW_FENCEI_ON = 0x0
+ PR_RISCV_SCOPE_PER_PROCESS = 0x0
+ PR_RISCV_SCOPE_PER_THREAD = 0x1
+ PR_RISCV_SET_ICACHE_FLUSH_CTX = 0x47
PR_RISCV_V_GET_CONTROL = 0x46
PR_RISCV_V_SET_CONTROL = 0x45
PR_RISCV_V_VSTATE_CTRL_CUR_MASK = 0x3
@@ -2520,6 +2633,28 @@ const (
PR_UNALIGN_NOPRINT = 0x1
PR_UNALIGN_SIGBUS = 0x2
PSTOREFS_MAGIC = 0x6165676c
+ PTP_CLK_MAGIC = '='
+ PTP_ENABLE_FEATURE = 0x1
+ PTP_EXTTS_EDGES = 0x6
+ PTP_EXTTS_EVENT_VALID = 0x1
+ PTP_EXTTS_V1_VALID_FLAGS = 0x7
+ PTP_EXTTS_VALID_FLAGS = 0x1f
+ PTP_EXT_OFFSET = 0x10
+ PTP_FALLING_EDGE = 0x4
+ PTP_MAX_SAMPLES = 0x19
+ PTP_PEROUT_DUTY_CYCLE = 0x2
+ PTP_PEROUT_ONE_SHOT = 0x1
+ PTP_PEROUT_PHASE = 0x4
+ PTP_PEROUT_V1_VALID_FLAGS = 0x0
+ PTP_PEROUT_VALID_FLAGS = 0x7
+ PTP_PIN_GETFUNC = 0xc0603d06
+ PTP_PIN_GETFUNC2 = 0xc0603d0f
+ PTP_RISING_EDGE = 0x2
+ PTP_STRICT_FLAGS = 0x8
+ PTP_SYS_OFFSET_EXTENDED = 0xc4c03d09
+ PTP_SYS_OFFSET_EXTENDED2 = 0xc4c03d12
+ PTP_SYS_OFFSET_PRECISE = 0xc0403d08
+ PTP_SYS_OFFSET_PRECISE2 = 0xc0403d11
PTRACE_ATTACH = 0x10
PTRACE_CONT = 0x7
PTRACE_DETACH = 0x11
@@ -2615,8 +2750,9 @@ const (
RTAX_FEATURES = 0xc
RTAX_FEATURE_ALLFRAG = 0x8
RTAX_FEATURE_ECN = 0x1
- RTAX_FEATURE_MASK = 0xf
+ RTAX_FEATURE_MASK = 0x1f
RTAX_FEATURE_SACK = 0x2
+ RTAX_FEATURE_TCP_USEC_TS = 0x10
RTAX_FEATURE_TIMESTAMP = 0x4
RTAX_HOPLIMIT = 0xa
RTAX_INITCWND = 0xb
@@ -2832,14 +2968,17 @@ const (
RUSAGE_SELF = 0x0
RUSAGE_THREAD = 0x1
RWF_APPEND = 0x10
+ RWF_ATOMIC = 0x40
RWF_DSYNC = 0x2
RWF_HIPRI = 0x1
+ RWF_NOAPPEND = 0x20
RWF_NOWAIT = 0x8
- RWF_SUPPORTED = 0x1f
+ RWF_SUPPORTED = 0x7f
RWF_SYNC = 0x4
RWF_WRITE_LIFE_NOT_SET = 0x0
SCHED_BATCH = 0x3
SCHED_DEADLINE = 0x6
+ SCHED_EXT = 0x7
SCHED_FIFO = 0x1
SCHED_FLAG_ALL = 0x7f
SCHED_FLAG_DL_OVERRUN = 0x4
@@ -2856,12 +2995,43 @@ const (
SCHED_RESET_ON_FORK = 0x40000000
SCHED_RR = 0x2
SCM_CREDENTIALS = 0x2
+ SCM_PIDFD = 0x4
SCM_RIGHTS = 0x1
+ SCM_SECURITY = 0x3
SCM_TIMESTAMP = 0x1d
SC_LOG_FLUSH = 0x100000
+ SECCOMP_ADDFD_FLAG_SEND = 0x2
+ SECCOMP_ADDFD_FLAG_SETFD = 0x1
+ SECCOMP_FILTER_FLAG_LOG = 0x2
+ SECCOMP_FILTER_FLAG_NEW_LISTENER = 0x8
+ SECCOMP_FILTER_FLAG_SPEC_ALLOW = 0x4
+ SECCOMP_FILTER_FLAG_TSYNC = 0x1
+ SECCOMP_FILTER_FLAG_TSYNC_ESRCH = 0x10
+ SECCOMP_FILTER_FLAG_WAIT_KILLABLE_RECV = 0x20
+ SECCOMP_GET_ACTION_AVAIL = 0x2
+ SECCOMP_GET_NOTIF_SIZES = 0x3
+ SECCOMP_IOCTL_NOTIF_RECV = 0xc0502100
+ SECCOMP_IOCTL_NOTIF_SEND = 0xc0182101
+ SECCOMP_IOC_MAGIC = '!'
SECCOMP_MODE_DISABLED = 0x0
SECCOMP_MODE_FILTER = 0x2
SECCOMP_MODE_STRICT = 0x1
+ SECCOMP_RET_ACTION = 0x7fff0000
+ SECCOMP_RET_ACTION_FULL = 0xffff0000
+ SECCOMP_RET_ALLOW = 0x7fff0000
+ SECCOMP_RET_DATA = 0xffff
+ SECCOMP_RET_ERRNO = 0x50000
+ SECCOMP_RET_KILL = 0x0
+ SECCOMP_RET_KILL_PROCESS = 0x80000000
+ SECCOMP_RET_KILL_THREAD = 0x0
+ SECCOMP_RET_LOG = 0x7ffc0000
+ SECCOMP_RET_TRACE = 0x7ff00000
+ SECCOMP_RET_TRAP = 0x30000
+ SECCOMP_RET_USER_NOTIF = 0x7fc00000
+ SECCOMP_SET_MODE_FILTER = 0x1
+ SECCOMP_SET_MODE_STRICT = 0x0
+ SECCOMP_USER_NOTIF_FD_SYNC_WAKE_UP = 0x1
+ SECCOMP_USER_NOTIF_FLAG_CONTINUE = 0x1
SECRETMEM_MAGIC = 0x5345434d
SECURITYFS_MAGIC = 0x73636673
SEEK_CUR = 0x1
@@ -2960,6 +3130,8 @@ const (
SIOCSMIIREG = 0x8949
SIOCSRARP = 0x8962
SIOCWANDEV = 0x894a
+ SK_DIAG_BPF_STORAGE_MAX = 0x3
+ SK_DIAG_BPF_STORAGE_REQ_MAX = 0x1
SMACK_MAGIC = 0x43415d53
SMART_AUTOSAVE = 0xd2
SMART_AUTO_OFFLINE = 0xdb
@@ -2980,6 +3152,8 @@ const (
SOCKFS_MAGIC = 0x534f434b
SOCK_BUF_LOCK_MASK = 0x3
SOCK_DCCP = 0x6
+ SOCK_DESTROY = 0x15
+ SOCK_DIAG_BY_FAMILY = 0x14
SOCK_IOC_TYPE = 0x89
SOCK_PACKET = 0xa
SOCK_RAW = 0x3
@@ -3021,6 +3195,7 @@ const (
SOL_TIPC = 0x10f
SOL_TLS = 0x11a
SOL_UDP = 0x11
+ SOL_VSOCK = 0x11f
SOL_X25 = 0x106
SOL_XDP = 0x11b
SOMAXCONN = 0x1000
@@ -3072,6 +3247,7 @@ const (
STATX_ATTR_MOUNT_ROOT = 0x2000
STATX_ATTR_NODUMP = 0x40
STATX_ATTR_VERITY = 0x100000
+ STATX_ATTR_WRITE_ATOMIC = 0x400000
STATX_BASIC_STATS = 0x7ff
STATX_BLOCKS = 0x400
STATX_BTIME = 0x800
@@ -3080,12 +3256,15 @@ const (
STATX_GID = 0x10
STATX_INO = 0x100
STATX_MNT_ID = 0x1000
+ STATX_MNT_ID_UNIQUE = 0x4000
STATX_MODE = 0x2
STATX_MTIME = 0x40
STATX_NLINK = 0x4
STATX_SIZE = 0x200
+ STATX_SUBVOL = 0x8000
STATX_TYPE = 0x1
STATX_UID = 0x8
+ STATX_WRITE_ATOMIC = 0x10000
STATX__RESERVED = 0x80000000
SYNC_FILE_RANGE_WAIT_AFTER = 0x4
SYNC_FILE_RANGE_WAIT_BEFORE = 0x1
@@ -3167,6 +3346,7 @@ const (
TCP_MAX_WINSHIFT = 0xe
TCP_MD5SIG = 0xe
TCP_MD5SIG_EXT = 0x20
+ TCP_MD5SIG_FLAG_IFINDEX = 0x2
TCP_MD5SIG_FLAG_PREFIX = 0x1
TCP_MD5SIG_MAXKEYLEN = 0x50
TCP_MSS = 0x200
@@ -3474,12 +3654,17 @@ const (
XDP_RX_RING = 0x2
XDP_SHARED_UMEM = 0x1
XDP_STATISTICS = 0x7
+ XDP_TXMD_FLAGS_CHECKSUM = 0x2
+ XDP_TXMD_FLAGS_TIMESTAMP = 0x1
+ XDP_TX_METADATA = 0x2
XDP_TX_RING = 0x3
XDP_UMEM_COMPLETION_RING = 0x6
XDP_UMEM_FILL_RING = 0x5
XDP_UMEM_PGOFF_COMPLETION_RING = 0x180000000
XDP_UMEM_PGOFF_FILL_RING = 0x100000000
XDP_UMEM_REG = 0x4
+ XDP_UMEM_TX_METADATA_LEN = 0x4
+ XDP_UMEM_TX_SW_CSUM = 0x2
XDP_UMEM_UNALIGNED_CHUNK_FLAG = 0x1
XDP_USE_NEED_WAKEUP = 0x8
XDP_USE_SG = 0x10
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
index 4920821cf3b23c1b27e88239d1d15e48b554d03c..c0d45e320505ff6424711bbec395223c8d4ec450 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
@@ -78,6 +78,8 @@ const (
ECHOPRT = 0x400
EFD_CLOEXEC = 0x80000
EFD_NONBLOCK = 0x800
+ EPIOCGPARAMS = 0x80088a02
+ EPIOCSPARAMS = 0x40088a01
EPOLL_CLOEXEC = 0x80000
EXTPROC = 0x10000
FF1 = 0x8000
@@ -107,6 +109,7 @@ const (
HIDIOCGRAWINFO = 0x80084803
HIDIOCGRDESC = 0x90044802
HIDIOCGRDESCSIZE = 0x80044801
+ HIDIOCREVOKE = 0x4004480d
HUPCL = 0x400
ICANON = 0x2
IEXTEN = 0x8000
@@ -118,6 +121,7 @@ const (
IXOFF = 0x1000
IXON = 0x400
MAP_32BIT = 0x40
+ MAP_ABOVE4G = 0x80
MAP_ANON = 0x20
MAP_ANONYMOUS = 0x20
MAP_DENYWRITE = 0x800
@@ -150,9 +154,14 @@ const (
NFDBITS = 0x20
NLDLY = 0x100
NOFLSH = 0x80
+ NS_GET_MNTNS_ID = 0x8008b705
NS_GET_NSTYPE = 0xb703
NS_GET_OWNER_UID = 0xb704
NS_GET_PARENT = 0xb702
+ NS_GET_PID_FROM_PIDNS = 0x8004b706
+ NS_GET_PID_IN_PIDNS = 0x8004b708
+ NS_GET_TGID_FROM_PIDNS = 0x8004b707
+ NS_GET_TGID_IN_PIDNS = 0x8004b709
NS_GET_USERNS = 0xb701
OLCUC = 0x2
ONLCR = 0x4
@@ -229,6 +238,20 @@ const (
PPPIOCUNBRIDGECHAN = 0x7434
PPPIOCXFERUNIT = 0x744e
PR_SET_PTRACER_ANY = 0xffffffff
+ PTP_CLOCK_GETCAPS = 0x80503d01
+ PTP_CLOCK_GETCAPS2 = 0x80503d0a
+ PTP_ENABLE_PPS = 0x40043d04
+ PTP_ENABLE_PPS2 = 0x40043d0d
+ PTP_EXTTS_REQUEST = 0x40103d02
+ PTP_EXTTS_REQUEST2 = 0x40103d0b
+ PTP_MASK_CLEAR_ALL = 0x3d13
+ PTP_MASK_EN_SINGLE = 0x40043d14
+ PTP_PEROUT_REQUEST = 0x40383d03
+ PTP_PEROUT_REQUEST2 = 0x40383d0c
+ PTP_PIN_SETFUNC = 0x40603d07
+ PTP_PIN_SETFUNC2 = 0x40603d10
+ PTP_SYS_OFFSET = 0x43403d05
+ PTP_SYS_OFFSET2 = 0x43403d0e
PTRACE_GETFPREGS = 0xe
PTRACE_GETFPXREGS = 0x12
PTRACE_GET_THREAD_AREA = 0x19
@@ -275,12 +298,17 @@ const (
RTC_WIE_ON = 0x700f
RTC_WKALM_RD = 0x80287010
RTC_WKALM_SET = 0x4028700f
+ SCM_DEVMEM_DMABUF = 0x4f
+ SCM_DEVMEM_LINEAR = 0x4e
SCM_TIMESTAMPING = 0x25
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104
SFD_CLOEXEC = 0x80000
SFD_NONBLOCK = 0x800
SIOCATMARK = 0x8905
@@ -310,6 +338,9 @@ const (
SO_CNX_ADVICE = 0x35
SO_COOKIE = 0x39
SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DEVMEM_DMABUF = 0x4f
+ SO_DEVMEM_DONTNEED = 0x50
+ SO_DEVMEM_LINEAR = 0x4e
SO_DOMAIN = 0x27
SO_DONTROUTE = 0x5
SO_ERROR = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
index a0c1e411275cc4b9a331a76234bd4b3e64361389..c731d24f02529136a59cf292fcfc27673e1c1396 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
@@ -78,6 +78,8 @@ const (
ECHOPRT = 0x400
EFD_CLOEXEC = 0x80000
EFD_NONBLOCK = 0x800
+ EPIOCGPARAMS = 0x80088a02
+ EPIOCSPARAMS = 0x40088a01
EPOLL_CLOEXEC = 0x80000
EXTPROC = 0x10000
FF1 = 0x8000
@@ -107,6 +109,7 @@ const (
HIDIOCGRAWINFO = 0x80084803
HIDIOCGRDESC = 0x90044802
HIDIOCGRDESCSIZE = 0x80044801
+ HIDIOCREVOKE = 0x4004480d
HUPCL = 0x400
ICANON = 0x2
IEXTEN = 0x8000
@@ -118,6 +121,7 @@ const (
IXOFF = 0x1000
IXON = 0x400
MAP_32BIT = 0x40
+ MAP_ABOVE4G = 0x80
MAP_ANON = 0x20
MAP_ANONYMOUS = 0x20
MAP_DENYWRITE = 0x800
@@ -150,9 +154,14 @@ const (
NFDBITS = 0x40
NLDLY = 0x100
NOFLSH = 0x80
+ NS_GET_MNTNS_ID = 0x8008b705
NS_GET_NSTYPE = 0xb703
NS_GET_OWNER_UID = 0xb704
NS_GET_PARENT = 0xb702
+ NS_GET_PID_FROM_PIDNS = 0x8004b706
+ NS_GET_PID_IN_PIDNS = 0x8004b708
+ NS_GET_TGID_FROM_PIDNS = 0x8004b707
+ NS_GET_TGID_IN_PIDNS = 0x8004b709
NS_GET_USERNS = 0xb701
OLCUC = 0x2
ONLCR = 0x4
@@ -229,6 +238,20 @@ const (
PPPIOCUNBRIDGECHAN = 0x7434
PPPIOCXFERUNIT = 0x744e
PR_SET_PTRACER_ANY = 0xffffffffffffffff
+ PTP_CLOCK_GETCAPS = 0x80503d01
+ PTP_CLOCK_GETCAPS2 = 0x80503d0a
+ PTP_ENABLE_PPS = 0x40043d04
+ PTP_ENABLE_PPS2 = 0x40043d0d
+ PTP_EXTTS_REQUEST = 0x40103d02
+ PTP_EXTTS_REQUEST2 = 0x40103d0b
+ PTP_MASK_CLEAR_ALL = 0x3d13
+ PTP_MASK_EN_SINGLE = 0x40043d14
+ PTP_PEROUT_REQUEST = 0x40383d03
+ PTP_PEROUT_REQUEST2 = 0x40383d0c
+ PTP_PIN_SETFUNC = 0x40603d07
+ PTP_PIN_SETFUNC2 = 0x40603d10
+ PTP_SYS_OFFSET = 0x43403d05
+ PTP_SYS_OFFSET2 = 0x43403d0e
PTRACE_ARCH_PRCTL = 0x1e
PTRACE_GETFPREGS = 0xe
PTRACE_GETFPXREGS = 0x12
@@ -276,12 +299,17 @@ const (
RTC_WIE_ON = 0x700f
RTC_WKALM_RD = 0x80287010
RTC_WKALM_SET = 0x4028700f
+ SCM_DEVMEM_DMABUF = 0x4f
+ SCM_DEVMEM_LINEAR = 0x4e
SCM_TIMESTAMPING = 0x25
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104
SFD_CLOEXEC = 0x80000
SFD_NONBLOCK = 0x800
SIOCATMARK = 0x8905
@@ -311,6 +339,9 @@ const (
SO_CNX_ADVICE = 0x35
SO_COOKIE = 0x39
SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DEVMEM_DMABUF = 0x4f
+ SO_DEVMEM_DONTNEED = 0x50
+ SO_DEVMEM_LINEAR = 0x4e
SO_DOMAIN = 0x27
SO_DONTROUTE = 0x5
SO_ERROR = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
index c63985560f61f166fdf70c03729b0ebb6613eec6..680018a4a7c9f0f67be48f7ebd0a31a7b6438d38 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
@@ -78,6 +78,8 @@ const (
ECHOPRT = 0x400
EFD_CLOEXEC = 0x80000
EFD_NONBLOCK = 0x800
+ EPIOCGPARAMS = 0x80088a02
+ EPIOCSPARAMS = 0x40088a01
EPOLL_CLOEXEC = 0x80000
EXTPROC = 0x10000
FF1 = 0x8000
@@ -106,6 +108,7 @@ const (
HIDIOCGRAWINFO = 0x80084803
HIDIOCGRDESC = 0x90044802
HIDIOCGRDESCSIZE = 0x80044801
+ HIDIOCREVOKE = 0x4004480d
HUPCL = 0x400
ICANON = 0x2
IEXTEN = 0x8000
@@ -148,9 +151,14 @@ const (
NFDBITS = 0x20
NLDLY = 0x100
NOFLSH = 0x80
+ NS_GET_MNTNS_ID = 0x8008b705
NS_GET_NSTYPE = 0xb703
NS_GET_OWNER_UID = 0xb704
NS_GET_PARENT = 0xb702
+ NS_GET_PID_FROM_PIDNS = 0x8004b706
+ NS_GET_PID_IN_PIDNS = 0x8004b708
+ NS_GET_TGID_FROM_PIDNS = 0x8004b707
+ NS_GET_TGID_IN_PIDNS = 0x8004b709
NS_GET_USERNS = 0xb701
OLCUC = 0x2
ONLCR = 0x4
@@ -227,6 +235,20 @@ const (
PPPIOCUNBRIDGECHAN = 0x7434
PPPIOCXFERUNIT = 0x744e
PR_SET_PTRACER_ANY = 0xffffffff
+ PTP_CLOCK_GETCAPS = 0x80503d01
+ PTP_CLOCK_GETCAPS2 = 0x80503d0a
+ PTP_ENABLE_PPS = 0x40043d04
+ PTP_ENABLE_PPS2 = 0x40043d0d
+ PTP_EXTTS_REQUEST = 0x40103d02
+ PTP_EXTTS_REQUEST2 = 0x40103d0b
+ PTP_MASK_CLEAR_ALL = 0x3d13
+ PTP_MASK_EN_SINGLE = 0x40043d14
+ PTP_PEROUT_REQUEST = 0x40383d03
+ PTP_PEROUT_REQUEST2 = 0x40383d0c
+ PTP_PIN_SETFUNC = 0x40603d07
+ PTP_PIN_SETFUNC2 = 0x40603d10
+ PTP_SYS_OFFSET = 0x43403d05
+ PTP_SYS_OFFSET2 = 0x43403d0e
PTRACE_GETCRUNCHREGS = 0x19
PTRACE_GETFDPIC = 0x1f
PTRACE_GETFDPIC_EXEC = 0x0
@@ -282,12 +304,17 @@ const (
RTC_WIE_ON = 0x700f
RTC_WKALM_RD = 0x80287010
RTC_WKALM_SET = 0x4028700f
+ SCM_DEVMEM_DMABUF = 0x4f
+ SCM_DEVMEM_LINEAR = 0x4e
SCM_TIMESTAMPING = 0x25
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104
SFD_CLOEXEC = 0x80000
SFD_NONBLOCK = 0x800
SIOCATMARK = 0x8905
@@ -317,6 +344,9 @@ const (
SO_CNX_ADVICE = 0x35
SO_COOKIE = 0x39
SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DEVMEM_DMABUF = 0x4f
+ SO_DEVMEM_DONTNEED = 0x50
+ SO_DEVMEM_LINEAR = 0x4e
SO_DOMAIN = 0x27
SO_DONTROUTE = 0x5
SO_ERROR = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
index 47cc62e25c148256373d1a3dd2b330b9b0a48250..a63909f308d6d7d45db1b23ba71826ef51bd4c72 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
@@ -78,6 +78,8 @@ const (
ECHOPRT = 0x400
EFD_CLOEXEC = 0x80000
EFD_NONBLOCK = 0x800
+ EPIOCGPARAMS = 0x80088a02
+ EPIOCSPARAMS = 0x40088a01
EPOLL_CLOEXEC = 0x80000
ESR_MAGIC = 0x45535201
EXTPROC = 0x10000
@@ -87,6 +89,7 @@ const (
FICLONE = 0x40049409
FICLONERANGE = 0x4020940d
FLUSHO = 0x1000
+ FPMR_MAGIC = 0x46504d52
FPSIMD_MAGIC = 0x46508001
FS_IOC_ENABLE_VERITY = 0x40806685
FS_IOC_GETFLAGS = 0x80086601
@@ -109,6 +112,7 @@ const (
HIDIOCGRAWINFO = 0x80084803
HIDIOCGRDESC = 0x90044802
HIDIOCGRDESCSIZE = 0x80044801
+ HIDIOCREVOKE = 0x4004480d
HUPCL = 0x400
ICANON = 0x2
IEXTEN = 0x8000
@@ -151,9 +155,14 @@ const (
NFDBITS = 0x40
NLDLY = 0x100
NOFLSH = 0x80
+ NS_GET_MNTNS_ID = 0x8008b705
NS_GET_NSTYPE = 0xb703
NS_GET_OWNER_UID = 0xb704
NS_GET_PARENT = 0xb702
+ NS_GET_PID_FROM_PIDNS = 0x8004b706
+ NS_GET_PID_IN_PIDNS = 0x8004b708
+ NS_GET_TGID_FROM_PIDNS = 0x8004b707
+ NS_GET_TGID_IN_PIDNS = 0x8004b709
NS_GET_USERNS = 0xb701
OLCUC = 0x2
ONLCR = 0x4
@@ -197,6 +206,7 @@ const (
PERF_EVENT_IOC_SET_BPF = 0x40042408
PERF_EVENT_IOC_SET_FILTER = 0x40082406
PERF_EVENT_IOC_SET_OUTPUT = 0x2405
+ POE_MAGIC = 0x504f4530
PPPIOCATTACH = 0x4004743d
PPPIOCATTCHAN = 0x40047438
PPPIOCBRIDGECHAN = 0x40047435
@@ -232,6 +242,20 @@ const (
PROT_BTI = 0x10
PROT_MTE = 0x20
PR_SET_PTRACER_ANY = 0xffffffffffffffff
+ PTP_CLOCK_GETCAPS = 0x80503d01
+ PTP_CLOCK_GETCAPS2 = 0x80503d0a
+ PTP_ENABLE_PPS = 0x40043d04
+ PTP_ENABLE_PPS2 = 0x40043d0d
+ PTP_EXTTS_REQUEST = 0x40103d02
+ PTP_EXTTS_REQUEST2 = 0x40103d0b
+ PTP_MASK_CLEAR_ALL = 0x3d13
+ PTP_MASK_EN_SINGLE = 0x40043d14
+ PTP_PEROUT_REQUEST = 0x40383d03
+ PTP_PEROUT_REQUEST2 = 0x40383d0c
+ PTP_PIN_SETFUNC = 0x40603d07
+ PTP_PIN_SETFUNC2 = 0x40603d10
+ PTP_SYS_OFFSET = 0x43403d05
+ PTP_SYS_OFFSET2 = 0x43403d0e
PTRACE_PEEKMTETAGS = 0x21
PTRACE_POKEMTETAGS = 0x22
PTRACE_SYSEMU = 0x1f
@@ -272,12 +296,17 @@ const (
RTC_WIE_ON = 0x700f
RTC_WKALM_RD = 0x80287010
RTC_WKALM_SET = 0x4028700f
+ SCM_DEVMEM_DMABUF = 0x4f
+ SCM_DEVMEM_LINEAR = 0x4e
SCM_TIMESTAMPING = 0x25
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104
SFD_CLOEXEC = 0x80000
SFD_NONBLOCK = 0x800
SIOCATMARK = 0x8905
@@ -307,6 +336,9 @@ const (
SO_CNX_ADVICE = 0x35
SO_COOKIE = 0x39
SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DEVMEM_DMABUF = 0x4f
+ SO_DEVMEM_DONTNEED = 0x50
+ SO_DEVMEM_LINEAR = 0x4e
SO_DOMAIN = 0x27
SO_DONTROUTE = 0x5
SO_ERROR = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
index 27ac4a09e22a65aafa9c40f35f9688e1f9f86e9c..9b0a2573fe3fb37337d0c4b87cf268bf95deeb87 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
@@ -78,6 +78,8 @@ const (
ECHOPRT = 0x400
EFD_CLOEXEC = 0x80000
EFD_NONBLOCK = 0x800
+ EPIOCGPARAMS = 0x80088a02
+ EPIOCSPARAMS = 0x40088a01
EPOLL_CLOEXEC = 0x80000
EXTPROC = 0x10000
FF1 = 0x8000
@@ -107,6 +109,7 @@ const (
HIDIOCGRAWINFO = 0x80084803
HIDIOCGRDESC = 0x90044802
HIDIOCGRDESCSIZE = 0x80044801
+ HIDIOCREVOKE = 0x4004480d
HUPCL = 0x400
ICANON = 0x2
IEXTEN = 0x8000
@@ -152,9 +155,14 @@ const (
NFDBITS = 0x40
NLDLY = 0x100
NOFLSH = 0x80
+ NS_GET_MNTNS_ID = 0x8008b705
NS_GET_NSTYPE = 0xb703
NS_GET_OWNER_UID = 0xb704
NS_GET_PARENT = 0xb702
+ NS_GET_PID_FROM_PIDNS = 0x8004b706
+ NS_GET_PID_IN_PIDNS = 0x8004b708
+ NS_GET_TGID_FROM_PIDNS = 0x8004b707
+ NS_GET_TGID_IN_PIDNS = 0x8004b709
NS_GET_USERNS = 0xb701
OLCUC = 0x2
ONLCR = 0x4
@@ -231,6 +239,20 @@ const (
PPPIOCUNBRIDGECHAN = 0x7434
PPPIOCXFERUNIT = 0x744e
PR_SET_PTRACER_ANY = 0xffffffffffffffff
+ PTP_CLOCK_GETCAPS = 0x80503d01
+ PTP_CLOCK_GETCAPS2 = 0x80503d0a
+ PTP_ENABLE_PPS = 0x40043d04
+ PTP_ENABLE_PPS2 = 0x40043d0d
+ PTP_EXTTS_REQUEST = 0x40103d02
+ PTP_EXTTS_REQUEST2 = 0x40103d0b
+ PTP_MASK_CLEAR_ALL = 0x3d13
+ PTP_MASK_EN_SINGLE = 0x40043d14
+ PTP_PEROUT_REQUEST = 0x40383d03
+ PTP_PEROUT_REQUEST2 = 0x40383d0c
+ PTP_PIN_SETFUNC = 0x40603d07
+ PTP_PIN_SETFUNC2 = 0x40603d10
+ PTP_SYS_OFFSET = 0x43403d05
+ PTP_SYS_OFFSET2 = 0x43403d0e
PTRACE_SYSEMU = 0x1f
PTRACE_SYSEMU_SINGLESTEP = 0x20
RLIMIT_AS = 0x9
@@ -269,12 +291,17 @@ const (
RTC_WIE_ON = 0x700f
RTC_WKALM_RD = 0x80287010
RTC_WKALM_SET = 0x4028700f
+ SCM_DEVMEM_DMABUF = 0x4f
+ SCM_DEVMEM_LINEAR = 0x4e
SCM_TIMESTAMPING = 0x25
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104
SFD_CLOEXEC = 0x80000
SFD_NONBLOCK = 0x800
SIOCATMARK = 0x8905
@@ -304,6 +331,9 @@ const (
SO_CNX_ADVICE = 0x35
SO_COOKIE = 0x39
SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DEVMEM_DMABUF = 0x4f
+ SO_DEVMEM_DONTNEED = 0x50
+ SO_DEVMEM_LINEAR = 0x4e
SO_DOMAIN = 0x27
SO_DONTROUTE = 0x5
SO_ERROR = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
index 54694642a5de9fd3e46b0960cc8704fc8ce38449..958e6e0645acddc8287e1bdae4f672a49a3fb06b 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
@@ -78,6 +78,8 @@ const (
ECHOPRT = 0x400
EFD_CLOEXEC = 0x80000
EFD_NONBLOCK = 0x80
+ EPIOCGPARAMS = 0x40088a02
+ EPIOCSPARAMS = 0x80088a01
EPOLL_CLOEXEC = 0x80000
EXTPROC = 0x10000
FF1 = 0x8000
@@ -106,6 +108,7 @@ const (
HIDIOCGRAWINFO = 0x40084803
HIDIOCGRDESC = 0x50044802
HIDIOCGRDESCSIZE = 0x40044801
+ HIDIOCREVOKE = 0x8004480d
HUPCL = 0x400
ICANON = 0x2
IEXTEN = 0x100
@@ -148,9 +151,14 @@ const (
NFDBITS = 0x20
NLDLY = 0x100
NOFLSH = 0x80
+ NS_GET_MNTNS_ID = 0x4008b705
NS_GET_NSTYPE = 0x2000b703
NS_GET_OWNER_UID = 0x2000b704
NS_GET_PARENT = 0x2000b702
+ NS_GET_PID_FROM_PIDNS = 0x4004b706
+ NS_GET_PID_IN_PIDNS = 0x4004b708
+ NS_GET_TGID_FROM_PIDNS = 0x4004b707
+ NS_GET_TGID_IN_PIDNS = 0x4004b709
NS_GET_USERNS = 0x2000b701
OLCUC = 0x2
ONLCR = 0x4
@@ -227,6 +235,20 @@ const (
PPPIOCUNBRIDGECHAN = 0x20007434
PPPIOCXFERUNIT = 0x2000744e
PR_SET_PTRACER_ANY = 0xffffffff
+ PTP_CLOCK_GETCAPS = 0x40503d01
+ PTP_CLOCK_GETCAPS2 = 0x40503d0a
+ PTP_ENABLE_PPS = 0x80043d04
+ PTP_ENABLE_PPS2 = 0x80043d0d
+ PTP_EXTTS_REQUEST = 0x80103d02
+ PTP_EXTTS_REQUEST2 = 0x80103d0b
+ PTP_MASK_CLEAR_ALL = 0x20003d13
+ PTP_MASK_EN_SINGLE = 0x80043d14
+ PTP_PEROUT_REQUEST = 0x80383d03
+ PTP_PEROUT_REQUEST2 = 0x80383d0c
+ PTP_PIN_SETFUNC = 0x80603d07
+ PTP_PIN_SETFUNC2 = 0x80603d10
+ PTP_SYS_OFFSET = 0x83403d05
+ PTP_SYS_OFFSET2 = 0x83403d0e
PTRACE_GETFPREGS = 0xe
PTRACE_GET_THREAD_AREA = 0x19
PTRACE_GET_THREAD_AREA_3264 = 0xc4
@@ -275,12 +297,17 @@ const (
RTC_WIE_ON = 0x2000700f
RTC_WKALM_RD = 0x40287010
RTC_WKALM_SET = 0x8028700f
+ SCM_DEVMEM_DMABUF = 0x4f
+ SCM_DEVMEM_LINEAR = 0x4e
SCM_TIMESTAMPING = 0x25
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104
SFD_CLOEXEC = 0x80000
SFD_NONBLOCK = 0x80
SIOCATMARK = 0x40047307
@@ -310,6 +337,9 @@ const (
SO_CNX_ADVICE = 0x35
SO_COOKIE = 0x39
SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DEVMEM_DMABUF = 0x4f
+ SO_DEVMEM_DONTNEED = 0x50
+ SO_DEVMEM_LINEAR = 0x4e
SO_DOMAIN = 0x1029
SO_DONTROUTE = 0x10
SO_ERROR = 0x1007
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
index 3adb81d75822cbeb8da73e416a79354ff01b528c..50c7f25bd16c6b4bb48ba4f594c2c8064796075a 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
@@ -78,6 +78,8 @@ const (
ECHOPRT = 0x400
EFD_CLOEXEC = 0x80000
EFD_NONBLOCK = 0x80
+ EPIOCGPARAMS = 0x40088a02
+ EPIOCSPARAMS = 0x80088a01
EPOLL_CLOEXEC = 0x80000
EXTPROC = 0x10000
FF1 = 0x8000
@@ -106,6 +108,7 @@ const (
HIDIOCGRAWINFO = 0x40084803
HIDIOCGRDESC = 0x50044802
HIDIOCGRDESCSIZE = 0x40044801
+ HIDIOCREVOKE = 0x8004480d
HUPCL = 0x400
ICANON = 0x2
IEXTEN = 0x100
@@ -148,9 +151,14 @@ const (
NFDBITS = 0x40
NLDLY = 0x100
NOFLSH = 0x80
+ NS_GET_MNTNS_ID = 0x4008b705
NS_GET_NSTYPE = 0x2000b703
NS_GET_OWNER_UID = 0x2000b704
NS_GET_PARENT = 0x2000b702
+ NS_GET_PID_FROM_PIDNS = 0x4004b706
+ NS_GET_PID_IN_PIDNS = 0x4004b708
+ NS_GET_TGID_FROM_PIDNS = 0x4004b707
+ NS_GET_TGID_IN_PIDNS = 0x4004b709
NS_GET_USERNS = 0x2000b701
OLCUC = 0x2
ONLCR = 0x4
@@ -227,6 +235,20 @@ const (
PPPIOCUNBRIDGECHAN = 0x20007434
PPPIOCXFERUNIT = 0x2000744e
PR_SET_PTRACER_ANY = 0xffffffffffffffff
+ PTP_CLOCK_GETCAPS = 0x40503d01
+ PTP_CLOCK_GETCAPS2 = 0x40503d0a
+ PTP_ENABLE_PPS = 0x80043d04
+ PTP_ENABLE_PPS2 = 0x80043d0d
+ PTP_EXTTS_REQUEST = 0x80103d02
+ PTP_EXTTS_REQUEST2 = 0x80103d0b
+ PTP_MASK_CLEAR_ALL = 0x20003d13
+ PTP_MASK_EN_SINGLE = 0x80043d14
+ PTP_PEROUT_REQUEST = 0x80383d03
+ PTP_PEROUT_REQUEST2 = 0x80383d0c
+ PTP_PIN_SETFUNC = 0x80603d07
+ PTP_PIN_SETFUNC2 = 0x80603d10
+ PTP_SYS_OFFSET = 0x83403d05
+ PTP_SYS_OFFSET2 = 0x83403d0e
PTRACE_GETFPREGS = 0xe
PTRACE_GET_THREAD_AREA = 0x19
PTRACE_GET_THREAD_AREA_3264 = 0xc4
@@ -275,12 +297,17 @@ const (
RTC_WIE_ON = 0x2000700f
RTC_WKALM_RD = 0x40287010
RTC_WKALM_SET = 0x8028700f
+ SCM_DEVMEM_DMABUF = 0x4f
+ SCM_DEVMEM_LINEAR = 0x4e
SCM_TIMESTAMPING = 0x25
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104
SFD_CLOEXEC = 0x80000
SFD_NONBLOCK = 0x80
SIOCATMARK = 0x40047307
@@ -310,6 +337,9 @@ const (
SO_CNX_ADVICE = 0x35
SO_COOKIE = 0x39
SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DEVMEM_DMABUF = 0x4f
+ SO_DEVMEM_DONTNEED = 0x50
+ SO_DEVMEM_LINEAR = 0x4e
SO_DOMAIN = 0x1029
SO_DONTROUTE = 0x10
SO_ERROR = 0x1007
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
index 2dfe98f0d1b15d66f92a7dbfadfc87d0ef2856c2..ced21d66d955aa1471413648b780ac6a79c29dda 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
@@ -78,6 +78,8 @@ const (
ECHOPRT = 0x400
EFD_CLOEXEC = 0x80000
EFD_NONBLOCK = 0x80
+ EPIOCGPARAMS = 0x40088a02
+ EPIOCSPARAMS = 0x80088a01
EPOLL_CLOEXEC = 0x80000
EXTPROC = 0x10000
FF1 = 0x8000
@@ -106,6 +108,7 @@ const (
HIDIOCGRAWINFO = 0x40084803
HIDIOCGRDESC = 0x50044802
HIDIOCGRDESCSIZE = 0x40044801
+ HIDIOCREVOKE = 0x8004480d
HUPCL = 0x400
ICANON = 0x2
IEXTEN = 0x100
@@ -148,9 +151,14 @@ const (
NFDBITS = 0x40
NLDLY = 0x100
NOFLSH = 0x80
+ NS_GET_MNTNS_ID = 0x4008b705
NS_GET_NSTYPE = 0x2000b703
NS_GET_OWNER_UID = 0x2000b704
NS_GET_PARENT = 0x2000b702
+ NS_GET_PID_FROM_PIDNS = 0x4004b706
+ NS_GET_PID_IN_PIDNS = 0x4004b708
+ NS_GET_TGID_FROM_PIDNS = 0x4004b707
+ NS_GET_TGID_IN_PIDNS = 0x4004b709
NS_GET_USERNS = 0x2000b701
OLCUC = 0x2
ONLCR = 0x4
@@ -227,6 +235,20 @@ const (
PPPIOCUNBRIDGECHAN = 0x20007434
PPPIOCXFERUNIT = 0x2000744e
PR_SET_PTRACER_ANY = 0xffffffffffffffff
+ PTP_CLOCK_GETCAPS = 0x40503d01
+ PTP_CLOCK_GETCAPS2 = 0x40503d0a
+ PTP_ENABLE_PPS = 0x80043d04
+ PTP_ENABLE_PPS2 = 0x80043d0d
+ PTP_EXTTS_REQUEST = 0x80103d02
+ PTP_EXTTS_REQUEST2 = 0x80103d0b
+ PTP_MASK_CLEAR_ALL = 0x20003d13
+ PTP_MASK_EN_SINGLE = 0x80043d14
+ PTP_PEROUT_REQUEST = 0x80383d03
+ PTP_PEROUT_REQUEST2 = 0x80383d0c
+ PTP_PIN_SETFUNC = 0x80603d07
+ PTP_PIN_SETFUNC2 = 0x80603d10
+ PTP_SYS_OFFSET = 0x83403d05
+ PTP_SYS_OFFSET2 = 0x83403d0e
PTRACE_GETFPREGS = 0xe
PTRACE_GET_THREAD_AREA = 0x19
PTRACE_GET_THREAD_AREA_3264 = 0xc4
@@ -275,12 +297,17 @@ const (
RTC_WIE_ON = 0x2000700f
RTC_WKALM_RD = 0x40287010
RTC_WKALM_SET = 0x8028700f
+ SCM_DEVMEM_DMABUF = 0x4f
+ SCM_DEVMEM_LINEAR = 0x4e
SCM_TIMESTAMPING = 0x25
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104
SFD_CLOEXEC = 0x80000
SFD_NONBLOCK = 0x80
SIOCATMARK = 0x40047307
@@ -310,6 +337,9 @@ const (
SO_CNX_ADVICE = 0x35
SO_COOKIE = 0x39
SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DEVMEM_DMABUF = 0x4f
+ SO_DEVMEM_DONTNEED = 0x50
+ SO_DEVMEM_LINEAR = 0x4e
SO_DOMAIN = 0x1029
SO_DONTROUTE = 0x10
SO_ERROR = 0x1007
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
index f5398f84f041bd06c5b324e7e08b15277b0a440c..226c0441902358d4fe95110e043721360edb84f8 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
@@ -78,6 +78,8 @@ const (
ECHOPRT = 0x400
EFD_CLOEXEC = 0x80000
EFD_NONBLOCK = 0x80
+ EPIOCGPARAMS = 0x40088a02
+ EPIOCSPARAMS = 0x80088a01
EPOLL_CLOEXEC = 0x80000
EXTPROC = 0x10000
FF1 = 0x8000
@@ -106,6 +108,7 @@ const (
HIDIOCGRAWINFO = 0x40084803
HIDIOCGRDESC = 0x50044802
HIDIOCGRDESCSIZE = 0x40044801
+ HIDIOCREVOKE = 0x8004480d
HUPCL = 0x400
ICANON = 0x2
IEXTEN = 0x100
@@ -148,9 +151,14 @@ const (
NFDBITS = 0x20
NLDLY = 0x100
NOFLSH = 0x80
+ NS_GET_MNTNS_ID = 0x4008b705
NS_GET_NSTYPE = 0x2000b703
NS_GET_OWNER_UID = 0x2000b704
NS_GET_PARENT = 0x2000b702
+ NS_GET_PID_FROM_PIDNS = 0x4004b706
+ NS_GET_PID_IN_PIDNS = 0x4004b708
+ NS_GET_TGID_FROM_PIDNS = 0x4004b707
+ NS_GET_TGID_IN_PIDNS = 0x4004b709
NS_GET_USERNS = 0x2000b701
OLCUC = 0x2
ONLCR = 0x4
@@ -227,6 +235,20 @@ const (
PPPIOCUNBRIDGECHAN = 0x20007434
PPPIOCXFERUNIT = 0x2000744e
PR_SET_PTRACER_ANY = 0xffffffff
+ PTP_CLOCK_GETCAPS = 0x40503d01
+ PTP_CLOCK_GETCAPS2 = 0x40503d0a
+ PTP_ENABLE_PPS = 0x80043d04
+ PTP_ENABLE_PPS2 = 0x80043d0d
+ PTP_EXTTS_REQUEST = 0x80103d02
+ PTP_EXTTS_REQUEST2 = 0x80103d0b
+ PTP_MASK_CLEAR_ALL = 0x20003d13
+ PTP_MASK_EN_SINGLE = 0x80043d14
+ PTP_PEROUT_REQUEST = 0x80383d03
+ PTP_PEROUT_REQUEST2 = 0x80383d0c
+ PTP_PIN_SETFUNC = 0x80603d07
+ PTP_PIN_SETFUNC2 = 0x80603d10
+ PTP_SYS_OFFSET = 0x83403d05
+ PTP_SYS_OFFSET2 = 0x83403d0e
PTRACE_GETFPREGS = 0xe
PTRACE_GET_THREAD_AREA = 0x19
PTRACE_GET_THREAD_AREA_3264 = 0xc4
@@ -275,12 +297,17 @@ const (
RTC_WIE_ON = 0x2000700f
RTC_WKALM_RD = 0x40287010
RTC_WKALM_SET = 0x8028700f
+ SCM_DEVMEM_DMABUF = 0x4f
+ SCM_DEVMEM_LINEAR = 0x4e
SCM_TIMESTAMPING = 0x25
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104
SFD_CLOEXEC = 0x80000
SFD_NONBLOCK = 0x80
SIOCATMARK = 0x40047307
@@ -310,6 +337,9 @@ const (
SO_CNX_ADVICE = 0x35
SO_COOKIE = 0x39
SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DEVMEM_DMABUF = 0x4f
+ SO_DEVMEM_DONTNEED = 0x50
+ SO_DEVMEM_LINEAR = 0x4e
SO_DOMAIN = 0x1029
SO_DONTROUTE = 0x10
SO_ERROR = 0x1007
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
index c54f152d68fd2ed04853dbe94fb3817e78d001a4..3122737cd464f0b9033911d2e928a48994c7b8fd 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
@@ -78,6 +78,8 @@ const (
ECHOPRT = 0x20
EFD_CLOEXEC = 0x80000
EFD_NONBLOCK = 0x800
+ EPIOCGPARAMS = 0x40088a02
+ EPIOCSPARAMS = 0x80088a01
EPOLL_CLOEXEC = 0x80000
EXTPROC = 0x10000000
FF1 = 0x4000
@@ -106,6 +108,7 @@ const (
HIDIOCGRAWINFO = 0x40084803
HIDIOCGRDESC = 0x50044802
HIDIOCGRDESCSIZE = 0x40044801
+ HIDIOCREVOKE = 0x8004480d
HUPCL = 0x4000
ICANON = 0x100
IEXTEN = 0x400
@@ -150,9 +153,14 @@ const (
NL3 = 0x300
NLDLY = 0x300
NOFLSH = 0x80000000
+ NS_GET_MNTNS_ID = 0x4008b705
NS_GET_NSTYPE = 0x2000b703
NS_GET_OWNER_UID = 0x2000b704
NS_GET_PARENT = 0x2000b702
+ NS_GET_PID_FROM_PIDNS = 0x4004b706
+ NS_GET_PID_IN_PIDNS = 0x4004b708
+ NS_GET_TGID_FROM_PIDNS = 0x4004b707
+ NS_GET_TGID_IN_PIDNS = 0x4004b709
NS_GET_USERNS = 0x2000b701
OLCUC = 0x4
ONLCR = 0x2
@@ -230,6 +238,20 @@ const (
PPPIOCXFERUNIT = 0x2000744e
PROT_SAO = 0x10
PR_SET_PTRACER_ANY = 0xffffffff
+ PTP_CLOCK_GETCAPS = 0x40503d01
+ PTP_CLOCK_GETCAPS2 = 0x40503d0a
+ PTP_ENABLE_PPS = 0x80043d04
+ PTP_ENABLE_PPS2 = 0x80043d0d
+ PTP_EXTTS_REQUEST = 0x80103d02
+ PTP_EXTTS_REQUEST2 = 0x80103d0b
+ PTP_MASK_CLEAR_ALL = 0x20003d13
+ PTP_MASK_EN_SINGLE = 0x80043d14
+ PTP_PEROUT_REQUEST = 0x80383d03
+ PTP_PEROUT_REQUEST2 = 0x80383d0c
+ PTP_PIN_SETFUNC = 0x80603d07
+ PTP_PIN_SETFUNC2 = 0x80603d10
+ PTP_SYS_OFFSET = 0x83403d05
+ PTP_SYS_OFFSET2 = 0x83403d0e
PTRACE_GETEVRREGS = 0x14
PTRACE_GETFPREGS = 0xe
PTRACE_GETREGS64 = 0x16
@@ -330,12 +352,17 @@ const (
RTC_WIE_ON = 0x2000700f
RTC_WKALM_RD = 0x40287010
RTC_WKALM_SET = 0x8028700f
+ SCM_DEVMEM_DMABUF = 0x4f
+ SCM_DEVMEM_LINEAR = 0x4e
SCM_TIMESTAMPING = 0x25
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104
SFD_CLOEXEC = 0x80000
SFD_NONBLOCK = 0x800
SIOCATMARK = 0x8905
@@ -365,6 +392,9 @@ const (
SO_CNX_ADVICE = 0x35
SO_COOKIE = 0x39
SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DEVMEM_DMABUF = 0x4f
+ SO_DEVMEM_DONTNEED = 0x50
+ SO_DEVMEM_LINEAR = 0x4e
SO_DOMAIN = 0x27
SO_DONTROUTE = 0x5
SO_ERROR = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
index 76057dc72fb5db041e5ddf5aa3f9fd62735c7649..eb5d3467edf0c1a6fcda2fd26ca8685a89207a1f 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
@@ -78,6 +78,8 @@ const (
ECHOPRT = 0x20
EFD_CLOEXEC = 0x80000
EFD_NONBLOCK = 0x800
+ EPIOCGPARAMS = 0x40088a02
+ EPIOCSPARAMS = 0x80088a01
EPOLL_CLOEXEC = 0x80000
EXTPROC = 0x10000000
FF1 = 0x4000
@@ -106,6 +108,7 @@ const (
HIDIOCGRAWINFO = 0x40084803
HIDIOCGRDESC = 0x50044802
HIDIOCGRDESCSIZE = 0x40044801
+ HIDIOCREVOKE = 0x8004480d
HUPCL = 0x4000
ICANON = 0x100
IEXTEN = 0x400
@@ -150,9 +153,14 @@ const (
NL3 = 0x300
NLDLY = 0x300
NOFLSH = 0x80000000
+ NS_GET_MNTNS_ID = 0x4008b705
NS_GET_NSTYPE = 0x2000b703
NS_GET_OWNER_UID = 0x2000b704
NS_GET_PARENT = 0x2000b702
+ NS_GET_PID_FROM_PIDNS = 0x4004b706
+ NS_GET_PID_IN_PIDNS = 0x4004b708
+ NS_GET_TGID_FROM_PIDNS = 0x4004b707
+ NS_GET_TGID_IN_PIDNS = 0x4004b709
NS_GET_USERNS = 0x2000b701
OLCUC = 0x4
ONLCR = 0x2
@@ -230,6 +238,20 @@ const (
PPPIOCXFERUNIT = 0x2000744e
PROT_SAO = 0x10
PR_SET_PTRACER_ANY = 0xffffffffffffffff
+ PTP_CLOCK_GETCAPS = 0x40503d01
+ PTP_CLOCK_GETCAPS2 = 0x40503d0a
+ PTP_ENABLE_PPS = 0x80043d04
+ PTP_ENABLE_PPS2 = 0x80043d0d
+ PTP_EXTTS_REQUEST = 0x80103d02
+ PTP_EXTTS_REQUEST2 = 0x80103d0b
+ PTP_MASK_CLEAR_ALL = 0x20003d13
+ PTP_MASK_EN_SINGLE = 0x80043d14
+ PTP_PEROUT_REQUEST = 0x80383d03
+ PTP_PEROUT_REQUEST2 = 0x80383d0c
+ PTP_PIN_SETFUNC = 0x80603d07
+ PTP_PIN_SETFUNC2 = 0x80603d10
+ PTP_SYS_OFFSET = 0x83403d05
+ PTP_SYS_OFFSET2 = 0x83403d0e
PTRACE_GETEVRREGS = 0x14
PTRACE_GETFPREGS = 0xe
PTRACE_GETREGS64 = 0x16
@@ -334,12 +356,17 @@ const (
RTC_WIE_ON = 0x2000700f
RTC_WKALM_RD = 0x40287010
RTC_WKALM_SET = 0x8028700f
+ SCM_DEVMEM_DMABUF = 0x4f
+ SCM_DEVMEM_LINEAR = 0x4e
SCM_TIMESTAMPING = 0x25
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104
SFD_CLOEXEC = 0x80000
SFD_NONBLOCK = 0x800
SIOCATMARK = 0x8905
@@ -369,6 +396,9 @@ const (
SO_CNX_ADVICE = 0x35
SO_COOKIE = 0x39
SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DEVMEM_DMABUF = 0x4f
+ SO_DEVMEM_DONTNEED = 0x50
+ SO_DEVMEM_LINEAR = 0x4e
SO_DOMAIN = 0x27
SO_DONTROUTE = 0x5
SO_ERROR = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
index e0c3725e2b89c28c83f20c81dc9c78a901c2ae1c..e921ebc60b7142bf22eb748914eaf6557ce644b9 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
@@ -78,6 +78,8 @@ const (
ECHOPRT = 0x20
EFD_CLOEXEC = 0x80000
EFD_NONBLOCK = 0x800
+ EPIOCGPARAMS = 0x40088a02
+ EPIOCSPARAMS = 0x80088a01
EPOLL_CLOEXEC = 0x80000
EXTPROC = 0x10000000
FF1 = 0x4000
@@ -106,6 +108,7 @@ const (
HIDIOCGRAWINFO = 0x40084803
HIDIOCGRDESC = 0x50044802
HIDIOCGRDESCSIZE = 0x40044801
+ HIDIOCREVOKE = 0x8004480d
HUPCL = 0x4000
ICANON = 0x100
IEXTEN = 0x400
@@ -150,9 +153,14 @@ const (
NL3 = 0x300
NLDLY = 0x300
NOFLSH = 0x80000000
+ NS_GET_MNTNS_ID = 0x4008b705
NS_GET_NSTYPE = 0x2000b703
NS_GET_OWNER_UID = 0x2000b704
NS_GET_PARENT = 0x2000b702
+ NS_GET_PID_FROM_PIDNS = 0x4004b706
+ NS_GET_PID_IN_PIDNS = 0x4004b708
+ NS_GET_TGID_FROM_PIDNS = 0x4004b707
+ NS_GET_TGID_IN_PIDNS = 0x4004b709
NS_GET_USERNS = 0x2000b701
OLCUC = 0x4
ONLCR = 0x2
@@ -230,6 +238,20 @@ const (
PPPIOCXFERUNIT = 0x2000744e
PROT_SAO = 0x10
PR_SET_PTRACER_ANY = 0xffffffffffffffff
+ PTP_CLOCK_GETCAPS = 0x40503d01
+ PTP_CLOCK_GETCAPS2 = 0x40503d0a
+ PTP_ENABLE_PPS = 0x80043d04
+ PTP_ENABLE_PPS2 = 0x80043d0d
+ PTP_EXTTS_REQUEST = 0x80103d02
+ PTP_EXTTS_REQUEST2 = 0x80103d0b
+ PTP_MASK_CLEAR_ALL = 0x20003d13
+ PTP_MASK_EN_SINGLE = 0x80043d14
+ PTP_PEROUT_REQUEST = 0x80383d03
+ PTP_PEROUT_REQUEST2 = 0x80383d0c
+ PTP_PIN_SETFUNC = 0x80603d07
+ PTP_PIN_SETFUNC2 = 0x80603d10
+ PTP_SYS_OFFSET = 0x83403d05
+ PTP_SYS_OFFSET2 = 0x83403d0e
PTRACE_GETEVRREGS = 0x14
PTRACE_GETFPREGS = 0xe
PTRACE_GETREGS64 = 0x16
@@ -334,12 +356,17 @@ const (
RTC_WIE_ON = 0x2000700f
RTC_WKALM_RD = 0x40287010
RTC_WKALM_SET = 0x8028700f
+ SCM_DEVMEM_DMABUF = 0x4f
+ SCM_DEVMEM_LINEAR = 0x4e
SCM_TIMESTAMPING = 0x25
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104
SFD_CLOEXEC = 0x80000
SFD_NONBLOCK = 0x800
SIOCATMARK = 0x8905
@@ -369,6 +396,9 @@ const (
SO_CNX_ADVICE = 0x35
SO_COOKIE = 0x39
SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DEVMEM_DMABUF = 0x4f
+ SO_DEVMEM_DONTNEED = 0x50
+ SO_DEVMEM_LINEAR = 0x4e
SO_DOMAIN = 0x27
SO_DONTROUTE = 0x5
SO_ERROR = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
index 18f2813ed54b736a52474928060d07ef61907753..38ba81c55c1fd3f8fee36578e2a5b67e1a5b1eb1 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
@@ -78,6 +78,8 @@ const (
ECHOPRT = 0x400
EFD_CLOEXEC = 0x80000
EFD_NONBLOCK = 0x800
+ EPIOCGPARAMS = 0x80088a02
+ EPIOCSPARAMS = 0x40088a01
EPOLL_CLOEXEC = 0x80000
EXTPROC = 0x10000
FF1 = 0x8000
@@ -106,6 +108,7 @@ const (
HIDIOCGRAWINFO = 0x80084803
HIDIOCGRDESC = 0x90044802
HIDIOCGRDESCSIZE = 0x80044801
+ HIDIOCREVOKE = 0x4004480d
HUPCL = 0x400
ICANON = 0x2
IEXTEN = 0x8000
@@ -148,9 +151,14 @@ const (
NFDBITS = 0x40
NLDLY = 0x100
NOFLSH = 0x80
+ NS_GET_MNTNS_ID = 0x8008b705
NS_GET_NSTYPE = 0xb703
NS_GET_OWNER_UID = 0xb704
NS_GET_PARENT = 0xb702
+ NS_GET_PID_FROM_PIDNS = 0x8004b706
+ NS_GET_PID_IN_PIDNS = 0x8004b708
+ NS_GET_TGID_FROM_PIDNS = 0x8004b707
+ NS_GET_TGID_IN_PIDNS = 0x8004b709
NS_GET_USERNS = 0xb701
OLCUC = 0x2
ONLCR = 0x4
@@ -227,6 +235,20 @@ const (
PPPIOCUNBRIDGECHAN = 0x7434
PPPIOCXFERUNIT = 0x744e
PR_SET_PTRACER_ANY = 0xffffffffffffffff
+ PTP_CLOCK_GETCAPS = 0x80503d01
+ PTP_CLOCK_GETCAPS2 = 0x80503d0a
+ PTP_ENABLE_PPS = 0x40043d04
+ PTP_ENABLE_PPS2 = 0x40043d0d
+ PTP_EXTTS_REQUEST = 0x40103d02
+ PTP_EXTTS_REQUEST2 = 0x40103d0b
+ PTP_MASK_CLEAR_ALL = 0x3d13
+ PTP_MASK_EN_SINGLE = 0x40043d14
+ PTP_PEROUT_REQUEST = 0x40383d03
+ PTP_PEROUT_REQUEST2 = 0x40383d0c
+ PTP_PIN_SETFUNC = 0x40603d07
+ PTP_PIN_SETFUNC2 = 0x40603d10
+ PTP_SYS_OFFSET = 0x43403d05
+ PTP_SYS_OFFSET2 = 0x43403d0e
PTRACE_GETFDPIC = 0x21
PTRACE_GETFDPIC_EXEC = 0x0
PTRACE_GETFDPIC_INTERP = 0x1
@@ -266,12 +288,17 @@ const (
RTC_WIE_ON = 0x700f
RTC_WKALM_RD = 0x80287010
RTC_WKALM_SET = 0x4028700f
+ SCM_DEVMEM_DMABUF = 0x4f
+ SCM_DEVMEM_LINEAR = 0x4e
SCM_TIMESTAMPING = 0x25
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104
SFD_CLOEXEC = 0x80000
SFD_NONBLOCK = 0x800
SIOCATMARK = 0x8905
@@ -301,6 +328,9 @@ const (
SO_CNX_ADVICE = 0x35
SO_COOKIE = 0x39
SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DEVMEM_DMABUF = 0x4f
+ SO_DEVMEM_DONTNEED = 0x50
+ SO_DEVMEM_LINEAR = 0x4e
SO_DOMAIN = 0x27
SO_DONTROUTE = 0x5
SO_ERROR = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
index 11619d4ec88f282d48c818ac254164b84714ce66..71f0400977b3672a79401900b85701a23d8b0f99 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
@@ -78,6 +78,8 @@ const (
ECHOPRT = 0x400
EFD_CLOEXEC = 0x80000
EFD_NONBLOCK = 0x800
+ EPIOCGPARAMS = 0x80088a02
+ EPIOCSPARAMS = 0x40088a01
EPOLL_CLOEXEC = 0x80000
EXTPROC = 0x10000
FF1 = 0x8000
@@ -106,6 +108,7 @@ const (
HIDIOCGRAWINFO = 0x80084803
HIDIOCGRDESC = 0x90044802
HIDIOCGRDESCSIZE = 0x80044801
+ HIDIOCREVOKE = 0x4004480d
HUPCL = 0x400
ICANON = 0x2
IEXTEN = 0x8000
@@ -148,9 +151,14 @@ const (
NFDBITS = 0x40
NLDLY = 0x100
NOFLSH = 0x80
+ NS_GET_MNTNS_ID = 0x8008b705
NS_GET_NSTYPE = 0xb703
NS_GET_OWNER_UID = 0xb704
NS_GET_PARENT = 0xb702
+ NS_GET_PID_FROM_PIDNS = 0x8004b706
+ NS_GET_PID_IN_PIDNS = 0x8004b708
+ NS_GET_TGID_FROM_PIDNS = 0x8004b707
+ NS_GET_TGID_IN_PIDNS = 0x8004b709
NS_GET_USERNS = 0xb701
OLCUC = 0x2
ONLCR = 0x4
@@ -227,6 +235,20 @@ const (
PPPIOCUNBRIDGECHAN = 0x7434
PPPIOCXFERUNIT = 0x744e
PR_SET_PTRACER_ANY = 0xffffffffffffffff
+ PTP_CLOCK_GETCAPS = 0x80503d01
+ PTP_CLOCK_GETCAPS2 = 0x80503d0a
+ PTP_ENABLE_PPS = 0x40043d04
+ PTP_ENABLE_PPS2 = 0x40043d0d
+ PTP_EXTTS_REQUEST = 0x40103d02
+ PTP_EXTTS_REQUEST2 = 0x40103d0b
+ PTP_MASK_CLEAR_ALL = 0x3d13
+ PTP_MASK_EN_SINGLE = 0x40043d14
+ PTP_PEROUT_REQUEST = 0x40383d03
+ PTP_PEROUT_REQUEST2 = 0x40383d0c
+ PTP_PIN_SETFUNC = 0x40603d07
+ PTP_PIN_SETFUNC2 = 0x40603d10
+ PTP_SYS_OFFSET = 0x43403d05
+ PTP_SYS_OFFSET2 = 0x43403d0e
PTRACE_DISABLE_TE = 0x5010
PTRACE_ENABLE_TE = 0x5009
PTRACE_GET_LAST_BREAK = 0x5006
@@ -338,12 +360,17 @@ const (
RTC_WIE_ON = 0x700f
RTC_WKALM_RD = 0x80287010
RTC_WKALM_SET = 0x4028700f
+ SCM_DEVMEM_DMABUF = 0x4f
+ SCM_DEVMEM_LINEAR = 0x4e
SCM_TIMESTAMPING = 0x25
SCM_TIMESTAMPING_OPT_STATS = 0x36
SCM_TIMESTAMPING_PKTINFO = 0x3a
SCM_TIMESTAMPNS = 0x23
SCM_TXTIME = 0x3d
SCM_WIFI_STATUS = 0x29
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x40182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x40082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x40082104
SFD_CLOEXEC = 0x80000
SFD_NONBLOCK = 0x800
SIOCATMARK = 0x8905
@@ -373,6 +400,9 @@ const (
SO_CNX_ADVICE = 0x35
SO_COOKIE = 0x39
SO_DETACH_REUSEPORT_BPF = 0x44
+ SO_DEVMEM_DMABUF = 0x4f
+ SO_DEVMEM_DONTNEED = 0x50
+ SO_DEVMEM_LINEAR = 0x4e
SO_DOMAIN = 0x27
SO_DONTROUTE = 0x5
SO_ERROR = 0x4
diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
index 396d994da79c4416c5cb8ffa882a9210ef794a8a..c44a313322c54c61e7b1952290d2cc5f214331c3 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
@@ -82,6 +82,8 @@ const (
EFD_CLOEXEC = 0x400000
EFD_NONBLOCK = 0x4000
EMT_TAGOVF = 0x1
+ EPIOCGPARAMS = 0x40088a02
+ EPIOCSPARAMS = 0x80088a01
EPOLL_CLOEXEC = 0x400000
EXTPROC = 0x10000
FF1 = 0x8000
@@ -110,6 +112,7 @@ const (
HIDIOCGRAWINFO = 0x40084803
HIDIOCGRDESC = 0x50044802
HIDIOCGRDESCSIZE = 0x40044801
+ HIDIOCREVOKE = 0x8004480d
HUPCL = 0x400
ICANON = 0x2
IEXTEN = 0x8000
@@ -153,9 +156,14 @@ const (
NFDBITS = 0x40
NLDLY = 0x100
NOFLSH = 0x80
+ NS_GET_MNTNS_ID = 0x4008b705
NS_GET_NSTYPE = 0x2000b703
NS_GET_OWNER_UID = 0x2000b704
NS_GET_PARENT = 0x2000b702
+ NS_GET_PID_FROM_PIDNS = 0x4004b706
+ NS_GET_PID_IN_PIDNS = 0x4004b708
+ NS_GET_TGID_FROM_PIDNS = 0x4004b707
+ NS_GET_TGID_IN_PIDNS = 0x4004b709
NS_GET_USERNS = 0x2000b701
OLCUC = 0x2
ONLCR = 0x4
@@ -232,6 +240,20 @@ const (
PPPIOCUNBRIDGECHAN = 0x20007434
PPPIOCXFERUNIT = 0x2000744e
PR_SET_PTRACER_ANY = 0xffffffffffffffff
+ PTP_CLOCK_GETCAPS = 0x40503d01
+ PTP_CLOCK_GETCAPS2 = 0x40503d0a
+ PTP_ENABLE_PPS = 0x80043d04
+ PTP_ENABLE_PPS2 = 0x80043d0d
+ PTP_EXTTS_REQUEST = 0x80103d02
+ PTP_EXTTS_REQUEST2 = 0x80103d0b
+ PTP_MASK_CLEAR_ALL = 0x20003d13
+ PTP_MASK_EN_SINGLE = 0x80043d14
+ PTP_PEROUT_REQUEST = 0x80383d03
+ PTP_PEROUT_REQUEST2 = 0x80383d0c
+ PTP_PIN_SETFUNC = 0x80603d07
+ PTP_PIN_SETFUNC2 = 0x80603d10
+ PTP_SYS_OFFSET = 0x83403d05
+ PTP_SYS_OFFSET2 = 0x83403d0e
PTRACE_GETFPAREGS = 0x14
PTRACE_GETFPREGS = 0xe
PTRACE_GETFPREGS64 = 0x19
@@ -329,12 +351,17 @@ const (
RTC_WIE_ON = 0x2000700f
RTC_WKALM_RD = 0x40287010
RTC_WKALM_SET = 0x8028700f
+ SCM_DEVMEM_DMABUF = 0x58
+ SCM_DEVMEM_LINEAR = 0x57
SCM_TIMESTAMPING = 0x23
SCM_TIMESTAMPING_OPT_STATS = 0x38
SCM_TIMESTAMPING_PKTINFO = 0x3c
SCM_TIMESTAMPNS = 0x21
SCM_TXTIME = 0x3f
SCM_WIFI_STATUS = 0x25
+ SECCOMP_IOCTL_NOTIF_ADDFD = 0x80182103
+ SECCOMP_IOCTL_NOTIF_ID_VALID = 0x80082102
+ SECCOMP_IOCTL_NOTIF_SET_FLAGS = 0x80082104
SFD_CLOEXEC = 0x400000
SFD_NONBLOCK = 0x4000
SF_FP = 0x38
@@ -412,6 +439,9 @@ const (
SO_CNX_ADVICE = 0x37
SO_COOKIE = 0x3b
SO_DETACH_REUSEPORT_BPF = 0x47
+ SO_DEVMEM_DMABUF = 0x58
+ SO_DEVMEM_DONTNEED = 0x59
+ SO_DEVMEM_LINEAR = 0x57
SO_DOMAIN = 0x1029
SO_DONTROUTE = 0x10
SO_ERROR = 0x1007
diff --git a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
index 4dfd2e051d35791fba93a469bd65283856b4024b..1ec2b1407b1268a1c4d8a5f3bc4c2bdd377f418d 100644
--- a/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
@@ -10,41 +10,99 @@
package unix
const (
- BRKINT = 0x0001
- CLOCK_MONOTONIC = 0x1
- CLOCK_PROCESS_CPUTIME_ID = 0x2
- CLOCK_REALTIME = 0x0
- CLOCK_THREAD_CPUTIME_ID = 0x3
- CS8 = 0x0030
- CSIZE = 0x0030
- ECHO = 0x00000008
- ECHONL = 0x00000001
- FD_CLOEXEC = 0x01
- FD_CLOFORK = 0x02
- FNDELAY = 0x04
- F_CLOSFD = 9
- F_CONTROL_CVT = 13
- F_DUPFD = 0
- F_DUPFD2 = 8
- F_GETFD = 1
- F_GETFL = 259
- F_GETLK = 5
- F_GETOWN = 10
- F_OK = 0x0
- F_RDLCK = 1
- F_SETFD = 2
- F_SETFL = 4
- F_SETLK = 6
- F_SETLKW = 7
- F_SETOWN = 11
- F_SETTAG = 12
- F_UNLCK = 3
- F_WRLCK = 2
- FSTYPE_ZFS = 0xe9 //"Z"
- FSTYPE_HFS = 0xc8 //"H"
- FSTYPE_NFS = 0xd5 //"N"
- FSTYPE_TFS = 0xe3 //"T"
- FSTYPE_AUTOMOUNT = 0xc1 //"A"
+ BRKINT = 0x0001
+ CLOCAL = 0x1
+ CLOCK_MONOTONIC = 0x1
+ CLOCK_PROCESS_CPUTIME_ID = 0x2
+ CLOCK_REALTIME = 0x0
+ CLOCK_THREAD_CPUTIME_ID = 0x3
+ CLONE_NEWIPC = 0x08000000
+ CLONE_NEWNET = 0x40000000
+ CLONE_NEWNS = 0x00020000
+ CLONE_NEWPID = 0x20000000
+ CLONE_NEWUTS = 0x04000000
+ CLONE_PARENT = 0x00008000
+ CS8 = 0x0030
+ CSIZE = 0x0030
+ ECHO = 0x00000008
+ ECHONL = 0x00000001
+ EFD_SEMAPHORE = 0x00002000
+ EFD_CLOEXEC = 0x00001000
+ EFD_NONBLOCK = 0x00000004
+ EPOLL_CLOEXEC = 0x00001000
+ EPOLL_CTL_ADD = 0
+ EPOLL_CTL_MOD = 1
+ EPOLL_CTL_DEL = 2
+ EPOLLRDNORM = 0x0001
+ EPOLLRDBAND = 0x0002
+ EPOLLIN = 0x0003
+ EPOLLOUT = 0x0004
+ EPOLLWRBAND = 0x0008
+ EPOLLPRI = 0x0010
+ EPOLLERR = 0x0020
+ EPOLLHUP = 0x0040
+ EPOLLEXCLUSIVE = 0x20000000
+ EPOLLONESHOT = 0x40000000
+ FD_CLOEXEC = 0x01
+ FD_CLOFORK = 0x02
+ FD_SETSIZE = 0x800
+ FNDELAY = 0x04
+ F_CLOSFD = 9
+ F_CONTROL_CVT = 13
+ F_DUPFD = 0
+ F_DUPFD2 = 8
+ F_GETFD = 1
+ F_GETFL = 259
+ F_GETLK = 5
+ F_GETOWN = 10
+ F_OK = 0x0
+ F_RDLCK = 1
+ F_SETFD = 2
+ F_SETFL = 4
+ F_SETLK = 6
+ F_SETLKW = 7
+ F_SETOWN = 11
+ F_SETTAG = 12
+ F_UNLCK = 3
+ F_WRLCK = 2
+ FSTYPE_ZFS = 0xe9 //"Z"
+ FSTYPE_HFS = 0xc8 //"H"
+ FSTYPE_NFS = 0xd5 //"N"
+ FSTYPE_TFS = 0xe3 //"T"
+ FSTYPE_AUTOMOUNT = 0xc1 //"A"
+ GRND_NONBLOCK = 1
+ GRND_RANDOM = 2
+ HUPCL = 0x0100 // Hang up on last close
+ IN_CLOEXEC = 0x00001000
+ IN_NONBLOCK = 0x00000004
+ IN_ACCESS = 0x00000001
+ IN_MODIFY = 0x00000002
+ IN_ATTRIB = 0x00000004
+ IN_CLOSE_WRITE = 0x00000008
+ IN_CLOSE_NOWRITE = 0x00000010
+ IN_OPEN = 0x00000020
+ IN_MOVED_FROM = 0x00000040
+ IN_MOVED_TO = 0x00000080
+ IN_CREATE = 0x00000100
+ IN_DELETE = 0x00000200
+ IN_DELETE_SELF = 0x00000400
+ IN_MOVE_SELF = 0x00000800
+ IN_UNMOUNT = 0x00002000
+ IN_Q_OVERFLOW = 0x00004000
+ IN_IGNORED = 0x00008000
+ IN_CLOSE = (IN_CLOSE_WRITE | IN_CLOSE_NOWRITE)
+ IN_MOVE = (IN_MOVED_FROM | IN_MOVED_TO)
+ IN_ALL_EVENTS = (IN_ACCESS | IN_MODIFY | IN_ATTRIB |
+ IN_CLOSE | IN_OPEN | IN_MOVE |
+ IN_CREATE | IN_DELETE | IN_DELETE_SELF |
+ IN_MOVE_SELF)
+ IN_ONLYDIR = 0x01000000
+ IN_DONT_FOLLOW = 0x02000000
+ IN_EXCL_UNLINK = 0x04000000
+ IN_MASK_CREATE = 0x10000000
+ IN_MASK_ADD = 0x20000000
+ IN_ISDIR = 0x40000000
+ IN_ONESHOT = 0x80000000
IP6F_MORE_FRAG = 0x0001
IP6F_OFF_MASK = 0xfff8
IP6F_RESERVED_MASK = 0x0006
@@ -152,10 +210,18 @@ const (
IP_PKTINFO = 101
IP_RECVPKTINFO = 102
IP_TOS = 2
- IP_TTL = 3
+ IP_TTL = 14
IP_UNBLOCK_SOURCE = 11
+ ICMP6_FILTER = 1
+ MCAST_INCLUDE = 0
+ MCAST_EXCLUDE = 1
+ MCAST_JOIN_GROUP = 40
+ MCAST_LEAVE_GROUP = 41
+ MCAST_JOIN_SOURCE_GROUP = 42
+ MCAST_LEAVE_SOURCE_GROUP = 43
+ MCAST_BLOCK_SOURCE = 44
+ MCAST_UNBLOCK_SOURCE = 46
ICANON = 0x0010
- ICMP6_FILTER = 0x26
ICRNL = 0x0002
IEXTEN = 0x0020
IGNBRK = 0x0004
@@ -165,10 +231,10 @@ const (
ISTRIP = 0x0080
IXON = 0x0200
IXOFF = 0x0100
- LOCK_SH = 0x1 // Not exist on zOS
- LOCK_EX = 0x2 // Not exist on zOS
- LOCK_NB = 0x4 // Not exist on zOS
- LOCK_UN = 0x8 // Not exist on zOS
+ LOCK_SH = 0x1
+ LOCK_EX = 0x2
+ LOCK_NB = 0x4
+ LOCK_UN = 0x8
POLLIN = 0x0003
POLLOUT = 0x0004
POLLPRI = 0x0010
@@ -182,15 +248,29 @@ const (
MAP_PRIVATE = 0x1 // changes are private
MAP_SHARED = 0x2 // changes are shared
MAP_FIXED = 0x4 // place exactly
- MCAST_JOIN_GROUP = 40
- MCAST_LEAVE_GROUP = 41
- MCAST_JOIN_SOURCE_GROUP = 42
- MCAST_LEAVE_SOURCE_GROUP = 43
- MCAST_BLOCK_SOURCE = 44
- MCAST_UNBLOCK_SOURCE = 45
+ __MAP_MEGA = 0x8
+ __MAP_64 = 0x10
+ MAP_ANON = 0x20
+ MAP_ANONYMOUS = 0x20
MS_SYNC = 0x1 // msync - synchronous writes
MS_ASYNC = 0x2 // asynchronous writes
MS_INVALIDATE = 0x4 // invalidate mappings
+ MS_BIND = 0x00001000
+ MS_MOVE = 0x00002000
+ MS_NOSUID = 0x00000002
+ MS_PRIVATE = 0x00040000
+ MS_REC = 0x00004000
+ MS_REMOUNT = 0x00008000
+ MS_RDONLY = 0x00000001
+ MS_UNBINDABLE = 0x00020000
+ MNT_DETACH = 0x00000004
+ ZOSDSFS_SUPER_MAGIC = 0x44534653 // zOS DSFS
+ NFS_SUPER_MAGIC = 0x6969 // NFS
+ NSFS_MAGIC = 0x6e736673 // PROCNS
+ PROC_SUPER_MAGIC = 0x9fa0 // proc FS
+ ZOSTFS_SUPER_MAGIC = 0x544653 // zOS TFS
+ ZOSUFS_SUPER_MAGIC = 0x554653 // zOS UFS
+ ZOSZFS_SUPER_MAGIC = 0x5A4653 // zOS ZFS
MTM_RDONLY = 0x80000000
MTM_RDWR = 0x40000000
MTM_UMOUNT = 0x10000000
@@ -205,13 +285,20 @@ const (
MTM_REMOUNT = 0x00000100
MTM_NOSECURITY = 0x00000080
NFDBITS = 0x20
+ ONLRET = 0x0020 // NL performs CR function
O_ACCMODE = 0x03
O_APPEND = 0x08
O_ASYNCSIG = 0x0200
O_CREAT = 0x80
+ O_DIRECT = 0x00002000
+ O_NOFOLLOW = 0x00004000
+ O_DIRECTORY = 0x00008000
+ O_PATH = 0x00080000
+ O_CLOEXEC = 0x00001000
O_EXCL = 0x40
O_GETFL = 0x0F
O_LARGEFILE = 0x0400
+ O_NDELAY = 0x4
O_NONBLOCK = 0x04
O_RDONLY = 0x02
O_RDWR = 0x03
@@ -248,6 +335,7 @@ const (
AF_IUCV = 17
AF_LAT = 14
AF_LINK = 18
+ AF_LOCAL = AF_UNIX // AF_LOCAL is an alias for AF_UNIX
AF_MAX = 30
AF_NBS = 7
AF_NDD = 23
@@ -285,15 +373,33 @@ const (
RLIMIT_AS = 5
RLIMIT_NOFILE = 6
RLIMIT_MEMLIMIT = 7
+ RLIMIT_MEMLOCK = 0x8
RLIM_INFINITY = 2147483647
+ SCHED_FIFO = 0x2
+ SCM_CREDENTIALS = 0x2
SCM_RIGHTS = 0x01
SF_CLOSE = 0x00000002
SF_REUSE = 0x00000001
+ SHM_RND = 0x2
+ SHM_RDONLY = 0x1
+ SHMLBA = 0x1000
+ IPC_STAT = 0x3
+ IPC_SET = 0x2
+ IPC_RMID = 0x1
+ IPC_PRIVATE = 0x0
+ IPC_CREAT = 0x1000000
+ __IPC_MEGA = 0x4000000
+ __IPC_SHAREAS = 0x20000000
+ __IPC_BELOWBAR = 0x10000000
+ IPC_EXCL = 0x2000000
+ __IPC_GIGA = 0x8000000
SHUT_RD = 0
SHUT_RDWR = 2
SHUT_WR = 1
+ SOCK_CLOEXEC = 0x00001000
SOCK_CONN_DGRAM = 6
SOCK_DGRAM = 2
+ SOCK_NONBLOCK = 0x800
SOCK_RAW = 3
SOCK_RDM = 4
SOCK_SEQPACKET = 5
@@ -378,8 +484,6 @@ const (
S_IFMST = 0x00FF0000
TCP_KEEPALIVE = 0x8
TCP_NODELAY = 0x1
- TCP_INFO = 0xb
- TCP_USER_TIMEOUT = 0x1
TIOCGWINSZ = 0x4008a368
TIOCSWINSZ = 0x8008a367
TIOCSBRK = 0x2000a77b
@@ -427,7 +531,10 @@ const (
VSUSP = 9
VTIME = 10
WCONTINUED = 0x4
+ WEXITED = 0x8
WNOHANG = 0x1
+ WNOWAIT = 0x20
+ WSTOPPED = 0x10
WUNTRACED = 0x2
_BPX_SWAP = 1
_BPX_NONSWAP = 2
@@ -452,8 +559,30 @@ const (
MADV_FREE = 15 // for Linux compatibility -- no zos semantics
MADV_WIPEONFORK = 16 // for Linux compatibility -- no zos semantics
MADV_KEEPONFORK = 17 // for Linux compatibility -- no zos semantics
- AT_SYMLINK_NOFOLLOW = 1 // for Unix compatibility -- no zos semantics
- AT_FDCWD = 2 // for Unix compatibility -- no zos semantics
+ AT_SYMLINK_FOLLOW = 0x400
+ AT_SYMLINK_NOFOLLOW = 0x100
+ XATTR_CREATE = 0x1
+ XATTR_REPLACE = 0x2
+ P_PID = 0
+ P_PGID = 1
+ P_ALL = 2
+ PR_SET_NAME = 15
+ PR_GET_NAME = 16
+ PR_SET_NO_NEW_PRIVS = 38
+ PR_GET_NO_NEW_PRIVS = 39
+ PR_SET_DUMPABLE = 4
+ PR_GET_DUMPABLE = 3
+ PR_SET_PDEATHSIG = 1
+ PR_GET_PDEATHSIG = 2
+ PR_SET_CHILD_SUBREAPER = 36
+ PR_GET_CHILD_SUBREAPER = 37
+ AT_FDCWD = -100
+ AT_EACCESS = 0x200
+ AT_EMPTY_PATH = 0x1000
+ AT_REMOVEDIR = 0x200
+ RENAME_NOREPLACE = 1 << 0
+ ST_RDONLY = 1
+ ST_NOSUID = 2
)
const (
@@ -476,6 +605,7 @@ const (
EMLINK = Errno(125)
ENAMETOOLONG = Errno(126)
ENFILE = Errno(127)
+ ENOATTR = Errno(265)
ENODEV = Errno(128)
ENOENT = Errno(129)
ENOEXEC = Errno(130)
@@ -700,7 +830,7 @@ var errorList = [...]struct {
{145, "EDC5145I", "The parameter list is too long, or the message to receive was too large for the buffer."},
{146, "EDC5146I", "Too many levels of symbolic links."},
{147, "EDC5147I", "Illegal byte sequence."},
- {148, "", ""},
+ {148, "EDC5148I", "The named attribute or data not available."},
{149, "EDC5149I", "Value Overflow Error."},
{150, "EDC5150I", "UNIX System Services is not active."},
{151, "EDC5151I", "Dynamic allocation error."},
@@ -743,6 +873,7 @@ var errorList = [...]struct {
{259, "EDC5259I", "A CUN_RS_NO_CONVERSION error was issued by Unicode Services."},
{260, "EDC5260I", "A CUN_RS_TABLE_NOT_ALIGNED error was issued by Unicode Services."},
{262, "EDC5262I", "An iconv() function encountered an unexpected error while using Unicode Services."},
+ {265, "EDC5265I", "The named attribute not available."},
{1000, "EDC8000I", "A bad socket-call constant was found in the IUCV header."},
{1001, "EDC8001I", "An error was found in the IUCV header."},
{1002, "EDC8002I", "A socket descriptor is out of range."},
diff --git a/vendor/golang.org/x/sys/unix/zsymaddr_zos_s390x.s b/vendor/golang.org/x/sys/unix/zsymaddr_zos_s390x.s
new file mode 100644
index 0000000000000000000000000000000000000000..b77ff5db90d5140bd5a9f7fedf590d4a90725101
--- /dev/null
+++ b/vendor/golang.org/x/sys/unix/zsymaddr_zos_s390x.s
@@ -0,0 +1,364 @@
+// go run mksyscall_zos_s390x.go -o_sysnum zsysnum_zos_s390x.go -o_syscall zsyscall_zos_s390x.go -i_syscall syscall_zos_s390x.go -o_asm zsymaddr_zos_s390x.s
+// Code generated by the command above; see README.md. DO NOT EDIT.
+
+//go:build zos && s390x
+#include "textflag.h"
+
+// provide the address of function variable to be fixed up.
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FlistxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Flistxattr(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FremovexattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Fremovexattr(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FgetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Fgetxattr(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FsetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Fsetxattr(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_accept4Addr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·accept4(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_RemovexattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Removexattr(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_Dup3Addr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Dup3(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_DirfdAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Dirfd(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollCreateAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·EpollCreate(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollCreate1Addr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·EpollCreate1(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollCtlAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·EpollCtl(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollPwaitAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·EpollPwait(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EpollWaitAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·EpollWait(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_EventfdAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Eventfd(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FaccessatAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Faccessat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FchmodatAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Fchmodat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FchownatAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Fchownat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FdatasyncAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Fdatasync(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_fstatatAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·fstatat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LgetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Lgetxattr(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LsetxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Lsetxattr(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FstatfsAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Fstatfs(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FutimesAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Futimes(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_FutimesatAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Futimesat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_GetrandomAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Getrandom(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_InotifyInitAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·InotifyInit(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_InotifyInit1Addr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·InotifyInit1(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_InotifyAddWatchAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·InotifyAddWatch(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_InotifyRmWatchAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·InotifyRmWatch(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_ListxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Listxattr(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LlistxattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Llistxattr(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LremovexattrAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Lremovexattr(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LutimesAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Lutimes(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_StatfsAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Statfs(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_SyncfsAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Syncfs(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_UnshareAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Unshare(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_LinkatAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Linkat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_MkdiratAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Mkdirat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_MknodatAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Mknodat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_PivotRootAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·PivotRoot(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_PrctlAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Prctl(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_PrlimitAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Prlimit(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_RenameatAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Renameat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_Renameat2Addr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Renameat2(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_SethostnameAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Sethostname(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_SetnsAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Setns(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_SymlinkatAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Symlinkat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_UnlinkatAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·Unlinkat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_openatAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·openat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_openat2Addr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·openat2(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+TEXT ·get_utimensatAddr(SB), NOSPLIT|NOFRAME, $0-8
+ MOVD $·utimensat(SB), R8
+ MOVD R8, ret+0(FP)
+ RET
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
index ccb02f240a4f7346d18174d089654b1a556dd025..24b346e1a35159624c2f367cc53798dd2e947b57 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
@@ -740,6 +740,54 @@ func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func renamexNp(from string, to string, flag uint32) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(from)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(to)
+ if err != nil {
+ return
+ }
+ _, _, e1 := syscall_syscall(libc_renamex_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flag))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_renamex_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_renamex_np renamex_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func renameatxNp(fromfd int, from string, tofd int, to string, flag uint32) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(from)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(to)
+ if err != nil {
+ return
+ }
+ _, _, e1 := syscall_syscall6(libc_renameatx_np_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), uintptr(flag), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_renameatx_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_renameatx_np renameatx_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
var _p0 unsafe.Pointer
if len(mib) > 0 {
@@ -760,6 +808,59 @@ var libc_sysctl_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func pthread_chdir_np(path string) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ _, _, e1 := syscall_syscall(libc_pthread_chdir_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_pthread_chdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_chdir_np pthread_chdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pthread_fchdir_np(fd int) (err error) {
+ _, _, e1 := syscall_syscall(libc_pthread_fchdir_np_trampoline_addr, uintptr(fd), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_pthread_fchdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_fchdir_np pthread_fchdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connectx(fd int, endpoints *SaEndpoints, associd SaeAssocID, flags uint32, iov []Iovec, n *uintptr, connid *SaeConnID) (err error) {
+ var _p0 unsafe.Pointer
+ if len(iov) > 0 {
+ _p0 = unsafe.Pointer(&iov[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ _, _, e1 := syscall_syscall9(libc_connectx_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(endpoints)), uintptr(associd), uintptr(flags), uintptr(_p0), uintptr(len(iov)), uintptr(unsafe.Pointer(n)), uintptr(unsafe.Pointer(connid)), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_connectx_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_connectx connectx "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) {
_, _, e1 := syscall_syscall6(libc_sendfile_trampoline_addr, uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags))
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
index 8b8bb28402857d5abab344ba0e220238e0864630..ebd213100b352196714a7e8dc8af96dd9f0b9997 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
@@ -223,11 +223,36 @@ TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8
DATA ·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB)
+TEXT libc_renamex_np_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_renamex_np(SB)
+GLOBL ·libc_renamex_np_trampoline_addr(SB), RODATA, $8
+DATA ·libc_renamex_np_trampoline_addr(SB)/8, $libc_renamex_np_trampoline<>(SB)
+
+TEXT libc_renameatx_np_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_renameatx_np(SB)
+GLOBL ·libc_renameatx_np_trampoline_addr(SB), RODATA, $8
+DATA ·libc_renameatx_np_trampoline_addr(SB)/8, $libc_renameatx_np_trampoline<>(SB)
+
TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_sysctl(SB)
GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+TEXT libc_pthread_chdir_np_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_pthread_chdir_np(SB)
+GLOBL ·libc_pthread_chdir_np_trampoline_addr(SB), RODATA, $8
+DATA ·libc_pthread_chdir_np_trampoline_addr(SB)/8, $libc_pthread_chdir_np_trampoline<>(SB)
+
+TEXT libc_pthread_fchdir_np_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_pthread_fchdir_np(SB)
+GLOBL ·libc_pthread_fchdir_np_trampoline_addr(SB), RODATA, $8
+DATA ·libc_pthread_fchdir_np_trampoline_addr(SB)/8, $libc_pthread_fchdir_np_trampoline<>(SB)
+
+TEXT libc_connectx_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_connectx(SB)
+GLOBL ·libc_connectx_trampoline_addr(SB), RODATA, $8
+DATA ·libc_connectx_trampoline_addr(SB)/8, $libc_connectx_trampoline<>(SB)
+
TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_sendfile(SB)
GLOBL ·libc_sendfile_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
index 1b40b997b5260f6f0a1e5082a227db34c9a58d91..824b9c2d5e0e011fe18c26975fda89704fc875b7 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
@@ -740,6 +740,54 @@ func ioctlPtr(fd int, req uint, arg unsafe.Pointer) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func renamexNp(from string, to string, flag uint32) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(from)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(to)
+ if err != nil {
+ return
+ }
+ _, _, e1 := syscall_syscall(libc_renamex_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flag))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_renamex_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_renamex_np renamex_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func renameatxNp(fromfd int, from string, tofd int, to string, flag uint32) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(from)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(to)
+ if err != nil {
+ return
+ }
+ _, _, e1 := syscall_syscall6(libc_renameatx_np_trampoline_addr, uintptr(fromfd), uintptr(unsafe.Pointer(_p0)), uintptr(tofd), uintptr(unsafe.Pointer(_p1)), uintptr(flag), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_renameatx_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_renameatx_np renameatx_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) {
var _p0 unsafe.Pointer
if len(mib) > 0 {
@@ -760,6 +808,59 @@ var libc_sysctl_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func pthread_chdir_np(path string) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ _, _, e1 := syscall_syscall(libc_pthread_chdir_np_trampoline_addr, uintptr(unsafe.Pointer(_p0)), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_pthread_chdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_chdir_np pthread_chdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func pthread_fchdir_np(fd int) (err error) {
+ _, _, e1 := syscall_syscall(libc_pthread_fchdir_np_trampoline_addr, uintptr(fd), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_pthread_fchdir_np_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_pthread_fchdir_np pthread_fchdir_np "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func connectx(fd int, endpoints *SaEndpoints, associd SaeAssocID, flags uint32, iov []Iovec, n *uintptr, connid *SaeConnID) (err error) {
+ var _p0 unsafe.Pointer
+ if len(iov) > 0 {
+ _p0 = unsafe.Pointer(&iov[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ _, _, e1 := syscall_syscall9(libc_connectx_trampoline_addr, uintptr(fd), uintptr(unsafe.Pointer(endpoints)), uintptr(associd), uintptr(flags), uintptr(_p0), uintptr(len(iov)), uintptr(unsafe.Pointer(n)), uintptr(unsafe.Pointer(connid)), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_connectx_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_connectx connectx "/usr/lib/libSystem.B.dylib"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func sendfile(infd int, outfd int, offset int64, len *int64, hdtr unsafe.Pointer, flags int) (err error) {
_, _, e1 := syscall_syscall6(libc_sendfile_trampoline_addr, uintptr(infd), uintptr(outfd), uintptr(offset), uintptr(unsafe.Pointer(len)), uintptr(hdtr), uintptr(flags))
if e1 != 0 {
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
index 08362c1ab747252ee6de46091413b1815842f50c..4f178a229345e3f062c1371b3c36eadbc8e04274 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
@@ -223,11 +223,36 @@ TEXT libc_ioctl_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_ioctl_trampoline_addr(SB), RODATA, $8
DATA ·libc_ioctl_trampoline_addr(SB)/8, $libc_ioctl_trampoline<>(SB)
+TEXT libc_renamex_np_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_renamex_np(SB)
+GLOBL ·libc_renamex_np_trampoline_addr(SB), RODATA, $8
+DATA ·libc_renamex_np_trampoline_addr(SB)/8, $libc_renamex_np_trampoline<>(SB)
+
+TEXT libc_renameatx_np_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_renameatx_np(SB)
+GLOBL ·libc_renameatx_np_trampoline_addr(SB), RODATA, $8
+DATA ·libc_renameatx_np_trampoline_addr(SB)/8, $libc_renameatx_np_trampoline<>(SB)
+
TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_sysctl(SB)
GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+TEXT libc_pthread_chdir_np_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_pthread_chdir_np(SB)
+GLOBL ·libc_pthread_chdir_np_trampoline_addr(SB), RODATA, $8
+DATA ·libc_pthread_chdir_np_trampoline_addr(SB)/8, $libc_pthread_chdir_np_trampoline<>(SB)
+
+TEXT libc_pthread_fchdir_np_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_pthread_fchdir_np(SB)
+GLOBL ·libc_pthread_fchdir_np_trampoline_addr(SB), RODATA, $8
+DATA ·libc_pthread_fchdir_np_trampoline_addr(SB)/8, $libc_pthread_fchdir_np_trampoline<>(SB)
+
+TEXT libc_connectx_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_connectx(SB)
+GLOBL ·libc_connectx_trampoline_addr(SB), RODATA, $8
+DATA ·libc_connectx_trampoline_addr(SB)/8, $libc_connectx_trampoline<>(SB)
+
TEXT libc_sendfile_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_sendfile(SB)
GLOBL ·libc_sendfile_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
index faca7a557b10dab462e4f1c8c96152047fda93a5..5cc1e8eb2f35e097af432fd2273a2a73c1d35b36 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go
@@ -37,6 +37,21 @@ func fchmodat(dirfd int, path string, mode uint32) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func fchmodat2(dirfd int, path string, mode uint32, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ _, _, e1 := Syscall6(SYS_FCHMODAT2, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func ioctl(fd int, req uint, arg uintptr) (err error) {
_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
if e1 != 0 {
@@ -577,6 +592,16 @@ func ClockGettime(clockid int32, time *Timespec) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func ClockSettime(clockid int32, time *Timespec) (err error) {
+ _, _, e1 := Syscall(SYS_CLOCK_SETTIME, uintptr(clockid), uintptr(unsafe.Pointer(time)), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error) {
_, _, e1 := Syscall6(SYS_CLOCK_NANOSLEEP, uintptr(clockid), uintptr(flags), uintptr(unsafe.Pointer(request)), uintptr(unsafe.Pointer(remain)), 0, 0)
if e1 != 0 {
@@ -891,6 +916,16 @@ func Fspick(dirfd int, pathName string, flags int) (fd int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func fsconfig(fd int, cmd uint, key *byte, value *byte, aux int) (err error) {
+ _, _, e1 := Syscall6(SYS_FSCONFIG, uintptr(fd), uintptr(cmd), uintptr(unsafe.Pointer(key)), uintptr(unsafe.Pointer(value)), uintptr(aux), 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Getdents(fd int, buf []byte) (n int, err error) {
var _p0 unsafe.Pointer
if len(buf) > 0 {
@@ -946,23 +981,6 @@ func Getpriority(which int, who int) (prio int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Getrandom(buf []byte, flags int) (n int, err error) {
- var _p0 unsafe.Pointer
- if len(buf) > 0 {
- _p0 = unsafe.Pointer(&buf[0])
- } else {
- _p0 = unsafe.Pointer(&_zero)
- }
- r0, _, e1 := Syscall(SYS_GETRANDOM, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
- n = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
func Getrusage(who int, rusage *Rusage) (err error) {
_, _, e1 := RawSyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
if e1 != 0 {
@@ -2204,3 +2222,19 @@ func Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint)
}
return
}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mseal(b []byte, flags uint) (err error) {
+ var _p0 unsafe.Pointer
+ if len(b) > 0 {
+ _p0 = unsafe.Pointer(&b[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ _, _, e1 := Syscall(SYS_MSEAL, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
index 88bfc28857821cdb46adad30e3bfd3bdb8f5048d..1851df14e878ee45f1217231b92885075fff07e1 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
@@ -584,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func fcntl(fd int, cmd int, arg int) (n int, err error) {
+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
n = int(r0)
@@ -1467,6 +1493,30 @@ var libc_mknodat_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(fsType)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(dir)
+ if err != nil {
+ return
+ }
+ _, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_mount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mount mount "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
if e1 != 0 {
@@ -2271,5 +2321,3 @@ func unveil(path *byte, flags *byte) (err error) {
var libc_unveil_trampoline_addr uintptr
//go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
index 4cbeff171b2b848cdc280ef27625917454e7cbb2..0b43c6936563a757e7a1193d14fef158cba9d9fe 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $4
DATA ·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB)
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_fcntl(SB)
+GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $4
+DATA ·libc_fcntl_trampoline_addr(SB)/4, $libc_fcntl_trampoline<>(SB)
+
TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_ppoll(SB)
GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $4
@@ -458,6 +463,11 @@ TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $4
DATA ·libc_mknodat_trampoline_addr(SB)/4, $libc_mknodat_trampoline<>(SB)
+TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_mount(SB)
+GLOBL ·libc_mount_trampoline_addr(SB), RODATA, $4
+DATA ·libc_mount_trampoline_addr(SB)/4, $libc_mount_trampoline<>(SB)
+
TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_nanosleep(SB)
GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $4
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
index b8a67b99af8da6df71d91b196c48cf9a38e2f216..e1ec0dbe4ecf6254f3032d28865460f6626c20e7 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
@@ -584,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func fcntl(fd int, cmd int, arg int) (n int, err error) {
+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
n = int(r0)
@@ -1467,6 +1493,30 @@ var libc_mknodat_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(fsType)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(dir)
+ if err != nil {
+ return
+ }
+ _, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_mount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mount mount "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
if e1 != 0 {
@@ -2271,5 +2321,3 @@ func unveil(path *byte, flags *byte) (err error) {
var libc_unveil_trampoline_addr uintptr
//go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
index 1123f27571e57cbf617a100688e82c9379f3337b..880c6d6e3167b14dee50237aa89056d9d9f8cfb3 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_fcntl(SB)
+GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8
+DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
+
TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_ppoll(SB)
GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8
@@ -458,6 +463,11 @@ TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $8
DATA ·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB)
+TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_mount(SB)
+GLOBL ·libc_mount_trampoline_addr(SB), RODATA, $8
+DATA ·libc_mount_trampoline_addr(SB)/8, $libc_mount_trampoline<>(SB)
+
TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_nanosleep(SB)
GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
index af50a65c0cd0b933a6f56ec4147e5deef96fdac9..7c8452a63e9294efe85461c21823241a76e29cb2 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
@@ -584,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func fcntl(fd int, cmd int, arg int) (n int, err error) {
+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
n = int(r0)
@@ -1467,6 +1493,30 @@ var libc_mknodat_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(fsType)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(dir)
+ if err != nil {
+ return
+ }
+ _, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_mount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mount mount "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
if e1 != 0 {
@@ -2271,5 +2321,3 @@ func unveil(path *byte, flags *byte) (err error) {
var libc_unveil_trampoline_addr uintptr
//go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
index 82badae39fe65eb40dcaa64b3e2f04a083c2be24..b8ef95b0fa1cb8345401f574f68f5c8d74114718 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $4
DATA ·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB)
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_fcntl(SB)
+GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $4
+DATA ·libc_fcntl_trampoline_addr(SB)/4, $libc_fcntl_trampoline<>(SB)
+
TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_ppoll(SB)
GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $4
@@ -458,6 +463,11 @@ TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $4
DATA ·libc_mknodat_trampoline_addr(SB)/4, $libc_mknodat_trampoline<>(SB)
+TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_mount(SB)
+GLOBL ·libc_mount_trampoline_addr(SB), RODATA, $4
+DATA ·libc_mount_trampoline_addr(SB)/4, $libc_mount_trampoline<>(SB)
+
TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_nanosleep(SB)
GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $4
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
index 8fb4ff36a7ddd7da92773a2284d90c9e50e6f0c4..2ffdf861f757f21d53d017bf3c5366b9074aeee7 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
@@ -584,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func fcntl(fd int, cmd int, arg int) (n int, err error) {
+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
n = int(r0)
@@ -1467,6 +1493,30 @@ var libc_mknodat_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(fsType)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(dir)
+ if err != nil {
+ return
+ }
+ _, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_mount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mount mount "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
if e1 != 0 {
@@ -2271,5 +2321,3 @@ func unveil(path *byte, flags *byte) (err error) {
var libc_unveil_trampoline_addr uintptr
//go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
index 24d7eecb93ba79e1ee712f6b28ed53389b1a23f8..2af3b5c762fd1bfc5dc25bea941cbba69ed2afe0 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_fcntl(SB)
+GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8
+DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
+
TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_ppoll(SB)
GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8
@@ -458,6 +463,11 @@ TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $8
DATA ·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB)
+TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_mount(SB)
+GLOBL ·libc_mount_trampoline_addr(SB), RODATA, $8
+DATA ·libc_mount_trampoline_addr(SB)/8, $libc_mount_trampoline<>(SB)
+
TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_nanosleep(SB)
GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
index f469a83ee6ed92d2294299e41c333a34cbe1793f..1da08d52675f920a1806f959cf2d6dd000d6dfdc 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
@@ -584,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func fcntl(fd int, cmd int, arg int) (n int, err error) {
+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
n = int(r0)
@@ -1467,6 +1493,30 @@ var libc_mknodat_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(fsType)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(dir)
+ if err != nil {
+ return
+ }
+ _, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_mount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mount mount "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
if e1 != 0 {
@@ -2271,5 +2321,3 @@ func unveil(path *byte, flags *byte) (err error) {
var libc_unveil_trampoline_addr uintptr
//go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
index 9a498a0677337cb69483d748a30af9d00096725f..b7a251353b0fc026b9d775c13408b03ab7e43b30 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_fcntl(SB)
+GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8
+DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
+
TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_ppoll(SB)
GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8
@@ -458,6 +463,11 @@ TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $8
DATA ·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB)
+TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_mount(SB)
+GLOBL ·libc_mount_trampoline_addr(SB), RODATA, $8
+DATA ·libc_mount_trampoline_addr(SB)/8, $libc_mount_trampoline<>(SB)
+
TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_nanosleep(SB)
GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
index c26ca2e1aa22e9b9e19fe0de26942717870f06da..6e85b0aac95c4a3e974cc7adedbcdb11b75b1718 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
@@ -584,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func fcntl(fd int, cmd int, arg int) (n int, err error) {
+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
n = int(r0)
@@ -1467,6 +1493,30 @@ var libc_mknodat_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(fsType)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(dir)
+ if err != nil {
+ return
+ }
+ _, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_mount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mount mount "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
if e1 != 0 {
@@ -2271,5 +2321,3 @@ func unveil(path *byte, flags *byte) (err error) {
var libc_unveil_trampoline_addr uintptr
//go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
index 1f224aa4162fe5f467c72648b994601bf9b0707b..f15dadf0552f437ee128e7a90cb44e83ca201916 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
@@ -213,6 +213,12 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+ CALL libc_fcntl(SB)
+ RET
+GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8
+DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
+
TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
CALL libc_ppoll(SB)
RET
@@ -549,6 +555,12 @@ TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $8
DATA ·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB)
+TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0
+ CALL libc_mount(SB)
+ RET
+GLOBL ·libc_mount_trampoline_addr(SB), RODATA, $8
+DATA ·libc_mount_trampoline_addr(SB)/8, $libc_mount_trampoline<>(SB)
+
TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
CALL libc_nanosleep(SB)
RET
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
index bcc920dd259986e4bf4898d977168d842119d4b3..28b487df2514d7492c9e759fbe206413c450d4bb 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
@@ -584,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func fcntl(fd int, cmd int, arg int) (n int, err error) {
+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_fcntl_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
+ r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
+ n = int(r0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
n = int(r0)
@@ -1467,6 +1493,30 @@ var libc_mknodat_trampoline_addr uintptr
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func Mount(fsType string, dir string, flags int, data unsafe.Pointer) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(fsType)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(dir)
+ if err != nil {
+ return
+ }
+ _, _, e1 := syscall_syscall6(libc_mount_trampoline_addr, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(flags), uintptr(data), 0, 0)
+ if e1 != 0 {
+ err = errnoErr(e1)
+ }
+ return
+}
+
+var libc_mount_trampoline_addr uintptr
+
+//go:cgo_import_dynamic libc_mount mount "libc.so"
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
func Nanosleep(time *Timespec, leftover *Timespec) (err error) {
_, _, e1 := syscall_syscall(libc_nanosleep_trampoline_addr, uintptr(unsafe.Pointer(time)), uintptr(unsafe.Pointer(leftover)), 0)
if e1 != 0 {
@@ -2271,5 +2321,3 @@ func unveil(path *byte, flags *byte) (err error) {
var libc_unveil_trampoline_addr uintptr
//go:cgo_import_dynamic libc_unveil unveil "libc.so"
-
-
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
index 87a79c7095a6a0649c393c653aa1ae2aeca6a9b3..1e7f321e436c11df459b6a0453307c15077489a6 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
+++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_sysctl_trampoline_addr(SB), RODATA, $8
DATA ·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_fcntl(SB)
+GLOBL ·libc_fcntl_trampoline_addr(SB), RODATA, $8
+DATA ·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
+
TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_ppoll(SB)
GLOBL ·libc_ppoll_trampoline_addr(SB), RODATA, $8
@@ -458,6 +463,11 @@ TEXT libc_mknodat_trampoline<>(SB),NOSPLIT,$0-0
GLOBL ·libc_mknodat_trampoline_addr(SB), RODATA, $8
DATA ·libc_mknodat_trampoline_addr(SB)/8, $libc_mknodat_trampoline<>(SB)
+TEXT libc_mount_trampoline<>(SB),NOSPLIT,$0-0
+ JMP libc_mount(SB)
+GLOBL ·libc_mount_trampoline_addr(SB), RODATA, $8
+DATA ·libc_mount_trampoline_addr(SB)/8, $libc_mount_trampoline<>(SB)
+
TEXT libc_nanosleep_trampoline<>(SB),NOSPLIT,$0-0
JMP libc_nanosleep(SB)
GLOBL ·libc_nanosleep_trampoline_addr(SB), RODATA, $8
diff --git a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
index 94f01123831961cf520d87a7527fb19971299b61..7ccf66b7ee0d66a551ba032e4180d0f0061c132f 100644
--- a/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
@@ -1,4 +1,4 @@
-// go run mksyscall.go -tags zos,s390x syscall_zos_s390x.go
+// go run mksyscall_zos_s390x.go -o_sysnum zsysnum_zos_s390x.go -o_syscall zsyscall_zos_s390x.go -i_syscall syscall_zos_s390x.go -o_asm zsymaddr_zos_s390x.s
// Code generated by the command above; see README.md. DO NOT EDIT.
//go:build zos && s390x
@@ -6,17 +6,100 @@
package unix
import (
+ "runtime"
+ "syscall"
"unsafe"
)
+var _ syscall.Errno
+
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func fcntl(fd int, cmd int, arg int) (val int, err error) {
- r0, _, e1 := syscall_syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, uintptr(fd), uintptr(cmd), uintptr(arg))
+ runtime.ExitSyscall()
val = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Flistxattr(fd int, dest []byte) (sz int, err error) {
+ var _p0 unsafe.Pointer
+ if len(dest) > 0 {
+ _p0 = unsafe.Pointer(&dest[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FLISTXATTR_A<<4, uintptr(fd), uintptr(_p0), uintptr(len(dest)))
+ runtime.ExitSyscall()
+ sz = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_FlistxattrAddr() *(func(fd int, dest []byte) (sz int, err error))
+
+var Flistxattr = enter_Flistxattr
+
+func enter_Flistxattr(fd int, dest []byte) (sz int, err error) {
+ funcref := get_FlistxattrAddr()
+ if funcptrtest(GetZosLibVec()+SYS___FLISTXATTR_A<<4, "") == 0 {
+ *funcref = impl_Flistxattr
+ } else {
+ *funcref = error_Flistxattr
+ }
+ return (*funcref)(fd, dest)
+}
+
+func error_Flistxattr(fd int, dest []byte) (sz int, err error) {
+ sz = -1
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Fremovexattr(fd int, attr string) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(attr)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FREMOVEXATTR_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_FremovexattrAddr() *(func(fd int, attr string) (err error))
+
+var Fremovexattr = enter_Fremovexattr
+
+func enter_Fremovexattr(fd int, attr string) (err error) {
+ funcref := get_FremovexattrAddr()
+ if funcptrtest(GetZosLibVec()+SYS___FREMOVEXATTR_A<<4, "") == 0 {
+ *funcref = impl_Fremovexattr
+ } else {
+ *funcref = error_Fremovexattr
}
+ return (*funcref)(fd, attr)
+}
+
+func error_Fremovexattr(fd int, attr string) (err error) {
+ err = ENOSYS
return
}
@@ -29,10 +112,12 @@ func read(fd int, p []byte) (n int, err error) {
} else {
_p0 = unsafe.Pointer(&_zero)
}
- r0, _, e1 := syscall_syscall(SYS_READ, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_READ<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+ runtime.ExitSyscall()
n = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -46,31 +131,159 @@ func write(fd int, p []byte) (n int, err error) {
} else {
_p0 = unsafe.Pointer(&_zero)
}
- r0, _, e1 := syscall_syscall(SYS_WRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WRITE<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)))
+ runtime.ExitSyscall()
n = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(attr)
+ if err != nil {
+ return
+ }
+ var _p1 unsafe.Pointer
+ if len(dest) > 0 {
+ _p1 = unsafe.Pointer(&dest[0])
+ } else {
+ _p1 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FGETXATTR_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
+ runtime.ExitSyscall()
+ sz = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_FgetxattrAddr() *(func(fd int, attr string, dest []byte) (sz int, err error))
+
+var Fgetxattr = enter_Fgetxattr
+
+func enter_Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+ funcref := get_FgetxattrAddr()
+ if funcptrtest(GetZosLibVec()+SYS___FGETXATTR_A<<4, "") == 0 {
+ *funcref = impl_Fgetxattr
+ } else {
+ *funcref = error_Fgetxattr
+ }
+ return (*funcref)(fd, attr, dest)
+}
+
+func error_Fgetxattr(fd int, attr string, dest []byte) (sz int, err error) {
+ sz = -1
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Fsetxattr(fd int, attr string, data []byte, flag int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(attr)
+ if err != nil {
+ return
+ }
+ var _p1 unsafe.Pointer
+ if len(data) > 0 {
+ _p1 = unsafe.Pointer(&data[0])
+ } else {
+ _p1 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FSETXATTR_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(data)), uintptr(flag))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_FsetxattrAddr() *(func(fd int, attr string, data []byte, flag int) (err error))
+
+var Fsetxattr = enter_Fsetxattr
+
+func enter_Fsetxattr(fd int, attr string, data []byte, flag int) (err error) {
+ funcref := get_FsetxattrAddr()
+ if funcptrtest(GetZosLibVec()+SYS___FSETXATTR_A<<4, "") == 0 {
+ *funcref = impl_Fsetxattr
+ } else {
+ *funcref = error_Fsetxattr
}
+ return (*funcref)(fd, attr, data, flag)
+}
+
+func error_Fsetxattr(fd int, attr string, data []byte, flag int) (err error) {
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func accept(s int, rsa *RawSockaddrAny, addrlen *_Socklen) (fd int, err error) {
- r0, _, e1 := syscall_syscall(SYS___ACCEPT_A, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___ACCEPT_A<<4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+ runtime.ExitSyscall()
+ fd = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___ACCEPT4_A<<4, uintptr(s), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)), uintptr(flags))
+ runtime.ExitSyscall()
fd = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_accept4Addr() *(func(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error))
+
+var accept4 = enter_accept4
+
+func enter_accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+ funcref := get_accept4Addr()
+ if funcptrtest(GetZosLibVec()+SYS___ACCEPT4_A<<4, "") == 0 {
+ *funcref = impl_accept4
+ } else {
+ *funcref = error_accept4
}
+ return (*funcref)(s, rsa, addrlen, flags)
+}
+
+func error_accept4(s int, rsa *RawSockaddrAny, addrlen *_Socklen, flags int) (fd int, err error) {
+ fd = -1
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
- _, _, e1 := syscall_syscall(SYS___BIND_A, uintptr(s), uintptr(addr), uintptr(addrlen))
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___BIND_A<<4, uintptr(s), uintptr(addr), uintptr(addrlen))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -78,9 +291,11 @@ func bind(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
- _, _, e1 := syscall_syscall(SYS___CONNECT_A, uintptr(s), uintptr(addr), uintptr(addrlen))
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CONNECT_A<<4, uintptr(s), uintptr(addr), uintptr(addrlen))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -88,10 +303,10 @@ func connect(s int, addr unsafe.Pointer, addrlen _Socklen) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func getgroups(n int, list *_Gid_t) (nn int, err error) {
- r0, _, e1 := syscall_rawsyscall(SYS_GETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETGROUPS<<4, uintptr(n), uintptr(unsafe.Pointer(list)))
nn = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -99,9 +314,9 @@ func getgroups(n int, list *_Gid_t) (nn int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func setgroups(n int, list *_Gid_t) (err error) {
- _, _, e1 := syscall_rawsyscall(SYS_SETGROUPS, uintptr(n), uintptr(unsafe.Pointer(list)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETGROUPS<<4, uintptr(n), uintptr(unsafe.Pointer(list)))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -109,9 +324,11 @@ func setgroups(n int, list *_Gid_t) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen) (err error) {
- _, _, e1 := syscall_syscall6(SYS_GETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETSOCKOPT<<4, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(unsafe.Pointer(vallen)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -119,9 +336,11 @@ func getsockopt(s int, level int, name int, val unsafe.Pointer, vallen *_Socklen
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr) (err error) {
- _, _, e1 := syscall_syscall6(SYS_SETSOCKOPT, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETSOCKOPT<<4, uintptr(s), uintptr(level), uintptr(name), uintptr(val), uintptr(vallen))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -129,10 +348,10 @@ func setsockopt(s int, level int, name int, val unsafe.Pointer, vallen uintptr)
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func socket(domain int, typ int, proto int) (fd int, err error) {
- r0, _, e1 := syscall_rawsyscall(SYS_SOCKET, uintptr(domain), uintptr(typ), uintptr(proto))
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SOCKET<<4, uintptr(domain), uintptr(typ), uintptr(proto))
fd = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -140,9 +359,9 @@ func socket(domain int, typ int, proto int) (fd int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
- _, _, e1 := syscall_rawsyscall6(SYS_SOCKETPAIR, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)), 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SOCKETPAIR<<4, uintptr(domain), uintptr(typ), uintptr(proto), uintptr(unsafe.Pointer(fd)))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -150,9 +369,9 @@ func socketpair(domain int, typ int, proto int, fd *[2]int32) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
- _, _, e1 := syscall_rawsyscall(SYS___GETPEERNAME_A, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
- if e1 != 0 {
- err = errnoErr(e1)
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETPEERNAME_A<<4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -160,10 +379,52 @@ func getpeername(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func getsockname(fd int, rsa *RawSockaddrAny, addrlen *_Socklen) (err error) {
- _, _, e1 := syscall_rawsyscall(SYS___GETSOCKNAME_A, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
- if e1 != 0 {
- err = errnoErr(e1)
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETSOCKNAME_A<<4, uintptr(fd), uintptr(unsafe.Pointer(rsa)), uintptr(unsafe.Pointer(addrlen)))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Removexattr(path string, attr string) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(attr)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___REMOVEXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_RemovexattrAddr() *(func(path string, attr string) (err error))
+
+var Removexattr = enter_Removexattr
+
+func enter_Removexattr(path string, attr string) (err error) {
+ funcref := get_RemovexattrAddr()
+ if funcptrtest(GetZosLibVec()+SYS___REMOVEXATTR_A<<4, "") == 0 {
+ *funcref = impl_Removexattr
+ } else {
+ *funcref = error_Removexattr
}
+ return (*funcref)(path, attr)
+}
+
+func error_Removexattr(path string, attr string) (err error) {
+ err = ENOSYS
return
}
@@ -176,10 +437,12 @@ func recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Sockl
} else {
_p0 = unsafe.Pointer(&_zero)
}
- r0, _, e1 := syscall_syscall6(SYS___RECVFROM_A, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RECVFROM_A<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(flags), uintptr(unsafe.Pointer(from)), uintptr(unsafe.Pointer(fromlen)))
+ runtime.ExitSyscall()
n = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -193,9 +456,11 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (
} else {
_p0 = unsafe.Pointer(&_zero)
}
- _, _, e1 := syscall_syscall6(SYS___SENDTO_A, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SENDTO_A<<4, uintptr(s), uintptr(_p0), uintptr(len(buf)), uintptr(flags), uintptr(to), uintptr(addrlen))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -203,10 +468,12 @@ func sendto(s int, buf []byte, flags int, to unsafe.Pointer, addrlen _Socklen) (
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
- r0, _, e1 := syscall_syscall(SYS___RECVMSG_A, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RECVMSG_A<<4, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+ runtime.ExitSyscall()
n = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -214,10 +481,12 @@ func recvmsg(s int, msg *Msghdr, flags int) (n int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
- r0, _, e1 := syscall_syscall(SYS___SENDMSG_A, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SENDMSG_A<<4, uintptr(s), uintptr(unsafe.Pointer(msg)), uintptr(flags))
+ runtime.ExitSyscall()
n = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -225,10 +494,12 @@ func sendmsg(s int, msg *Msghdr, flags int) (n int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error) {
- r0, _, e1 := syscall_syscall6(SYS_MMAP, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MMAP<<4, uintptr(addr), uintptr(length), uintptr(prot), uintptr(flag), uintptr(fd), uintptr(pos))
+ runtime.ExitSyscall()
ret = uintptr(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -236,9 +507,11 @@ func mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func munmap(addr uintptr, length uintptr) (err error) {
- _, _, e1 := syscall_syscall(SYS_MUNMAP, uintptr(addr), uintptr(length), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MUNMAP<<4, uintptr(addr), uintptr(length))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -246,9 +519,11 @@ func munmap(addr uintptr, length uintptr) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func ioctl(fd int, req int, arg uintptr) (err error) {
- _, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_IOCTL<<4, uintptr(fd), uintptr(req), uintptr(arg))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -256,9 +531,62 @@ func ioctl(fd int, req int, arg uintptr) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func ioctlPtr(fd int, req int, arg unsafe.Pointer) (err error) {
- _, _, e1 := syscall_syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_IOCTL<<4, uintptr(fd), uintptr(req), uintptr(arg))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmat(id int, addr uintptr, flag int) (ret uintptr, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMAT<<4, uintptr(id), uintptr(addr), uintptr(flag))
+ runtime.ExitSyscall()
+ ret = uintptr(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmctl(id int, cmd int, buf *SysvShmDesc) (result int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMCTL64<<4, uintptr(id), uintptr(cmd), uintptr(unsafe.Pointer(buf)))
+ runtime.ExitSyscall()
+ result = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmdt(addr uintptr) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMDT<<4, uintptr(addr))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func shmget(key int, size int, flag int) (id int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHMGET<<4, uintptr(key), uintptr(size), uintptr(flag))
+ runtime.ExitSyscall()
+ id = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -271,9 +599,11 @@ func Access(path string, mode uint32) (err error) {
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___ACCESS_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___ACCESS_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -286,9 +616,11 @@ func Chdir(path string) (err error) {
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___CHDIR_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHDIR_A<<4, uintptr(unsafe.Pointer(_p0)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -301,9 +633,11 @@ func Chown(path string, uid int, gid int) (err error) {
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___CHOWN_A, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHOWN_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -316,9 +650,11 @@ func Chmod(path string, mode uint32) (err error) {
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___CHMOD_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHMOD_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -331,10 +667,12 @@ func Creat(path string, mode uint32) (fd int, err error) {
if err != nil {
return
}
- r0, _, e1 := syscall_syscall(SYS___CREAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CREAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+ runtime.ExitSyscall()
fd = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -342,10 +680,12 @@ func Creat(path string, mode uint32) (fd int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Dup(oldfd int) (fd int, err error) {
- r0, _, e1 := syscall_syscall(SYS_DUP, uintptr(oldfd), 0, 0)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DUP<<4, uintptr(oldfd))
+ runtime.ExitSyscall()
fd = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -353,617 +693,2216 @@ func Dup(oldfd int) (fd int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Dup2(oldfd int, newfd int) (err error) {
- _, _, e1 := syscall_syscall(SYS_DUP2, uintptr(oldfd), uintptr(newfd), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DUP2<<4, uintptr(oldfd), uintptr(newfd))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Errno2() (er2 int) {
- uer2, _, _ := syscall_syscall(SYS___ERRNO2, 0, 0, 0)
- er2 = int(uer2)
+func impl_Dup3(oldfd int, newfd int, flags int) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DUP3<<4, uintptr(oldfd), uintptr(newfd), uintptr(flags))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_Dup3Addr() *(func(oldfd int, newfd int, flags int) (err error))
-func Err2ad() (eadd *int) {
- ueadd, _, _ := syscall_syscall(SYS___ERR2AD, 0, 0, 0)
- eadd = (*int)(unsafe.Pointer(ueadd))
- return
-}
+var Dup3 = enter_Dup3
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+func enter_Dup3(oldfd int, newfd int, flags int) (err error) {
+ funcref := get_Dup3Addr()
+ if funcptrtest(GetZosLibVec()+SYS_DUP3<<4, "") == 0 {
+ *funcref = impl_Dup3
+ } else {
+ *funcref = error_Dup3
+ }
+ return (*funcref)(oldfd, newfd, flags)
+}
-func Exit(code int) {
- syscall_syscall(SYS_EXIT, uintptr(code), 0, 0)
+func error_Dup3(oldfd int, newfd int, flags int) (err error) {
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Fchdir(fd int) (err error) {
- _, _, e1 := syscall_syscall(SYS_FCHDIR, uintptr(fd), 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+func impl_Dirfd(dirp uintptr) (fd int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_DIRFD<<4, uintptr(dirp))
+ runtime.ExitSyscall()
+ fd = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_DirfdAddr() *(func(dirp uintptr) (fd int, err error))
-func Fchmod(fd int, mode uint32) (err error) {
- _, _, e1 := syscall_syscall(SYS_FCHMOD, uintptr(fd), uintptr(mode), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+var Dirfd = enter_Dirfd
+
+func enter_Dirfd(dirp uintptr) (fd int, err error) {
+ funcref := get_DirfdAddr()
+ if funcptrtest(GetZosLibVec()+SYS_DIRFD<<4, "") == 0 {
+ *funcref = impl_Dirfd
+ } else {
+ *funcref = error_Dirfd
}
+ return (*funcref)(dirp)
+}
+
+func error_Dirfd(dirp uintptr) (fd int, err error) {
+ fd = -1
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Fchown(fd int, uid int, gid int) (err error) {
- _, _, e1 := syscall_syscall(SYS_FCHOWN, uintptr(fd), uintptr(uid), uintptr(gid))
- if e1 != 0 {
- err = errnoErr(e1)
+func impl_EpollCreate(size int) (fd int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_CREATE<<4, uintptr(size))
+ runtime.ExitSyscall()
+ fd = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_EpollCreateAddr() *(func(size int) (fd int, err error))
-func FcntlInt(fd uintptr, cmd int, arg int) (retval int, err error) {
- r0, _, e1 := syscall_syscall(SYS_FCNTL, uintptr(fd), uintptr(cmd), uintptr(arg))
- retval = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+var EpollCreate = enter_EpollCreate
+
+func enter_EpollCreate(size int) (fd int, err error) {
+ funcref := get_EpollCreateAddr()
+ if funcptrtest(GetZosLibVec()+SYS_EPOLL_CREATE<<4, "") == 0 {
+ *funcref = impl_EpollCreate
+ } else {
+ *funcref = error_EpollCreate
}
+ return (*funcref)(size)
+}
+
+func error_EpollCreate(size int) (fd int, err error) {
+ fd = -1
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func fstat(fd int, stat *Stat_LE_t) (err error) {
- _, _, e1 := syscall_syscall(SYS_FSTAT, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+func impl_EpollCreate1(flags int) (fd int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_CREATE1<<4, uintptr(flags))
+ runtime.ExitSyscall()
+ fd = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_EpollCreate1Addr() *(func(flags int) (fd int, err error))
-func Fstatvfs(fd int, stat *Statvfs_t) (err error) {
- _, _, e1 := syscall_syscall(SYS_FSTATVFS, uintptr(fd), uintptr(unsafe.Pointer(stat)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+var EpollCreate1 = enter_EpollCreate1
+
+func enter_EpollCreate1(flags int) (fd int, err error) {
+ funcref := get_EpollCreate1Addr()
+ if funcptrtest(GetZosLibVec()+SYS_EPOLL_CREATE1<<4, "") == 0 {
+ *funcref = impl_EpollCreate1
+ } else {
+ *funcref = error_EpollCreate1
}
+ return (*funcref)(flags)
+}
+
+func error_EpollCreate1(flags int) (fd int, err error) {
+ fd = -1
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Fsync(fd int) (err error) {
- _, _, e1 := syscall_syscall(SYS_FSYNC, uintptr(fd), 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+func impl_EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_CTL<<4, uintptr(epfd), uintptr(op), uintptr(fd), uintptr(unsafe.Pointer(event)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_EpollCtlAddr() *(func(epfd int, op int, fd int, event *EpollEvent) (err error))
-func Ftruncate(fd int, length int64) (err error) {
- _, _, e1 := syscall_syscall(SYS_FTRUNCATE, uintptr(fd), uintptr(length), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+var EpollCtl = enter_EpollCtl
+
+func enter_EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+ funcref := get_EpollCtlAddr()
+ if funcptrtest(GetZosLibVec()+SYS_EPOLL_CTL<<4, "") == 0 {
+ *funcref = impl_EpollCtl
+ } else {
+ *funcref = error_EpollCtl
}
- return
+ return (*funcref)(epfd, op, fd, event)
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getpagesize() (pgsize int) {
- r0, _, _ := syscall_syscall(SYS_GETPAGESIZE, 0, 0, 0)
- pgsize = int(r0)
+func error_EpollCtl(epfd int, op int, fd int, event *EpollEvent) (err error) {
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Mprotect(b []byte, prot int) (err error) {
+func impl_EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) {
var _p0 unsafe.Pointer
- if len(b) > 0 {
- _p0 = unsafe.Pointer(&b[0])
+ if len(events) > 0 {
+ _p0 = unsafe.Pointer(&events[0])
} else {
_p0 = unsafe.Pointer(&_zero)
}
- _, _, e1 := syscall_syscall(SYS_MPROTECT, uintptr(_p0), uintptr(len(b)), uintptr(prot))
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_PWAIT<<4, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec), uintptr(unsafe.Pointer(sigmask)))
+ runtime.ExitSyscall()
+ n = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_EpollPwaitAddr() *(func(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error))
-func Msync(b []byte, flags int) (err error) {
- var _p0 unsafe.Pointer
- if len(b) > 0 {
- _p0 = unsafe.Pointer(&b[0])
+var EpollPwait = enter_EpollPwait
+
+func enter_EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) {
+ funcref := get_EpollPwaitAddr()
+ if funcptrtest(GetZosLibVec()+SYS_EPOLL_PWAIT<<4, "") == 0 {
+ *funcref = impl_EpollPwait
} else {
- _p0 = unsafe.Pointer(&_zero)
- }
- _, _, e1 := syscall_syscall(SYS_MSYNC, uintptr(_p0), uintptr(len(b)), uintptr(flags))
- if e1 != 0 {
- err = errnoErr(e1)
+ *funcref = error_EpollPwait
}
+ return (*funcref)(epfd, events, msec, sigmask)
+}
+
+func error_EpollPwait(epfd int, events []EpollEvent, msec int, sigmask *int) (n int, err error) {
+ n = -1
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Poll(fds []PollFd, timeout int) (n int, err error) {
+func impl_EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
var _p0 unsafe.Pointer
- if len(fds) > 0 {
- _p0 = unsafe.Pointer(&fds[0])
+ if len(events) > 0 {
+ _p0 = unsafe.Pointer(&events[0])
} else {
_p0 = unsafe.Pointer(&_zero)
}
- r0, _, e1 := syscall_syscall(SYS_POLL, uintptr(_p0), uintptr(len(fds)), uintptr(timeout))
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EPOLL_WAIT<<4, uintptr(epfd), uintptr(_p0), uintptr(len(events)), uintptr(msec))
+ runtime.ExitSyscall()
n = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_EpollWaitAddr() *(func(epfd int, events []EpollEvent, msec int) (n int, err error))
-func Times(tms *Tms) (ticks uintptr, err error) {
- r0, _, e1 := syscall_syscall(SYS_TIMES, uintptr(unsafe.Pointer(tms)), 0, 0)
- ticks = uintptr(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+var EpollWait = enter_EpollWait
+
+func enter_EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+ funcref := get_EpollWaitAddr()
+ if funcptrtest(GetZosLibVec()+SYS_EPOLL_WAIT<<4, "") == 0 {
+ *funcref = impl_EpollWait
+ } else {
+ *funcref = error_EpollWait
}
+ return (*funcref)(epfd, events, msec)
+}
+
+func error_EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) {
+ n = -1
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func W_Getmntent(buff *byte, size int) (lastsys int, err error) {
- r0, _, e1 := syscall_syscall(SYS_W_GETMNTENT, uintptr(unsafe.Pointer(buff)), uintptr(size), 0)
- lastsys = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
+func Errno2() (er2 int) {
+ runtime.EnterSyscall()
+ r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS___ERRNO2<<4)
+ runtime.ExitSyscall()
+ er2 = int(r0)
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func W_Getmntent_A(buff *byte, size int) (lastsys int, err error) {
- r0, _, e1 := syscall_syscall(SYS___W_GETMNTENT_A, uintptr(unsafe.Pointer(buff)), uintptr(size), 0)
- lastsys = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+func impl_Eventfd(initval uint, flags int) (fd int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_EVENTFD<<4, uintptr(initval), uintptr(flags))
+ runtime.ExitSyscall()
+ fd = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
+//go:nosplit
+func get_EventfdAddr() *(func(initval uint, flags int) (fd int, err error))
+
+var Eventfd = enter_Eventfd
+
+func enter_Eventfd(initval uint, flags int) (fd int, err error) {
+ funcref := get_EventfdAddr()
+ if funcptrtest(GetZosLibVec()+SYS_EVENTFD<<4, "") == 0 {
+ *funcref = impl_Eventfd
+ } else {
+ *funcref = error_Eventfd
+ }
+ return (*funcref)(initval, flags)
+}
+
+func error_Eventfd(initval uint, flags int) (fd int, err error) {
+ fd = -1
+ err = ENOSYS
+ return
+}
+
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func mount_LE(path string, filesystem string, fstype string, mtm uint32, parmlen int32, parm string) (err error) {
+func Exit(code int) {
+ runtime.EnterSyscall()
+ CallLeFuncWithErr(GetZosLibVec()+SYS_EXIT<<4, uintptr(code))
+ runtime.ExitSyscall()
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
var _p0 *byte
_p0, err = BytePtrFromString(path)
if err != nil {
return
}
- var _p1 *byte
- _p1, err = BytePtrFromString(filesystem)
- if err != nil {
- return
- }
- var _p2 *byte
- _p2, err = BytePtrFromString(fstype)
- if err != nil {
- return
- }
- var _p3 *byte
- _p3, err = BytePtrFromString(parm)
- if err != nil {
- return
- }
- _, _, e1 := syscall_syscall6(SYS___MOUNT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(mtm), uintptr(parmlen), uintptr(unsafe.Pointer(_p3)))
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FACCESSAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_FaccessatAddr() *(func(dirfd int, path string, mode uint32, flags int) (err error))
-func unmount(filesystem string, mtm int) (err error) {
+var Faccessat = enter_Faccessat
+
+func enter_Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+ funcref := get_FaccessatAddr()
+ if funcptrtest(GetZosLibVec()+SYS___FACCESSAT_A<<4, "") == 0 {
+ *funcref = impl_Faccessat
+ } else {
+ *funcref = error_Faccessat
+ }
+ return (*funcref)(dirfd, path, mode, flags)
+}
+
+func error_Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchdir(fd int) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCHDIR<<4, uintptr(fd))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchmod(fd int, mode uint32) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCHMOD<<4, uintptr(fd), uintptr(mode))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
var _p0 *byte
- _p0, err = BytePtrFromString(filesystem)
+ _p0, err = BytePtrFromString(path)
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___UMOUNT_A, uintptr(unsafe.Pointer(_p0)), uintptr(mtm), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FCHMODAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_FchmodatAddr() *(func(dirfd int, path string, mode uint32, flags int) (err error))
+
+var Fchmodat = enter_Fchmodat
+
+func enter_Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+ funcref := get_FchmodatAddr()
+ if funcptrtest(GetZosLibVec()+SYS___FCHMODAT_A<<4, "") == 0 {
+ *funcref = impl_Fchmodat
+ } else {
+ *funcref = error_Fchmodat
+ }
+ return (*funcref)(dirfd, path, mode, flags)
+}
+
+func error_Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fchown(fd int, uid int, gid int) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCHOWN<<4, uintptr(fd), uintptr(uid), uintptr(gid))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Chroot(path string) (err error) {
+func impl_Fchownat(fd int, path string, uid int, gid int, flags int) (err error) {
var _p0 *byte
_p0, err = BytePtrFromString(path)
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___CHROOT_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FCHOWNAT_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid), uintptr(flags))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_FchownatAddr() *(func(fd int, path string, uid int, gid int, flags int) (err error))
+
+var Fchownat = enter_Fchownat
+
+func enter_Fchownat(fd int, path string, uid int, gid int, flags int) (err error) {
+ funcref := get_FchownatAddr()
+ if funcptrtest(GetZosLibVec()+SYS___FCHOWNAT_A<<4, "") == 0 {
+ *funcref = impl_Fchownat
+ } else {
+ *funcref = error_Fchownat
}
+ return (*funcref)(fd, path, uid, gid, flags)
+}
+
+func error_Fchownat(fd int, path string, uid int, gid int, flags int) (err error) {
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Uname(buf *Utsname) (err error) {
- _, _, e1 := syscall_rawsyscall(SYS___UNAME_A, uintptr(unsafe.Pointer(buf)), 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+func FcntlInt(fd uintptr, cmd int, arg int) (retval int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FCNTL<<4, uintptr(fd), uintptr(cmd), uintptr(arg))
+ runtime.ExitSyscall()
+ retval = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Gethostname(buf []byte) (err error) {
+func impl_Fdatasync(fd int) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FDATASYNC<<4, uintptr(fd))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_FdatasyncAddr() *(func(fd int) (err error))
+
+var Fdatasync = enter_Fdatasync
+
+func enter_Fdatasync(fd int) (err error) {
+ funcref := get_FdatasyncAddr()
+ if funcptrtest(GetZosLibVec()+SYS_FDATASYNC<<4, "") == 0 {
+ *funcref = impl_Fdatasync
+ } else {
+ *funcref = error_Fdatasync
+ }
+ return (*funcref)(fd)
+}
+
+func error_Fdatasync(fd int) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func fstat(fd int, stat *Stat_LE_t) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSTAT<<4, uintptr(fd), uintptr(unsafe.Pointer(stat)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FSTATAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), uintptr(flags))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_fstatatAddr() *(func(dirfd int, path string, stat *Stat_LE_t, flags int) (err error))
+
+var fstatat = enter_fstatat
+
+func enter_fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) {
+ funcref := get_fstatatAddr()
+ if funcptrtest(GetZosLibVec()+SYS___FSTATAT_A<<4, "") == 0 {
+ *funcref = impl_fstatat
+ } else {
+ *funcref = error_fstatat
+ }
+ return (*funcref)(dirfd, path, stat, flags)
+}
+
+func error_fstatat(dirfd int, path string, stat *Stat_LE_t, flags int) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Lgetxattr(link string, attr string, dest []byte) (sz int, err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(link)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(attr)
+ if err != nil {
+ return
+ }
+ var _p2 unsafe.Pointer
+ if len(dest) > 0 {
+ _p2 = unsafe.Pointer(&dest[0])
+ } else {
+ _p2 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LGETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)))
+ runtime.ExitSyscall()
+ sz = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_LgetxattrAddr() *(func(link string, attr string, dest []byte) (sz int, err error))
+
+var Lgetxattr = enter_Lgetxattr
+
+func enter_Lgetxattr(link string, attr string, dest []byte) (sz int, err error) {
+ funcref := get_LgetxattrAddr()
+ if funcptrtest(GetZosLibVec()+SYS___LGETXATTR_A<<4, "") == 0 {
+ *funcref = impl_Lgetxattr
+ } else {
+ *funcref = error_Lgetxattr
+ }
+ return (*funcref)(link, attr, dest)
+}
+
+func error_Lgetxattr(link string, attr string, dest []byte) (sz int, err error) {
+ sz = -1
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(attr)
+ if err != nil {
+ return
+ }
+ var _p2 unsafe.Pointer
+ if len(data) > 0 {
+ _p2 = unsafe.Pointer(&data[0])
+ } else {
+ _p2 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LSETXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_LsetxattrAddr() *(func(path string, attr string, data []byte, flags int) (err error))
+
+var Lsetxattr = enter_Lsetxattr
+
+func enter_Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
+ funcref := get_LsetxattrAddr()
+ if funcptrtest(GetZosLibVec()+SYS___LSETXATTR_A<<4, "") == 0 {
+ *funcref = impl_Lsetxattr
+ } else {
+ *funcref = error_Lsetxattr
+ }
+ return (*funcref)(path, attr, data, flags)
+}
+
+func error_Lsetxattr(path string, attr string, data []byte, flags int) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Fstatfs(fd int, buf *Statfs_t) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSTATFS<<4, uintptr(fd), uintptr(unsafe.Pointer(buf)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_FstatfsAddr() *(func(fd int, buf *Statfs_t) (err error))
+
+var Fstatfs = enter_Fstatfs
+
+func enter_Fstatfs(fd int, buf *Statfs_t) (err error) {
+ funcref := get_FstatfsAddr()
+ if funcptrtest(GetZosLibVec()+SYS_FSTATFS<<4, "") == 0 {
+ *funcref = impl_Fstatfs
+ } else {
+ *funcref = error_Fstatfs
+ }
+ return (*funcref)(fd, buf)
+}
+
+func error_Fstatfs(fd int, buf *Statfs_t) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fstatvfs(fd int, stat *Statvfs_t) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSTATVFS<<4, uintptr(fd), uintptr(unsafe.Pointer(stat)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Fsync(fd int) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FSYNC<<4, uintptr(fd))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Futimes(fd int, tv []Timeval) (err error) {
var _p0 unsafe.Pointer
- if len(buf) > 0 {
- _p0 = unsafe.Pointer(&buf[0])
+ if len(tv) > 0 {
+ _p0 = unsafe.Pointer(&tv[0])
} else {
_p0 = unsafe.Pointer(&_zero)
}
- _, _, e1 := syscall_syscall(SYS___GETHOSTNAME_A, uintptr(_p0), uintptr(len(buf)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FUTIMES<<4, uintptr(fd), uintptr(_p0), uintptr(len(tv)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_FutimesAddr() *(func(fd int, tv []Timeval) (err error))
-func Getegid() (egid int) {
- r0, _, _ := syscall_rawsyscall(SYS_GETEGID, 0, 0, 0)
- egid = int(r0)
+var Futimes = enter_Futimes
+
+func enter_Futimes(fd int, tv []Timeval) (err error) {
+ funcref := get_FutimesAddr()
+ if funcptrtest(GetZosLibVec()+SYS_FUTIMES<<4, "") == 0 {
+ *funcref = impl_Futimes
+ } else {
+ *funcref = error_Futimes
+ }
+ return (*funcref)(fd, tv)
+}
+
+func error_Futimes(fd int, tv []Timeval) (err error) {
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Geteuid() (uid int) {
- r0, _, _ := syscall_rawsyscall(SYS_GETEUID, 0, 0, 0)
- uid = int(r0)
+func impl_Futimesat(dirfd int, path string, tv []Timeval) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ var _p1 unsafe.Pointer
+ if len(tv) > 0 {
+ _p1 = unsafe.Pointer(&tv[0])
+ } else {
+ _p1 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___FUTIMESAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(tv)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_FutimesatAddr() *(func(dirfd int, path string, tv []Timeval) (err error))
+
+var Futimesat = enter_Futimesat
+
+func enter_Futimesat(dirfd int, path string, tv []Timeval) (err error) {
+ funcref := get_FutimesatAddr()
+ if funcptrtest(GetZosLibVec()+SYS___FUTIMESAT_A<<4, "") == 0 {
+ *funcref = impl_Futimesat
+ } else {
+ *funcref = error_Futimesat
+ }
+ return (*funcref)(dirfd, path, tv)
+}
+
+func error_Futimesat(dirfd int, path string, tv []Timeval) (err error) {
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Getgid() (gid int) {
- r0, _, _ := syscall_rawsyscall(SYS_GETGID, 0, 0, 0)
- gid = int(r0)
+func Ftruncate(fd int, length int64) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_FTRUNCATE<<4, uintptr(fd), uintptr(length))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Getpid() (pid int) {
- r0, _, _ := syscall_rawsyscall(SYS_GETPID, 0, 0, 0)
- pid = int(r0)
+func impl_Getrandom(buf []byte, flags int) (n int, err error) {
+ var _p0 unsafe.Pointer
+ if len(buf) > 0 {
+ _p0 = unsafe.Pointer(&buf[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETRANDOM<<4, uintptr(_p0), uintptr(len(buf)), uintptr(flags))
+ runtime.ExitSyscall()
+ n = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_GetrandomAddr() *(func(buf []byte, flags int) (n int, err error))
+
+var Getrandom = enter_Getrandom
+
+func enter_Getrandom(buf []byte, flags int) (n int, err error) {
+ funcref := get_GetrandomAddr()
+ if funcptrtest(GetZosLibVec()+SYS_GETRANDOM<<4, "") == 0 {
+ *funcref = impl_Getrandom
+ } else {
+ *funcref = error_Getrandom
+ }
+ return (*funcref)(buf, flags)
+}
+
+func error_Getrandom(buf []byte, flags int) (n int, err error) {
+ n = -1
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Getpgid(pid int) (pgid int, err error) {
- r0, _, e1 := syscall_rawsyscall(SYS_GETPGID, uintptr(pid), 0, 0)
- pgid = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+func impl_InotifyInit() (fd int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec() + SYS_INOTIFY_INIT<<4)
+ runtime.ExitSyscall()
+ fd = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_InotifyInitAddr() *(func() (fd int, err error))
+
+var InotifyInit = enter_InotifyInit
+
+func enter_InotifyInit() (fd int, err error) {
+ funcref := get_InotifyInitAddr()
+ if funcptrtest(GetZosLibVec()+SYS_INOTIFY_INIT<<4, "") == 0 {
+ *funcref = impl_InotifyInit
+ } else {
+ *funcref = error_InotifyInit
}
+ return (*funcref)()
+}
+
+func error_InotifyInit() (fd int, err error) {
+ fd = -1
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Getppid() (pid int) {
- r0, _, _ := syscall_rawsyscall(SYS_GETPPID, 0, 0, 0)
- pid = int(r0)
+func impl_InotifyInit1(flags int) (fd int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_INOTIFY_INIT1<<4, uintptr(flags))
+ runtime.ExitSyscall()
+ fd = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_InotifyInit1Addr() *(func(flags int) (fd int, err error))
+
+var InotifyInit1 = enter_InotifyInit1
+
+func enter_InotifyInit1(flags int) (fd int, err error) {
+ funcref := get_InotifyInit1Addr()
+ if funcptrtest(GetZosLibVec()+SYS_INOTIFY_INIT1<<4, "") == 0 {
+ *funcref = impl_InotifyInit1
+ } else {
+ *funcref = error_InotifyInit1
+ }
+ return (*funcref)(flags)
+}
+
+func error_InotifyInit1(flags int) (fd int, err error) {
+ fd = -1
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(pathname)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___INOTIFY_ADD_WATCH_A<<4, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(mask))
+ runtime.ExitSyscall()
+ watchdesc = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_InotifyAddWatchAddr() *(func(fd int, pathname string, mask uint32) (watchdesc int, err error))
+
+var InotifyAddWatch = enter_InotifyAddWatch
+
+func enter_InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
+ funcref := get_InotifyAddWatchAddr()
+ if funcptrtest(GetZosLibVec()+SYS___INOTIFY_ADD_WATCH_A<<4, "") == 0 {
+ *funcref = impl_InotifyAddWatch
+ } else {
+ *funcref = error_InotifyAddWatch
+ }
+ return (*funcref)(fd, pathname, mask)
+}
+
+func error_InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) {
+ watchdesc = -1
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_INOTIFY_RM_WATCH<<4, uintptr(fd), uintptr(watchdesc))
+ runtime.ExitSyscall()
+ success = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_InotifyRmWatchAddr() *(func(fd int, watchdesc uint32) (success int, err error))
+
+var InotifyRmWatch = enter_InotifyRmWatch
+
+func enter_InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
+ funcref := get_InotifyRmWatchAddr()
+ if funcptrtest(GetZosLibVec()+SYS_INOTIFY_RM_WATCH<<4, "") == 0 {
+ *funcref = impl_InotifyRmWatch
+ } else {
+ *funcref = error_InotifyRmWatch
+ }
+ return (*funcref)(fd, watchdesc)
+}
+
+func error_InotifyRmWatch(fd int, watchdesc uint32) (success int, err error) {
+ success = -1
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Listxattr(path string, dest []byte) (sz int, err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ var _p1 unsafe.Pointer
+ if len(dest) > 0 {
+ _p1 = unsafe.Pointer(&dest[0])
+ } else {
+ _p1 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LISTXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
+ runtime.ExitSyscall()
+ sz = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_ListxattrAddr() *(func(path string, dest []byte) (sz int, err error))
+
+var Listxattr = enter_Listxattr
+
+func enter_Listxattr(path string, dest []byte) (sz int, err error) {
+ funcref := get_ListxattrAddr()
+ if funcptrtest(GetZosLibVec()+SYS___LISTXATTR_A<<4, "") == 0 {
+ *funcref = impl_Listxattr
+ } else {
+ *funcref = error_Listxattr
+ }
+ return (*funcref)(path, dest)
+}
+
+func error_Listxattr(path string, dest []byte) (sz int, err error) {
+ sz = -1
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Llistxattr(path string, dest []byte) (sz int, err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ var _p1 unsafe.Pointer
+ if len(dest) > 0 {
+ _p1 = unsafe.Pointer(&dest[0])
+ } else {
+ _p1 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LLISTXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)))
+ runtime.ExitSyscall()
+ sz = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_LlistxattrAddr() *(func(path string, dest []byte) (sz int, err error))
+
+var Llistxattr = enter_Llistxattr
+
+func enter_Llistxattr(path string, dest []byte) (sz int, err error) {
+ funcref := get_LlistxattrAddr()
+ if funcptrtest(GetZosLibVec()+SYS___LLISTXATTR_A<<4, "") == 0 {
+ *funcref = impl_Llistxattr
+ } else {
+ *funcref = error_Llistxattr
+ }
+ return (*funcref)(path, dest)
+}
+
+func error_Llistxattr(path string, dest []byte) (sz int, err error) {
+ sz = -1
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Lremovexattr(path string, attr string) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(attr)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LREMOVEXATTR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_LremovexattrAddr() *(func(path string, attr string) (err error))
+
+var Lremovexattr = enter_Lremovexattr
+
+func enter_Lremovexattr(path string, attr string) (err error) {
+ funcref := get_LremovexattrAddr()
+ if funcptrtest(GetZosLibVec()+SYS___LREMOVEXATTR_A<<4, "") == 0 {
+ *funcref = impl_Lremovexattr
+ } else {
+ *funcref = error_Lremovexattr
+ }
+ return (*funcref)(path, attr)
+}
+
+func error_Lremovexattr(path string, attr string) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Lutimes(path string, tv []Timeval) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ var _p1 unsafe.Pointer
+ if len(tv) > 0 {
+ _p1 = unsafe.Pointer(&tv[0])
+ } else {
+ _p1 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LUTIMES_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(tv)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_LutimesAddr() *(func(path string, tv []Timeval) (err error))
+
+var Lutimes = enter_Lutimes
+
+func enter_Lutimes(path string, tv []Timeval) (err error) {
+ funcref := get_LutimesAddr()
+ if funcptrtest(GetZosLibVec()+SYS___LUTIMES_A<<4, "") == 0 {
+ *funcref = impl_Lutimes
+ } else {
+ *funcref = error_Lutimes
+ }
+ return (*funcref)(path, tv)
+}
+
+func error_Lutimes(path string, tv []Timeval) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mprotect(b []byte, prot int) (err error) {
+ var _p0 unsafe.Pointer
+ if len(b) > 0 {
+ _p0 = unsafe.Pointer(&b[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MPROTECT<<4, uintptr(_p0), uintptr(len(b)), uintptr(prot))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Msync(b []byte, flags int) (err error) {
+ var _p0 unsafe.Pointer
+ if len(b) > 0 {
+ _p0 = unsafe.Pointer(&b[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_MSYNC<<4, uintptr(_p0), uintptr(len(b)), uintptr(flags))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Console2(cmsg *ConsMsg2, modstr *byte, concmd *uint32) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CONSOLE2<<4, uintptr(unsafe.Pointer(cmsg)), uintptr(unsafe.Pointer(modstr)), uintptr(unsafe.Pointer(concmd)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Poll(fds []PollFd, timeout int) (n int, err error) {
+ var _p0 unsafe.Pointer
+ if len(fds) > 0 {
+ _p0 = unsafe.Pointer(&fds[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_POLL<<4, uintptr(_p0), uintptr(len(fds)), uintptr(timeout))
+ runtime.ExitSyscall()
+ n = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Readdir_r(dirp uintptr, entry *direntLE, result **direntLE) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___READDIR_R_A<<4, uintptr(dirp), uintptr(unsafe.Pointer(entry)), uintptr(unsafe.Pointer(result)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Statfs(path string, buf *Statfs_t) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___STATFS_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(buf)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_StatfsAddr() *(func(path string, buf *Statfs_t) (err error))
+
+var Statfs = enter_Statfs
+
+func enter_Statfs(path string, buf *Statfs_t) (err error) {
+ funcref := get_StatfsAddr()
+ if funcptrtest(GetZosLibVec()+SYS___STATFS_A<<4, "") == 0 {
+ *funcref = impl_Statfs
+ } else {
+ *funcref = error_Statfs
+ }
+ return (*funcref)(path, buf)
+}
+
+func error_Statfs(path string, buf *Statfs_t) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Syncfs(fd int) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SYNCFS<<4, uintptr(fd))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_SyncfsAddr() *(func(fd int) (err error))
+
+var Syncfs = enter_Syncfs
+
+func enter_Syncfs(fd int) (err error) {
+ funcref := get_SyncfsAddr()
+ if funcptrtest(GetZosLibVec()+SYS_SYNCFS<<4, "") == 0 {
+ *funcref = impl_Syncfs
+ } else {
+ *funcref = error_Syncfs
+ }
+ return (*funcref)(fd)
+}
+
+func error_Syncfs(fd int) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Times(tms *Tms) (ticks uintptr, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TIMES<<4, uintptr(unsafe.Pointer(tms)))
+ runtime.ExitSyscall()
+ ticks = uintptr(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func W_Getmntent(buff *byte, size int) (lastsys int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_W_GETMNTENT<<4, uintptr(unsafe.Pointer(buff)), uintptr(size))
+ runtime.ExitSyscall()
+ lastsys = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func W_Getmntent_A(buff *byte, size int) (lastsys int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___W_GETMNTENT_A<<4, uintptr(unsafe.Pointer(buff)), uintptr(size))
+ runtime.ExitSyscall()
+ lastsys = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func mount_LE(path string, filesystem string, fstype string, mtm uint32, parmlen int32, parm string) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(filesystem)
+ if err != nil {
+ return
+ }
+ var _p2 *byte
+ _p2, err = BytePtrFromString(fstype)
+ if err != nil {
+ return
+ }
+ var _p3 *byte
+ _p3, err = BytePtrFromString(parm)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MOUNT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(unsafe.Pointer(_p2)), uintptr(mtm), uintptr(parmlen), uintptr(unsafe.Pointer(_p3)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func unmount_LE(filesystem string, mtm int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(filesystem)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UMOUNT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mtm))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Chroot(path string) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___CHROOT_A<<4, uintptr(unsafe.Pointer(_p0)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Select(nmsgsfds int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (ret int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SELECT<<4, uintptr(nmsgsfds), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)))
+ runtime.ExitSyscall()
+ ret = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Uname(buf *Utsname) (err error) {
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_____OSNAME_A<<4, uintptr(unsafe.Pointer(buf)))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Unshare(flags int) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_UNSHARE<<4, uintptr(flags))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_UnshareAddr() *(func(flags int) (err error))
+
+var Unshare = enter_Unshare
+
+func enter_Unshare(flags int) (err error) {
+ funcref := get_UnshareAddr()
+ if funcptrtest(GetZosLibVec()+SYS_UNSHARE<<4, "") == 0 {
+ *funcref = impl_Unshare
+ } else {
+ *funcref = error_Unshare
+ }
+ return (*funcref)(flags)
+}
+
+func error_Unshare(flags int) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Gethostname(buf []byte) (err error) {
+ var _p0 unsafe.Pointer
+ if len(buf) > 0 {
+ _p0 = unsafe.Pointer(&buf[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___GETHOSTNAME_A<<4, uintptr(_p0), uintptr(len(buf)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getgid() (gid int) {
+ r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETGID<<4)
+ gid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpid() (pid int) {
+ r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETPID<<4)
+ pid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpgid(pid int) (pgid int, err error) {
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETPGID<<4, uintptr(pid))
+ pgid = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getppid() (pid int) {
+ r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETPPID<<4)
+ pid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getpriority(which int, who int) (prio int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETPRIORITY<<4, uintptr(which), uintptr(who))
+ runtime.ExitSyscall()
+ prio = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getrlimit(resource int, rlim *Rlimit) (err error) {
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETRLIMIT<<4, uintptr(resource), uintptr(unsafe.Pointer(rlim)))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func getrusage(who int, rusage *rusage_zos) (err error) {
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETRUSAGE<<4, uintptr(who), uintptr(unsafe.Pointer(rusage)))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getegid() (egid int) {
+ runtime.EnterSyscall()
+ r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETEGID<<4)
+ runtime.ExitSyscall()
+ egid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Geteuid() (euid int) {
+ runtime.EnterSyscall()
+ r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETEUID<<4)
+ runtime.ExitSyscall()
+ euid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getsid(pid int) (sid int, err error) {
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETSID<<4, uintptr(pid))
+ sid = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Getuid() (uid int) {
+ r0, _, _ := CallLeFuncWithErr(GetZosLibVec() + SYS_GETUID<<4)
+ uid = int(r0)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Kill(pid int, sig Signal) (err error) {
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_KILL<<4, uintptr(pid), uintptr(sig))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Lchown(path string, uid int, gid int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LCHOWN_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Link(path string, link string) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(link)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LINK_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(oldPath)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(newPath)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LINKAT_A<<4, uintptr(oldDirFd), uintptr(unsafe.Pointer(_p0)), uintptr(newDirFd), uintptr(unsafe.Pointer(_p1)), uintptr(flags))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_LinkatAddr() *(func(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error))
+
+var Linkat = enter_Linkat
+
+func enter_Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) {
+ funcref := get_LinkatAddr()
+ if funcptrtest(GetZosLibVec()+SYS___LINKAT_A<<4, "") == 0 {
+ *funcref = impl_Linkat
+ } else {
+ *funcref = error_Linkat
+ }
+ return (*funcref)(oldDirFd, oldPath, newDirFd, newPath, flags)
+}
+
+func error_Linkat(oldDirFd int, oldPath string, newDirFd int, newPath string, flags int) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Listen(s int, n int) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_LISTEN<<4, uintptr(s), uintptr(n))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func lstat(path string, stat *Stat_LE_t) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___LSTAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkdir(path string, mode uint32) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKDIR_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Mkdirat(dirfd int, path string, mode uint32) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKDIRAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_MkdiratAddr() *(func(dirfd int, path string, mode uint32) (err error))
+
+var Mkdirat = enter_Mkdirat
+
+func enter_Mkdirat(dirfd int, path string, mode uint32) (err error) {
+ funcref := get_MkdiratAddr()
+ if funcptrtest(GetZosLibVec()+SYS___MKDIRAT_A<<4, "") == 0 {
+ *funcref = impl_Mkdirat
+ } else {
+ *funcref = error_Mkdirat
+ }
+ return (*funcref)(dirfd, path, mode)
+}
+
+func error_Mkdirat(dirfd int, path string, mode uint32) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mkfifo(path string, mode uint32) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKFIFO_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Mknod(path string, mode uint32, dev int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKNOD_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___MKNODAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_MknodatAddr() *(func(dirfd int, path string, mode uint32, dev int) (err error))
+
+var Mknodat = enter_Mknodat
+
+func enter_Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+ funcref := get_MknodatAddr()
+ if funcptrtest(GetZosLibVec()+SYS___MKNODAT_A<<4, "") == 0 {
+ *funcref = impl_Mknodat
+ } else {
+ *funcref = error_Mknodat
+ }
+ return (*funcref)(dirfd, path, mode, dev)
+}
+
+func error_Mknodat(dirfd int, path string, mode uint32, dev int) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_PivotRoot(newroot string, oldroot string) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(newroot)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(oldroot)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___PIVOT_ROOT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_PivotRootAddr() *(func(newroot string, oldroot string) (err error))
+
+var PivotRoot = enter_PivotRoot
+
+func enter_PivotRoot(newroot string, oldroot string) (err error) {
+ funcref := get_PivotRootAddr()
+ if funcptrtest(GetZosLibVec()+SYS___PIVOT_ROOT_A<<4, "") == 0 {
+ *funcref = impl_PivotRoot
+ } else {
+ *funcref = error_PivotRoot
+ }
+ return (*funcref)(newroot, oldroot)
+}
+
+func error_PivotRoot(newroot string, oldroot string) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Pread(fd int, p []byte, offset int64) (n int, err error) {
+ var _p0 unsafe.Pointer
+ if len(p) > 0 {
+ _p0 = unsafe.Pointer(&p[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PREAD<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset))
+ runtime.ExitSyscall()
+ n = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Getpriority(which int, who int) (prio int, err error) {
- r0, _, e1 := syscall_syscall(SYS_GETPRIORITY, uintptr(which), uintptr(who), 0)
- prio = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+ var _p0 unsafe.Pointer
+ if len(p) > 0 {
+ _p0 = unsafe.Pointer(&p[0])
+ } else {
+ _p0 = unsafe.Pointer(&_zero)
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PWRITE<<4, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset))
+ runtime.ExitSyscall()
+ n = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Getrlimit(resource int, rlim *Rlimit) (err error) {
- _, _, e1 := syscall_rawsyscall(SYS_GETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(rlim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+func impl_Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___PRCTL_A<<4, uintptr(option), uintptr(arg2), uintptr(arg3), uintptr(arg4), uintptr(arg5))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_PrctlAddr() *(func(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error))
-func getrusage(who int, rusage *rusage_zos) (err error) {
- _, _, e1 := syscall_rawsyscall(SYS_GETRUSAGE, uintptr(who), uintptr(unsafe.Pointer(rusage)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+var Prctl = enter_Prctl
+
+func enter_Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
+ funcref := get_PrctlAddr()
+ if funcptrtest(GetZosLibVec()+SYS___PRCTL_A<<4, "") == 0 {
+ *funcref = impl_Prctl
+ } else {
+ *funcref = error_Prctl
}
- return
+ return (*funcref)(option, arg2, arg3, arg4, arg5)
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Getsid(pid int) (sid int, err error) {
- r0, _, e1 := syscall_rawsyscall(SYS_GETSID, uintptr(pid), 0, 0)
- sid = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
+func error_Prctl(option int, arg2 uintptr, arg3 uintptr, arg4 uintptr, arg5 uintptr) (err error) {
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Getuid() (uid int) {
- r0, _, _ := syscall_rawsyscall(SYS_GETUID, 0, 0, 0)
- uid = int(r0)
+func impl_Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PRLIMIT<<4, uintptr(pid), uintptr(resource), uintptr(unsafe.Pointer(newlimit)), uintptr(unsafe.Pointer(old)))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_PrlimitAddr() *(func(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error))
-func Kill(pid int, sig Signal) (err error) {
- _, _, e1 := syscall_rawsyscall(SYS_KILL, uintptr(pid), uintptr(sig), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+var Prlimit = enter_Prlimit
+
+func enter_Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
+ funcref := get_PrlimitAddr()
+ if funcptrtest(GetZosLibVec()+SYS_PRLIMIT<<4, "") == 0 {
+ *funcref = impl_Prlimit
+ } else {
+ *funcref = error_Prlimit
}
+ return (*funcref)(pid, resource, newlimit, old)
+}
+
+func error_Prlimit(pid int, resource int, newlimit *Rlimit, old *Rlimit) (err error) {
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Lchown(path string, uid int, gid int) (err error) {
+func Rename(from string, to string) (err error) {
var _p0 *byte
- _p0, err = BytePtrFromString(path)
+ _p0, err = BytePtrFromString(from)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(to)
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___LCHOWN_A, uintptr(unsafe.Pointer(_p0)), uintptr(uid), uintptr(gid))
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RENAME_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Link(path string, link string) (err error) {
+func impl_Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
var _p0 *byte
- _p0, err = BytePtrFromString(path)
+ _p0, err = BytePtrFromString(oldpath)
if err != nil {
return
}
var _p1 *byte
- _p1, err = BytePtrFromString(link)
+ _p1, err = BytePtrFromString(newpath)
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___LINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RENAMEAT_A<<4, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_RenameatAddr() *(func(olddirfd int, oldpath string, newdirfd int, newpath string) (err error))
-func Listen(s int, n int) (err error) {
- _, _, e1 := syscall_syscall(SYS_LISTEN, uintptr(s), uintptr(n), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+var Renameat = enter_Renameat
+
+func enter_Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+ funcref := get_RenameatAddr()
+ if funcptrtest(GetZosLibVec()+SYS___RENAMEAT_A<<4, "") == 0 {
+ *funcref = impl_Renameat
+ } else {
+ *funcref = error_Renameat
}
+ return (*funcref)(olddirfd, oldpath, newdirfd, newpath)
+}
+
+func error_Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err error) {
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func lstat(path string, stat *Stat_LE_t) (err error) {
+func impl_Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) {
var _p0 *byte
- _p0, err = BytePtrFromString(path)
+ _p0, err = BytePtrFromString(oldpath)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(newpath)
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___LSTAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(stat)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RENAMEAT2_A<<4, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_Renameat2Addr() *(func(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error))
-func Mkdir(path string, mode uint32) (err error) {
- var _p0 *byte
- _p0, err = BytePtrFromString(path)
- if err != nil {
- return
- }
- _, _, e1 := syscall_syscall(SYS___MKDIR_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+var Renameat2 = enter_Renameat2
+
+func enter_Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) {
+ funcref := get_Renameat2Addr()
+ if funcptrtest(GetZosLibVec()+SYS___RENAMEAT2_A<<4, "") == 0 {
+ *funcref = impl_Renameat2
+ } else {
+ *funcref = error_Renameat2
}
+ return (*funcref)(olddirfd, oldpath, newdirfd, newpath, flags)
+}
+
+func error_Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) {
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Mkfifo(path string, mode uint32) (err error) {
+func Rmdir(path string) (err error) {
var _p0 *byte
_p0, err = BytePtrFromString(path)
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___MKFIFO_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___RMDIR_A<<4, uintptr(unsafe.Pointer(_p0)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Mknod(path string, mode uint32, dev int) (err error) {
- var _p0 *byte
- _p0, err = BytePtrFromString(path)
- if err != nil {
- return
- }
- _, _, e1 := syscall_syscall(SYS___MKNOD_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(dev))
- if e1 != 0 {
- err = errnoErr(e1)
+func Seek(fd int, offset int64, whence int) (off int64, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_LSEEK<<4, uintptr(fd), uintptr(offset), uintptr(whence))
+ runtime.ExitSyscall()
+ off = int64(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Pread(fd int, p []byte, offset int64) (n int, err error) {
- var _p0 unsafe.Pointer
- if len(p) > 0 {
- _p0 = unsafe.Pointer(&p[0])
- } else {
- _p0 = unsafe.Pointer(&_zero)
+func Setegid(egid int) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETEGID<<4, uintptr(egid))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
- r0, _, e1 := syscall_syscall6(SYS_PREAD, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
- n = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Seteuid(euid int) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETEUID<<4, uintptr(euid))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Pwrite(fd int, p []byte, offset int64) (n int, err error) {
+func impl_Sethostname(p []byte) (err error) {
var _p0 unsafe.Pointer
if len(p) > 0 {
_p0 = unsafe.Pointer(&p[0])
} else {
_p0 = unsafe.Pointer(&_zero)
}
- r0, _, e1 := syscall_syscall6(SYS_PWRITE, uintptr(fd), uintptr(_p0), uintptr(len(p)), uintptr(offset), 0, 0)
- n = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SETHOSTNAME_A<<4, uintptr(_p0), uintptr(len(p)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_SethostnameAddr() *(func(p []byte) (err error))
-func Readlink(path string, buf []byte) (n int, err error) {
- var _p0 *byte
- _p0, err = BytePtrFromString(path)
- if err != nil {
- return
- }
- var _p1 unsafe.Pointer
- if len(buf) > 0 {
- _p1 = unsafe.Pointer(&buf[0])
+var Sethostname = enter_Sethostname
+
+func enter_Sethostname(p []byte) (err error) {
+ funcref := get_SethostnameAddr()
+ if funcptrtest(GetZosLibVec()+SYS___SETHOSTNAME_A<<4, "") == 0 {
+ *funcref = impl_Sethostname
} else {
- _p1 = unsafe.Pointer(&_zero)
+ *funcref = error_Sethostname
}
- r0, _, e1 := syscall_syscall(SYS___READLINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(buf)))
- n = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
- return
+ return (*funcref)(p)
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Rename(from string, to string) (err error) {
- var _p0 *byte
- _p0, err = BytePtrFromString(from)
- if err != nil {
- return
- }
- var _p1 *byte
- _p1, err = BytePtrFromString(to)
- if err != nil {
- return
- }
- _, _, e1 := syscall_syscall(SYS___RENAME_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
- }
+func error_Sethostname(p []byte) (err error) {
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Rmdir(path string) (err error) {
- var _p0 *byte
- _p0, err = BytePtrFromString(path)
- if err != nil {
- return
- }
- _, _, e1 := syscall_syscall(SYS___RMDIR_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+func impl_Setns(fd int, nstype int) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETNS<<4, uintptr(fd), uintptr(nstype))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+//go:nosplit
+func get_SetnsAddr() *(func(fd int, nstype int) (err error))
-func Seek(fd int, offset int64, whence int) (off int64, err error) {
- r0, _, e1 := syscall_syscall(SYS_LSEEK, uintptr(fd), uintptr(offset), uintptr(whence))
- off = int64(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+var Setns = enter_Setns
+
+func enter_Setns(fd int, nstype int) (err error) {
+ funcref := get_SetnsAddr()
+ if funcptrtest(GetZosLibVec()+SYS_SETNS<<4, "") == 0 {
+ *funcref = impl_Setns
+ } else {
+ *funcref = error_Setns
}
+ return (*funcref)(fd, nstype)
+}
+
+func error_Setns(fd int, nstype int) (err error) {
+ err = ENOSYS
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Setpriority(which int, who int, prio int) (err error) {
- _, _, e1 := syscall_syscall(SYS_SETPRIORITY, uintptr(which), uintptr(who), uintptr(prio))
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETPRIORITY<<4, uintptr(which), uintptr(who), uintptr(prio))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -971,9 +2910,9 @@ func Setpriority(which int, who int, prio int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Setpgid(pid int, pgid int) (err error) {
- _, _, e1 := syscall_rawsyscall(SYS_SETPGID, uintptr(pid), uintptr(pgid), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETPGID<<4, uintptr(pid), uintptr(pgid))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -981,9 +2920,9 @@ func Setpgid(pid int, pgid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Setrlimit(resource int, lim *Rlimit) (err error) {
- _, _, e1 := syscall_rawsyscall(SYS_SETRLIMIT, uintptr(resource), uintptr(unsafe.Pointer(lim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETRLIMIT<<4, uintptr(resource), uintptr(unsafe.Pointer(lim)))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -991,9 +2930,9 @@ func Setrlimit(resource int, lim *Rlimit) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Setregid(rgid int, egid int) (err error) {
- _, _, e1 := syscall_rawsyscall(SYS_SETREGID, uintptr(rgid), uintptr(egid), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETREGID<<4, uintptr(rgid), uintptr(egid))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1001,9 +2940,9 @@ func Setregid(rgid int, egid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Setreuid(ruid int, euid int) (err error) {
- _, _, e1 := syscall_rawsyscall(SYS_SETREUID, uintptr(ruid), uintptr(euid), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETREUID<<4, uintptr(ruid), uintptr(euid))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1011,10 +2950,10 @@ func Setreuid(ruid int, euid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Setsid() (pid int, err error) {
- r0, _, e1 := syscall_rawsyscall(SYS_SETSID, 0, 0, 0)
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec() + SYS_SETSID<<4)
pid = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1022,9 +2961,11 @@ func Setsid() (pid int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Setuid(uid int) (err error) {
- _, _, e1 := syscall_syscall(SYS_SETUID, uintptr(uid), 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETUID<<4, uintptr(uid))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1032,9 +2973,11 @@ func Setuid(uid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Setgid(uid int) (err error) {
- _, _, e1 := syscall_syscall(SYS_SETGID, uintptr(uid), 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SETGID<<4, uintptr(uid))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1042,9 +2985,11 @@ func Setgid(uid int) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Shutdown(fd int, how int) (err error) {
- _, _, e1 := syscall_syscall(SYS_SHUTDOWN, uintptr(fd), uintptr(how), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_SHUTDOWN<<4, uintptr(fd), uintptr(how))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1057,9 +3002,11 @@ func stat(path string, statLE *Stat_LE_t) (err error) {
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___STAT_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(statLE)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___STAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(statLE)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1077,17 +3024,63 @@ func Symlink(path string, link string) (err error) {
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___SYMLINK_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SYMLINK_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Symlinkat(oldPath string, dirfd int, newPath string) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(oldPath)
+ if err != nil {
+ return
+ }
+ var _p1 *byte
+ _p1, err = BytePtrFromString(newPath)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___SYMLINKAT_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(dirfd), uintptr(unsafe.Pointer(_p1)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
+//go:nosplit
+func get_SymlinkatAddr() *(func(oldPath string, dirfd int, newPath string) (err error))
+
+var Symlinkat = enter_Symlinkat
+
+func enter_Symlinkat(oldPath string, dirfd int, newPath string) (err error) {
+ funcref := get_SymlinkatAddr()
+ if funcptrtest(GetZosLibVec()+SYS___SYMLINKAT_A<<4, "") == 0 {
+ *funcref = impl_Symlinkat
+ } else {
+ *funcref = error_Symlinkat
+ }
+ return (*funcref)(oldPath, dirfd, newPath)
+}
+
+func error_Symlinkat(oldPath string, dirfd int, newPath string) (err error) {
+ err = ENOSYS
+ return
+}
+
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Sync() {
- syscall_syscall(SYS_SYNC, 0, 0, 0)
+ runtime.EnterSyscall()
+ CallLeFuncWithErr(GetZosLibVec() + SYS_SYNC<<4)
+ runtime.ExitSyscall()
return
}
@@ -1099,9 +3092,11 @@ func Truncate(path string, length int64) (err error) {
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___TRUNCATE_A, uintptr(unsafe.Pointer(_p0)), uintptr(length), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___TRUNCATE_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(length))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1109,9 +3104,11 @@ func Truncate(path string, length int64) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Tcgetattr(fildes int, termptr *Termios) (err error) {
- _, _, e1 := syscall_syscall(SYS_TCGETATTR, uintptr(fildes), uintptr(unsafe.Pointer(termptr)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TCGETATTR<<4, uintptr(fildes), uintptr(unsafe.Pointer(termptr)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1119,9 +3116,11 @@ func Tcgetattr(fildes int, termptr *Termios) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Tcsetattr(fildes int, when int, termptr *Termios) (err error) {
- _, _, e1 := syscall_syscall(SYS_TCSETATTR, uintptr(fildes), uintptr(when), uintptr(unsafe.Pointer(termptr)))
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_TCSETATTR<<4, uintptr(fildes), uintptr(when), uintptr(unsafe.Pointer(termptr)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1129,7 +3128,9 @@ func Tcsetattr(fildes int, when int, termptr *Termios) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func Umask(mask int) (oldmask int) {
- r0, _, _ := syscall_syscall(SYS_UMASK, uintptr(mask), 0, 0)
+ runtime.EnterSyscall()
+ r0, _, _ := CallLeFuncWithErr(GetZosLibVec()+SYS_UMASK<<4, uintptr(mask))
+ runtime.ExitSyscall()
oldmask = int(r0)
return
}
@@ -1142,10 +3143,49 @@ func Unlink(path string) (err error) {
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___UNLINK_A, uintptr(unsafe.Pointer(_p0)), 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UNLINK_A<<4, uintptr(unsafe.Pointer(_p0)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_Unlinkat(dirfd int, path string, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UNLINKAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_UnlinkatAddr() *(func(dirfd int, path string, flags int) (err error))
+
+var Unlinkat = enter_Unlinkat
+
+func enter_Unlinkat(dirfd int, path string, flags int) (err error) {
+ funcref := get_UnlinkatAddr()
+ if funcptrtest(GetZosLibVec()+SYS___UNLINKAT_A<<4, "") == 0 {
+ *funcref = impl_Unlinkat
+ } else {
+ *funcref = error_Unlinkat
}
+ return (*funcref)(dirfd, path, flags)
+}
+
+func error_Unlinkat(dirfd int, path string, flags int) (err error) {
+ err = ENOSYS
return
}
@@ -1157,9 +3197,11 @@ func Utime(path string, utim *Utimbuf) (err error) {
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___UTIME_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(utim)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UTIME_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(utim)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1172,11 +3214,91 @@ func open(path string, mode int, perm uint32) (fd int, err error) {
if err != nil {
return
}
- r0, _, e1 := syscall_syscall(SYS___OPEN_A, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___OPEN_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(perm))
+ runtime.ExitSyscall()
+ fd = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___OPENAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(flags), uintptr(mode))
+ runtime.ExitSyscall()
+ fd = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_openatAddr() *(func(dirfd int, path string, flags int, mode uint32) (fd int, err error))
+
+var openat = enter_openat
+
+func enter_openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+ funcref := get_openatAddr()
+ if funcptrtest(GetZosLibVec()+SYS___OPENAT_A<<4, "") == 0 {
+ *funcref = impl_openat
+ } else {
+ *funcref = error_openat
+ }
+ return (*funcref)(dirfd, path, flags, mode)
+}
+
+func error_openat(dirfd int, path string, flags int, mode uint32) (fd int, err error) {
+ fd = -1
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func impl_openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___OPENAT2_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(open_how)), uintptr(size))
+ runtime.ExitSyscall()
fd = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_openat2Addr() *(func(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error))
+
+var openat2 = enter_openat2
+
+func enter_openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) {
+ funcref := get_openat2Addr()
+ if funcptrtest(GetZosLibVec()+SYS___OPENAT2_A<<4, "") == 0 {
+ *funcref = impl_openat2
+ } else {
+ *funcref = error_openat2
}
+ return (*funcref)(dirfd, path, open_how, size)
+}
+
+func error_openat2(dirfd int, path string, open_how *OpenHow, size int) (fd int, err error) {
+ fd = -1
+ err = ENOSYS
return
}
@@ -1188,9 +3310,23 @@ func remove(path string) (err error) {
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS_REMOVE, uintptr(unsafe.Pointer(_p0)), 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_REMOVE<<4, uintptr(unsafe.Pointer(_p0)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func waitid(idType int, id int, info *Siginfo, options int) (err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WAITID<<4, uintptr(idType), uintptr(id), uintptr(unsafe.Pointer(info)), uintptr(options))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1198,10 +3334,12 @@ func remove(path string) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func waitpid(pid int, wstatus *_C_int, options int) (wpid int, err error) {
- r0, _, e1 := syscall_syscall(SYS_WAITPID, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options))
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_WAITPID<<4, uintptr(pid), uintptr(unsafe.Pointer(wstatus)), uintptr(options))
+ runtime.ExitSyscall()
wpid = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1209,9 +3347,9 @@ func waitpid(pid int, wstatus *_C_int, options int) (wpid int, err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func gettimeofday(tv *timeval_zos) (err error) {
- _, _, e1 := syscall_rawsyscall(SYS_GETTIMEOFDAY, uintptr(unsafe.Pointer(tv)), 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GETTIMEOFDAY<<4, uintptr(unsafe.Pointer(tv)))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1219,9 +3357,9 @@ func gettimeofday(tv *timeval_zos) (err error) {
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
func pipe(p *[2]_C_int) (err error) {
- _, _, e1 := syscall_rawsyscall(SYS_PIPE, uintptr(unsafe.Pointer(p)), 0, 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_PIPE<<4, uintptr(unsafe.Pointer(p)))
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
@@ -1234,20 +3372,87 @@ func utimes(path string, timeval *[2]Timeval) (err error) {
if err != nil {
return
}
- _, _, e1 := syscall_syscall(SYS___UTIMES_A, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)), 0)
- if e1 != 0 {
- err = errnoErr(e1)
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UTIMES_A<<4, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(timeval)))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-func Select(nmsgsfds int, r *FdSet, w *FdSet, e *FdSet, timeout *Timeval) (ret int, err error) {
- r0, _, e1 := syscall_syscall6(SYS_SELECT, uintptr(nmsgsfds), uintptr(unsafe.Pointer(r)), uintptr(unsafe.Pointer(w)), uintptr(unsafe.Pointer(e)), uintptr(unsafe.Pointer(timeout)), 0)
- ret = int(r0)
- if e1 != 0 {
- err = errnoErr(e1)
+func impl_utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) {
+ var _p0 *byte
+ _p0, err = BytePtrFromString(path)
+ if err != nil {
+ return
+ }
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS___UTIMENSAT_A<<4, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(ts)), uintptr(flags))
+ runtime.ExitSyscall()
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+//go:nosplit
+func get_utimensatAddr() *(func(dirfd int, path string, ts *[2]Timespec, flags int) (err error))
+
+var utimensat = enter_utimensat
+
+func enter_utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) {
+ funcref := get_utimensatAddr()
+ if funcptrtest(GetZosLibVec()+SYS___UTIMENSAT_A<<4, "") == 0 {
+ *funcref = impl_utimensat
+ } else {
+ *funcref = error_utimensat
+ }
+ return (*funcref)(dirfd, path, ts, flags)
+}
+
+func error_utimensat(dirfd int, path string, ts *[2]Timespec, flags int) (err error) {
+ err = ENOSYS
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Posix_openpt(oflag int) (fd int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_POSIX_OPENPT<<4, uintptr(oflag))
+ runtime.ExitSyscall()
+ fd = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Grantpt(fildes int) (rc int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_GRANTPT<<4, uintptr(fildes))
+ runtime.ExitSyscall()
+ rc = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
+ }
+ return
+}
+
+// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+
+func Unlockpt(fildes int) (rc int, err error) {
+ runtime.EnterSyscall()
+ r0, e2, e1 := CallLeFuncWithErr(GetZosLibVec()+SYS_UNLOCKPT<<4, uintptr(fildes))
+ runtime.ExitSyscall()
+ rc = int(r0)
+ if int64(r0) == -1 {
+ err = errnoErr2(e1, e2)
}
return
}
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
index fcf3ecbddee10b5a9e947a193f44169a1f9f95d2..524b0820cbc2ee32a4598fa64ebbe64cec2a9dda 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
@@ -448,4 +448,14 @@ const (
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
+ SYS_MAP_SHADOW_STACK = 453
+ SYS_FUTEX_WAKE = 454
+ SYS_FUTEX_WAIT = 455
+ SYS_FUTEX_REQUEUE = 456
+ SYS_STATMOUNT = 457
+ SYS_LISTMOUNT = 458
+ SYS_LSM_GET_SELF_ATTR = 459
+ SYS_LSM_SET_SELF_ATTR = 460
+ SYS_LSM_LIST_MODULES = 461
+ SYS_MSEAL = 462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
index f56dc2504ae140d232c2e3339a70d858876284e8..f485dbf4565671fd01bc685d7de256cbbac0dee2 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
@@ -341,6 +341,7 @@ const (
SYS_STATX = 332
SYS_IO_PGETEVENTS = 333
SYS_RSEQ = 334
+ SYS_URETPROBE = 335
SYS_PIDFD_SEND_SIGNAL = 424
SYS_IO_URING_SETUP = 425
SYS_IO_URING_ENTER = 426
@@ -371,4 +372,13 @@ const (
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
SYS_MAP_SHADOW_STACK = 453
+ SYS_FUTEX_WAKE = 454
+ SYS_FUTEX_WAIT = 455
+ SYS_FUTEX_REQUEUE = 456
+ SYS_STATMOUNT = 457
+ SYS_LISTMOUNT = 458
+ SYS_LSM_GET_SELF_ATTR = 459
+ SYS_LSM_SET_SELF_ATTR = 460
+ SYS_LSM_LIST_MODULES = 461
+ SYS_MSEAL = 462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
index 974bf246767e34933ee085ec13e3323b8b30903e..70b35bf3b09f68cb6bd6c4065b4248ed02657766 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
@@ -412,4 +412,14 @@ const (
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
+ SYS_MAP_SHADOW_STACK = 453
+ SYS_FUTEX_WAKE = 454
+ SYS_FUTEX_WAIT = 455
+ SYS_FUTEX_REQUEUE = 456
+ SYS_STATMOUNT = 457
+ SYS_LISTMOUNT = 458
+ SYS_LSM_GET_SELF_ATTR = 459
+ SYS_LSM_SET_SELF_ATTR = 460
+ SYS_LSM_LIST_MODULES = 461
+ SYS_MSEAL = 462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
index 39a2739e231043154d31271f7ac6c4ff06aef6b0..1893e2fe884044dc9724126bf8565ca9fca04748 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
@@ -85,7 +85,7 @@ const (
SYS_SPLICE = 76
SYS_TEE = 77
SYS_READLINKAT = 78
- SYS_FSTATAT = 79
+ SYS_NEWFSTATAT = 79
SYS_FSTAT = 80
SYS_SYNC = 81
SYS_FSYNC = 82
@@ -315,4 +315,14 @@ const (
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
+ SYS_MAP_SHADOW_STACK = 453
+ SYS_FUTEX_WAKE = 454
+ SYS_FUTEX_WAIT = 455
+ SYS_FUTEX_REQUEUE = 456
+ SYS_STATMOUNT = 457
+ SYS_LISTMOUNT = 458
+ SYS_LSM_GET_SELF_ATTR = 459
+ SYS_LSM_SET_SELF_ATTR = 460
+ SYS_LSM_LIST_MODULES = 461
+ SYS_MSEAL = 462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
index cf9c9d77e10fbb364549ca7e8c9d8575b7d11ede..16a4017da0ab2fbb8868a34cf7e90df9b052577e 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
@@ -84,6 +84,8 @@ const (
SYS_SPLICE = 76
SYS_TEE = 77
SYS_READLINKAT = 78
+ SYS_NEWFSTATAT = 79
+ SYS_FSTAT = 80
SYS_SYNC = 81
SYS_FSYNC = 82
SYS_FDATASYNC = 83
@@ -309,4 +311,14 @@ const (
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
+ SYS_MAP_SHADOW_STACK = 453
+ SYS_FUTEX_WAKE = 454
+ SYS_FUTEX_WAIT = 455
+ SYS_FUTEX_REQUEUE = 456
+ SYS_STATMOUNT = 457
+ SYS_LISTMOUNT = 458
+ SYS_LSM_GET_SELF_ATTR = 459
+ SYS_LSM_SET_SELF_ATTR = 460
+ SYS_LSM_LIST_MODULES = 461
+ SYS_MSEAL = 462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
index 10b7362ef4424f73e8f0df7fcd7d83a2b4a69714..7e567f1efff21dabc0bbb99d82ac79568fa0c71e 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
@@ -432,4 +432,14 @@ const (
SYS_SET_MEMPOLICY_HOME_NODE = 4450
SYS_CACHESTAT = 4451
SYS_FCHMODAT2 = 4452
+ SYS_MAP_SHADOW_STACK = 4453
+ SYS_FUTEX_WAKE = 4454
+ SYS_FUTEX_WAIT = 4455
+ SYS_FUTEX_REQUEUE = 4456
+ SYS_STATMOUNT = 4457
+ SYS_LISTMOUNT = 4458
+ SYS_LSM_GET_SELF_ATTR = 4459
+ SYS_LSM_SET_SELF_ATTR = 4460
+ SYS_LSM_LIST_MODULES = 4461
+ SYS_MSEAL = 4462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
index cd4d8b4fd35e98290f373a0f049cf122f03be857..38ae55e5ef8564b859a937192e6e7ff9ff75404d 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
@@ -362,4 +362,14 @@ const (
SYS_SET_MEMPOLICY_HOME_NODE = 5450
SYS_CACHESTAT = 5451
SYS_FCHMODAT2 = 5452
+ SYS_MAP_SHADOW_STACK = 5453
+ SYS_FUTEX_WAKE = 5454
+ SYS_FUTEX_WAIT = 5455
+ SYS_FUTEX_REQUEUE = 5456
+ SYS_STATMOUNT = 5457
+ SYS_LISTMOUNT = 5458
+ SYS_LSM_GET_SELF_ATTR = 5459
+ SYS_LSM_SET_SELF_ATTR = 5460
+ SYS_LSM_LIST_MODULES = 5461
+ SYS_MSEAL = 5462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
index 2c0efca818b32ea26716ea3cbb43b603cfe36d99..55e92e60a82abed887cc2e86929cf413ccc1f0e7 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
@@ -362,4 +362,14 @@ const (
SYS_SET_MEMPOLICY_HOME_NODE = 5450
SYS_CACHESTAT = 5451
SYS_FCHMODAT2 = 5452
+ SYS_MAP_SHADOW_STACK = 5453
+ SYS_FUTEX_WAKE = 5454
+ SYS_FUTEX_WAIT = 5455
+ SYS_FUTEX_REQUEUE = 5456
+ SYS_STATMOUNT = 5457
+ SYS_LISTMOUNT = 5458
+ SYS_LSM_GET_SELF_ATTR = 5459
+ SYS_LSM_SET_SELF_ATTR = 5460
+ SYS_LSM_LIST_MODULES = 5461
+ SYS_MSEAL = 5462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
index a72e31d391d5d81b494b0c58b7a02aacd8d03f11..60658d6a021f66f19d23ed38f6eae448f0fa1b21 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
@@ -432,4 +432,14 @@ const (
SYS_SET_MEMPOLICY_HOME_NODE = 4450
SYS_CACHESTAT = 4451
SYS_FCHMODAT2 = 4452
+ SYS_MAP_SHADOW_STACK = 4453
+ SYS_FUTEX_WAKE = 4454
+ SYS_FUTEX_WAIT = 4455
+ SYS_FUTEX_REQUEUE = 4456
+ SYS_STATMOUNT = 4457
+ SYS_LISTMOUNT = 4458
+ SYS_LSM_GET_SELF_ATTR = 4459
+ SYS_LSM_SET_SELF_ATTR = 4460
+ SYS_LSM_LIST_MODULES = 4461
+ SYS_MSEAL = 4462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
index c7d1e374713c096f450b1b6759192daa34892c1b..e203e8a7ed4b2c76d1a08ccda193c17f82fc7e93 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
@@ -439,4 +439,14 @@ const (
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
+ SYS_MAP_SHADOW_STACK = 453
+ SYS_FUTEX_WAKE = 454
+ SYS_FUTEX_WAIT = 455
+ SYS_FUTEX_REQUEUE = 456
+ SYS_STATMOUNT = 457
+ SYS_LISTMOUNT = 458
+ SYS_LSM_GET_SELF_ATTR = 459
+ SYS_LSM_SET_SELF_ATTR = 460
+ SYS_LSM_LIST_MODULES = 461
+ SYS_MSEAL = 462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
index f4d4838c870dd229b0e9920c6dad62dc476a6bb3..5944b97d54604ea41a1dea195b26f3bd1f387343 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
@@ -411,4 +411,14 @@ const (
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
+ SYS_MAP_SHADOW_STACK = 453
+ SYS_FUTEX_WAKE = 454
+ SYS_FUTEX_WAIT = 455
+ SYS_FUTEX_REQUEUE = 456
+ SYS_STATMOUNT = 457
+ SYS_LISTMOUNT = 458
+ SYS_LSM_GET_SELF_ATTR = 459
+ SYS_LSM_SET_SELF_ATTR = 460
+ SYS_LSM_LIST_MODULES = 461
+ SYS_MSEAL = 462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
index b64f0e59114d0ecb6057713140d55f6a38e61d2f..c66d416dad1ccb56f1196d99545460f9d658f092 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
@@ -411,4 +411,14 @@ const (
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
+ SYS_MAP_SHADOW_STACK = 453
+ SYS_FUTEX_WAKE = 454
+ SYS_FUTEX_WAIT = 455
+ SYS_FUTEX_REQUEUE = 456
+ SYS_STATMOUNT = 457
+ SYS_LISTMOUNT = 458
+ SYS_LSM_GET_SELF_ATTR = 459
+ SYS_LSM_SET_SELF_ATTR = 460
+ SYS_LSM_LIST_MODULES = 461
+ SYS_MSEAL = 462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
index 95711195a064801837b0b10724329c41e3766335..a5459e766f59dbfbd2751e1ecc5f7f1c4561bfb4 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
@@ -84,7 +84,7 @@ const (
SYS_SPLICE = 76
SYS_TEE = 77
SYS_READLINKAT = 78
- SYS_FSTATAT = 79
+ SYS_NEWFSTATAT = 79
SYS_FSTAT = 80
SYS_SYNC = 81
SYS_FSYNC = 82
@@ -316,4 +316,14 @@ const (
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
+ SYS_MAP_SHADOW_STACK = 453
+ SYS_FUTEX_WAKE = 454
+ SYS_FUTEX_WAIT = 455
+ SYS_FUTEX_REQUEUE = 456
+ SYS_STATMOUNT = 457
+ SYS_LISTMOUNT = 458
+ SYS_LSM_GET_SELF_ATTR = 459
+ SYS_LSM_SET_SELF_ATTR = 460
+ SYS_LSM_LIST_MODULES = 461
+ SYS_MSEAL = 462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
index f94e943bc4f576aa53c568f4591b5ba5f03f3791..01d86825bb926417fbc8c9e69c5ecb5bb599d683 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
@@ -377,4 +377,14 @@ const (
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
+ SYS_MAP_SHADOW_STACK = 453
+ SYS_FUTEX_WAKE = 454
+ SYS_FUTEX_WAIT = 455
+ SYS_FUTEX_REQUEUE = 456
+ SYS_STATMOUNT = 457
+ SYS_LISTMOUNT = 458
+ SYS_LSM_GET_SELF_ATTR = 459
+ SYS_LSM_SET_SELF_ATTR = 460
+ SYS_LSM_LIST_MODULES = 461
+ SYS_MSEAL = 462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
index ba0c2bc5154a74aeb18e8a3c1585228c9c04087f..7b703e77cda8450621f3892f1a03d7e698f12cee 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
@@ -390,4 +390,14 @@ const (
SYS_SET_MEMPOLICY_HOME_NODE = 450
SYS_CACHESTAT = 451
SYS_FCHMODAT2 = 452
+ SYS_MAP_SHADOW_STACK = 453
+ SYS_FUTEX_WAKE = 454
+ SYS_FUTEX_WAIT = 455
+ SYS_FUTEX_REQUEUE = 456
+ SYS_STATMOUNT = 457
+ SYS_LISTMOUNT = 458
+ SYS_LSM_GET_SELF_ATTR = 459
+ SYS_LSM_SET_SELF_ATTR = 460
+ SYS_LSM_LIST_MODULES = 461
+ SYS_MSEAL = 462
)
diff --git a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
index b2e308581990a05dc57dded6f5c7a24a223addbd..5e8c263ca9c6f77d8f2efc5e783e21c839d68f08 100644
--- a/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
@@ -1,2669 +1,2852 @@
-// Copyright 2020 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
+// go run mksyscall_zos_s390x.go -o_sysnum zsysnum_zos_s390x.go -o_syscall zsyscall_zos_s390x.go -i_syscall syscall_zos_s390x.go -o_asm zsymaddr_zos_s390x.s
+// Code generated by the command above; see README.md. DO NOT EDIT.
//go:build zos && s390x
package unix
-// TODO: auto-generate.
-
const (
- SYS_ACOSD128 = 0xB80
- SYS_ACOSD32 = 0xB7E
- SYS_ACOSD64 = 0xB7F
- SYS_ACOSHD128 = 0xB83
- SYS_ACOSHD32 = 0xB81
- SYS_ACOSHD64 = 0xB82
- SYS_AIO_FSYNC = 0xC69
- SYS_ASCTIME = 0x0AE
- SYS_ASCTIME64 = 0xCD7
- SYS_ASCTIME64_R = 0xCD8
- SYS_ASIND128 = 0xB86
- SYS_ASIND32 = 0xB84
- SYS_ASIND64 = 0xB85
- SYS_ASINHD128 = 0xB89
- SYS_ASINHD32 = 0xB87
- SYS_ASINHD64 = 0xB88
- SYS_ATAN2D128 = 0xB8F
- SYS_ATAN2D32 = 0xB8D
- SYS_ATAN2D64 = 0xB8E
- SYS_ATAND128 = 0xB8C
- SYS_ATAND32 = 0xB8A
- SYS_ATAND64 = 0xB8B
- SYS_ATANHD128 = 0xB92
- SYS_ATANHD32 = 0xB90
- SYS_ATANHD64 = 0xB91
- SYS_BIND2ADDRSEL = 0xD59
- SYS_C16RTOMB = 0xD40
- SYS_C32RTOMB = 0xD41
- SYS_CBRTD128 = 0xB95
- SYS_CBRTD32 = 0xB93
- SYS_CBRTD64 = 0xB94
- SYS_CEILD128 = 0xB98
- SYS_CEILD32 = 0xB96
- SYS_CEILD64 = 0xB97
- SYS_CLEARENV = 0x0C9
- SYS_CLEARERR_UNLOCKED = 0xCA1
- SYS_CLOCK = 0x0AA
- SYS_CLOGL = 0xA00
- SYS_CLRMEMF = 0x0BD
- SYS_CONJ = 0xA03
- SYS_CONJF = 0xA06
- SYS_CONJL = 0xA09
- SYS_COPYSIGND128 = 0xB9E
- SYS_COPYSIGND32 = 0xB9C
- SYS_COPYSIGND64 = 0xB9D
- SYS_COSD128 = 0xBA1
- SYS_COSD32 = 0xB9F
- SYS_COSD64 = 0xBA0
- SYS_COSHD128 = 0xBA4
- SYS_COSHD32 = 0xBA2
- SYS_COSHD64 = 0xBA3
- SYS_CPOW = 0xA0C
- SYS_CPOWF = 0xA0F
- SYS_CPOWL = 0xA12
- SYS_CPROJ = 0xA15
- SYS_CPROJF = 0xA18
- SYS_CPROJL = 0xA1B
- SYS_CREAL = 0xA1E
- SYS_CREALF = 0xA21
- SYS_CREALL = 0xA24
- SYS_CSIN = 0xA27
- SYS_CSINF = 0xA2A
- SYS_CSINH = 0xA30
- SYS_CSINHF = 0xA33
- SYS_CSINHL = 0xA36
- SYS_CSINL = 0xA2D
- SYS_CSNAP = 0x0C5
- SYS_CSQRT = 0xA39
- SYS_CSQRTF = 0xA3C
- SYS_CSQRTL = 0xA3F
- SYS_CTAN = 0xA42
- SYS_CTANF = 0xA45
- SYS_CTANH = 0xA4B
- SYS_CTANHF = 0xA4E
- SYS_CTANHL = 0xA51
- SYS_CTANL = 0xA48
- SYS_CTIME = 0x0AB
- SYS_CTIME64 = 0xCD9
- SYS_CTIME64_R = 0xCDA
- SYS_CTRACE = 0x0C6
- SYS_DIFFTIME = 0x0A7
- SYS_DIFFTIME64 = 0xCDB
- SYS_DLADDR = 0xC82
- SYS_DYNALLOC = 0x0C3
- SYS_DYNFREE = 0x0C2
- SYS_ERFCD128 = 0xBAA
- SYS_ERFCD32 = 0xBA8
- SYS_ERFCD64 = 0xBA9
- SYS_ERFD128 = 0xBA7
- SYS_ERFD32 = 0xBA5
- SYS_ERFD64 = 0xBA6
- SYS_EXP2D128 = 0xBB0
- SYS_EXP2D32 = 0xBAE
- SYS_EXP2D64 = 0xBAF
- SYS_EXPD128 = 0xBAD
- SYS_EXPD32 = 0xBAB
- SYS_EXPD64 = 0xBAC
- SYS_EXPM1D128 = 0xBB3
- SYS_EXPM1D32 = 0xBB1
- SYS_EXPM1D64 = 0xBB2
- SYS_FABSD128 = 0xBB6
- SYS_FABSD32 = 0xBB4
- SYS_FABSD64 = 0xBB5
- SYS_FDELREC_UNLOCKED = 0xCA2
- SYS_FDIMD128 = 0xBB9
- SYS_FDIMD32 = 0xBB7
- SYS_FDIMD64 = 0xBB8
- SYS_FDOPEN_UNLOCKED = 0xCFC
- SYS_FECLEAREXCEPT = 0xAEA
- SYS_FEGETENV = 0xAEB
- SYS_FEGETEXCEPTFLAG = 0xAEC
- SYS_FEGETROUND = 0xAED
- SYS_FEHOLDEXCEPT = 0xAEE
- SYS_FEOF_UNLOCKED = 0xCA3
- SYS_FERAISEEXCEPT = 0xAEF
- SYS_FERROR_UNLOCKED = 0xCA4
- SYS_FESETENV = 0xAF0
- SYS_FESETEXCEPTFLAG = 0xAF1
- SYS_FESETROUND = 0xAF2
- SYS_FETCHEP = 0x0BF
- SYS_FETESTEXCEPT = 0xAF3
- SYS_FEUPDATEENV = 0xAF4
- SYS_FE_DEC_GETROUND = 0xBBA
- SYS_FE_DEC_SETROUND = 0xBBB
- SYS_FFLUSH_UNLOCKED = 0xCA5
- SYS_FGETC_UNLOCKED = 0xC80
- SYS_FGETPOS64 = 0xCEE
- SYS_FGETPOS64_UNLOCKED = 0xCF4
- SYS_FGETPOS_UNLOCKED = 0xCA6
- SYS_FGETS_UNLOCKED = 0xC7C
- SYS_FGETWC_UNLOCKED = 0xCA7
- SYS_FGETWS_UNLOCKED = 0xCA8
- SYS_FILENO_UNLOCKED = 0xCA9
- SYS_FLDATA = 0x0C1
- SYS_FLDATA_UNLOCKED = 0xCAA
- SYS_FLOCATE_UNLOCKED = 0xCAB
- SYS_FLOORD128 = 0xBBE
- SYS_FLOORD32 = 0xBBC
- SYS_FLOORD64 = 0xBBD
- SYS_FMA = 0xA63
- SYS_FMAD128 = 0xBC1
- SYS_FMAD32 = 0xBBF
- SYS_FMAD64 = 0xBC0
- SYS_FMAF = 0xA66
- SYS_FMAL = 0xA69
- SYS_FMAX = 0xA6C
- SYS_FMAXD128 = 0xBC4
- SYS_FMAXD32 = 0xBC2
- SYS_FMAXD64 = 0xBC3
- SYS_FMAXF = 0xA6F
- SYS_FMAXL = 0xA72
- SYS_FMIN = 0xA75
- SYS_FMIND128 = 0xBC7
- SYS_FMIND32 = 0xBC5
- SYS_FMIND64 = 0xBC6
- SYS_FMINF = 0xA78
- SYS_FMINL = 0xA7B
- SYS_FMODD128 = 0xBCA
- SYS_FMODD32 = 0xBC8
- SYS_FMODD64 = 0xBC9
- SYS_FOPEN64 = 0xD49
- SYS_FOPEN64_UNLOCKED = 0xD4A
- SYS_FOPEN_UNLOCKED = 0xCFA
- SYS_FPRINTF_UNLOCKED = 0xCAC
- SYS_FPUTC_UNLOCKED = 0xC81
- SYS_FPUTS_UNLOCKED = 0xC7E
- SYS_FPUTWC_UNLOCKED = 0xCAD
- SYS_FPUTWS_UNLOCKED = 0xCAE
- SYS_FREAD_NOUPDATE = 0xCEC
- SYS_FREAD_NOUPDATE_UNLOCKED = 0xCED
- SYS_FREAD_UNLOCKED = 0xC7B
- SYS_FREEIFADDRS = 0xCE6
- SYS_FREOPEN64 = 0xD4B
- SYS_FREOPEN64_UNLOCKED = 0xD4C
- SYS_FREOPEN_UNLOCKED = 0xCFB
- SYS_FREXPD128 = 0xBCE
- SYS_FREXPD32 = 0xBCC
- SYS_FREXPD64 = 0xBCD
- SYS_FSCANF_UNLOCKED = 0xCAF
- SYS_FSEEK64 = 0xCEF
- SYS_FSEEK64_UNLOCKED = 0xCF5
- SYS_FSEEKO64 = 0xCF0
- SYS_FSEEKO64_UNLOCKED = 0xCF6
- SYS_FSEEKO_UNLOCKED = 0xCB1
- SYS_FSEEK_UNLOCKED = 0xCB0
- SYS_FSETPOS64 = 0xCF1
- SYS_FSETPOS64_UNLOCKED = 0xCF7
- SYS_FSETPOS_UNLOCKED = 0xCB3
- SYS_FTELL64 = 0xCF2
- SYS_FTELL64_UNLOCKED = 0xCF8
- SYS_FTELLO64 = 0xCF3
- SYS_FTELLO64_UNLOCKED = 0xCF9
- SYS_FTELLO_UNLOCKED = 0xCB5
- SYS_FTELL_UNLOCKED = 0xCB4
- SYS_FUPDATE = 0x0B5
- SYS_FUPDATE_UNLOCKED = 0xCB7
- SYS_FWIDE_UNLOCKED = 0xCB8
- SYS_FWPRINTF_UNLOCKED = 0xCB9
- SYS_FWRITE_UNLOCKED = 0xC7A
- SYS_FWSCANF_UNLOCKED = 0xCBA
- SYS_GETDATE64 = 0xD4F
- SYS_GETIFADDRS = 0xCE7
- SYS_GETIPV4SOURCEFILTER = 0xC77
- SYS_GETSOURCEFILTER = 0xC79
- SYS_GETSYNTX = 0x0FD
- SYS_GETS_UNLOCKED = 0xC7D
- SYS_GETTIMEOFDAY64 = 0xD50
- SYS_GETWCHAR_UNLOCKED = 0xCBC
- SYS_GETWC_UNLOCKED = 0xCBB
- SYS_GMTIME = 0x0B0
- SYS_GMTIME64 = 0xCDC
- SYS_GMTIME64_R = 0xCDD
- SYS_HYPOTD128 = 0xBD1
- SYS_HYPOTD32 = 0xBCF
- SYS_HYPOTD64 = 0xBD0
- SYS_ILOGBD128 = 0xBD4
- SYS_ILOGBD32 = 0xBD2
- SYS_ILOGBD64 = 0xBD3
- SYS_ILOGBF = 0xA7E
- SYS_ILOGBL = 0xA81
- SYS_INET6_IS_SRCADDR = 0xD5A
- SYS_ISBLANK = 0x0FE
- SYS_ISWALNUM = 0x0FF
- SYS_LDEXPD128 = 0xBD7
- SYS_LDEXPD32 = 0xBD5
- SYS_LDEXPD64 = 0xBD6
- SYS_LGAMMAD128 = 0xBDA
- SYS_LGAMMAD32 = 0xBD8
- SYS_LGAMMAD64 = 0xBD9
- SYS_LIO_LISTIO = 0xC6A
- SYS_LLRINT = 0xA84
- SYS_LLRINTD128 = 0xBDD
- SYS_LLRINTD32 = 0xBDB
- SYS_LLRINTD64 = 0xBDC
- SYS_LLRINTF = 0xA87
- SYS_LLRINTL = 0xA8A
- SYS_LLROUND = 0xA8D
- SYS_LLROUNDD128 = 0xBE0
- SYS_LLROUNDD32 = 0xBDE
- SYS_LLROUNDD64 = 0xBDF
- SYS_LLROUNDF = 0xA90
- SYS_LLROUNDL = 0xA93
- SYS_LOCALTIM = 0x0B1
- SYS_LOCALTIME = 0x0B1
- SYS_LOCALTIME64 = 0xCDE
- SYS_LOCALTIME64_R = 0xCDF
- SYS_LOG10D128 = 0xBE6
- SYS_LOG10D32 = 0xBE4
- SYS_LOG10D64 = 0xBE5
- SYS_LOG1PD128 = 0xBE9
- SYS_LOG1PD32 = 0xBE7
- SYS_LOG1PD64 = 0xBE8
- SYS_LOG2D128 = 0xBEC
- SYS_LOG2D32 = 0xBEA
- SYS_LOG2D64 = 0xBEB
- SYS_LOGBD128 = 0xBEF
- SYS_LOGBD32 = 0xBED
- SYS_LOGBD64 = 0xBEE
- SYS_LOGBF = 0xA96
- SYS_LOGBL = 0xA99
- SYS_LOGD128 = 0xBE3
- SYS_LOGD32 = 0xBE1
- SYS_LOGD64 = 0xBE2
- SYS_LRINT = 0xA9C
- SYS_LRINTD128 = 0xBF2
- SYS_LRINTD32 = 0xBF0
- SYS_LRINTD64 = 0xBF1
- SYS_LRINTF = 0xA9F
- SYS_LRINTL = 0xAA2
- SYS_LROUNDD128 = 0xBF5
- SYS_LROUNDD32 = 0xBF3
- SYS_LROUNDD64 = 0xBF4
- SYS_LROUNDL = 0xAA5
- SYS_MBLEN = 0x0AF
- SYS_MBRTOC16 = 0xD42
- SYS_MBRTOC32 = 0xD43
- SYS_MEMSET = 0x0A3
- SYS_MKTIME = 0x0AC
- SYS_MKTIME64 = 0xCE0
- SYS_MODFD128 = 0xBF8
- SYS_MODFD32 = 0xBF6
- SYS_MODFD64 = 0xBF7
- SYS_NAN = 0xAA8
- SYS_NAND128 = 0xBFB
- SYS_NAND32 = 0xBF9
- SYS_NAND64 = 0xBFA
- SYS_NANF = 0xAAA
- SYS_NANL = 0xAAC
- SYS_NEARBYINT = 0xAAE
- SYS_NEARBYINTD128 = 0xBFE
- SYS_NEARBYINTD32 = 0xBFC
- SYS_NEARBYINTD64 = 0xBFD
- SYS_NEARBYINTF = 0xAB1
- SYS_NEARBYINTL = 0xAB4
- SYS_NEXTAFTERD128 = 0xC01
- SYS_NEXTAFTERD32 = 0xBFF
- SYS_NEXTAFTERD64 = 0xC00
- SYS_NEXTAFTERF = 0xAB7
- SYS_NEXTAFTERL = 0xABA
- SYS_NEXTTOWARD = 0xABD
- SYS_NEXTTOWARDD128 = 0xC04
- SYS_NEXTTOWARDD32 = 0xC02
- SYS_NEXTTOWARDD64 = 0xC03
- SYS_NEXTTOWARDF = 0xAC0
- SYS_NEXTTOWARDL = 0xAC3
- SYS_NL_LANGINFO = 0x0FC
- SYS_PERROR_UNLOCKED = 0xCBD
- SYS_POSIX_FALLOCATE = 0xCE8
- SYS_POSIX_MEMALIGN = 0xCE9
- SYS_POSIX_OPENPT = 0xC66
- SYS_POWD128 = 0xC07
- SYS_POWD32 = 0xC05
- SYS_POWD64 = 0xC06
- SYS_PRINTF_UNLOCKED = 0xCBE
- SYS_PSELECT = 0xC67
- SYS_PTHREAD_ATTR_GETSTACK = 0xB3E
- SYS_PTHREAD_ATTR_SETSTACK = 0xB3F
- SYS_PTHREAD_SECURITY_APPLID_NP = 0xCE4
- SYS_PUTS_UNLOCKED = 0xC7F
- SYS_PUTWCHAR_UNLOCKED = 0xCC0
- SYS_PUTWC_UNLOCKED = 0xCBF
- SYS_QUANTEXPD128 = 0xD46
- SYS_QUANTEXPD32 = 0xD44
- SYS_QUANTEXPD64 = 0xD45
- SYS_QUANTIZED128 = 0xC0A
- SYS_QUANTIZED32 = 0xC08
- SYS_QUANTIZED64 = 0xC09
- SYS_REMAINDERD128 = 0xC0D
- SYS_REMAINDERD32 = 0xC0B
- SYS_REMAINDERD64 = 0xC0C
- SYS_RESIZE_ALLOC = 0xCEB
- SYS_REWIND_UNLOCKED = 0xCC1
- SYS_RINTD128 = 0xC13
- SYS_RINTD32 = 0xC11
- SYS_RINTD64 = 0xC12
- SYS_RINTF = 0xACB
- SYS_RINTL = 0xACD
- SYS_ROUND = 0xACF
- SYS_ROUNDD128 = 0xC16
- SYS_ROUNDD32 = 0xC14
- SYS_ROUNDD64 = 0xC15
- SYS_ROUNDF = 0xAD2
- SYS_ROUNDL = 0xAD5
- SYS_SAMEQUANTUMD128 = 0xC19
- SYS_SAMEQUANTUMD32 = 0xC17
- SYS_SAMEQUANTUMD64 = 0xC18
- SYS_SCALBLN = 0xAD8
- SYS_SCALBLND128 = 0xC1C
- SYS_SCALBLND32 = 0xC1A
- SYS_SCALBLND64 = 0xC1B
- SYS_SCALBLNF = 0xADB
- SYS_SCALBLNL = 0xADE
- SYS_SCALBND128 = 0xC1F
- SYS_SCALBND32 = 0xC1D
- SYS_SCALBND64 = 0xC1E
- SYS_SCALBNF = 0xAE3
- SYS_SCALBNL = 0xAE6
- SYS_SCANF_UNLOCKED = 0xCC2
- SYS_SCHED_YIELD = 0xB32
- SYS_SETENV = 0x0C8
- SYS_SETIPV4SOURCEFILTER = 0xC76
- SYS_SETSOURCEFILTER = 0xC78
- SYS_SHM_OPEN = 0xC8C
- SYS_SHM_UNLINK = 0xC8D
- SYS_SIND128 = 0xC22
- SYS_SIND32 = 0xC20
- SYS_SIND64 = 0xC21
- SYS_SINHD128 = 0xC25
- SYS_SINHD32 = 0xC23
- SYS_SINHD64 = 0xC24
- SYS_SIZEOF_ALLOC = 0xCEA
- SYS_SOCKATMARK = 0xC68
- SYS_SQRTD128 = 0xC28
- SYS_SQRTD32 = 0xC26
- SYS_SQRTD64 = 0xC27
- SYS_STRCHR = 0x0A0
- SYS_STRCSPN = 0x0A1
- SYS_STRERROR = 0x0A8
- SYS_STRERROR_R = 0xB33
- SYS_STRFTIME = 0x0B2
- SYS_STRLEN = 0x0A9
- SYS_STRPBRK = 0x0A2
- SYS_STRSPN = 0x0A4
- SYS_STRSTR = 0x0A5
- SYS_STRTOD128 = 0xC2B
- SYS_STRTOD32 = 0xC29
- SYS_STRTOD64 = 0xC2A
- SYS_STRTOK = 0x0A6
- SYS_TAND128 = 0xC2E
- SYS_TAND32 = 0xC2C
- SYS_TAND64 = 0xC2D
- SYS_TANHD128 = 0xC31
- SYS_TANHD32 = 0xC2F
- SYS_TANHD64 = 0xC30
- SYS_TGAMMAD128 = 0xC34
- SYS_TGAMMAD32 = 0xC32
- SYS_TGAMMAD64 = 0xC33
- SYS_TIME = 0x0AD
- SYS_TIME64 = 0xCE1
- SYS_TMPFILE64 = 0xD4D
- SYS_TMPFILE64_UNLOCKED = 0xD4E
- SYS_TMPFILE_UNLOCKED = 0xCFD
- SYS_TRUNCD128 = 0xC40
- SYS_TRUNCD32 = 0xC3E
- SYS_TRUNCD64 = 0xC3F
- SYS_UNGETC_UNLOCKED = 0xCC3
- SYS_UNGETWC_UNLOCKED = 0xCC4
- SYS_UNSETENV = 0xB34
- SYS_VFPRINTF_UNLOCKED = 0xCC5
- SYS_VFSCANF_UNLOCKED = 0xCC7
- SYS_VFWPRINTF_UNLOCKED = 0xCC9
- SYS_VFWSCANF_UNLOCKED = 0xCCB
- SYS_VPRINTF_UNLOCKED = 0xCCD
- SYS_VSCANF_UNLOCKED = 0xCCF
- SYS_VWPRINTF_UNLOCKED = 0xCD1
- SYS_VWSCANF_UNLOCKED = 0xCD3
- SYS_WCSTOD128 = 0xC43
- SYS_WCSTOD32 = 0xC41
- SYS_WCSTOD64 = 0xC42
- SYS_WPRINTF_UNLOCKED = 0xCD5
- SYS_WSCANF_UNLOCKED = 0xCD6
- SYS__FLUSHLBF = 0xD68
- SYS__FLUSHLBF_UNLOCKED = 0xD6F
- SYS___ACOSHF_H = 0xA54
- SYS___ACOSHL_H = 0xA55
- SYS___ASINHF_H = 0xA56
- SYS___ASINHL_H = 0xA57
- SYS___ATANPID128 = 0xC6D
- SYS___ATANPID32 = 0xC6B
- SYS___ATANPID64 = 0xC6C
- SYS___CBRTF_H = 0xA58
- SYS___CBRTL_H = 0xA59
- SYS___CDUMP = 0x0C4
- SYS___CLASS = 0xAFA
- SYS___CLASS2 = 0xB99
- SYS___CLASS2D128 = 0xC99
- SYS___CLASS2D32 = 0xC97
- SYS___CLASS2D64 = 0xC98
- SYS___CLASS2F = 0xC91
- SYS___CLASS2F_B = 0xC93
- SYS___CLASS2F_H = 0xC94
- SYS___CLASS2L = 0xC92
- SYS___CLASS2L_B = 0xC95
- SYS___CLASS2L_H = 0xC96
- SYS___CLASS2_B = 0xB9A
- SYS___CLASS2_H = 0xB9B
- SYS___CLASS_B = 0xAFB
- SYS___CLASS_H = 0xAFC
- SYS___CLOGL_B = 0xA01
- SYS___CLOGL_H = 0xA02
- SYS___CLRENV = 0x0C9
- SYS___CLRMF = 0x0BD
- SYS___CODEPAGE_INFO = 0xC64
- SYS___CONJF_B = 0xA07
- SYS___CONJF_H = 0xA08
- SYS___CONJL_B = 0xA0A
- SYS___CONJL_H = 0xA0B
- SYS___CONJ_B = 0xA04
- SYS___CONJ_H = 0xA05
- SYS___COPYSIGN_B = 0xA5A
- SYS___COPYSIGN_H = 0xAF5
- SYS___COSPID128 = 0xC70
- SYS___COSPID32 = 0xC6E
- SYS___COSPID64 = 0xC6F
- SYS___CPOWF_B = 0xA10
- SYS___CPOWF_H = 0xA11
- SYS___CPOWL_B = 0xA13
- SYS___CPOWL_H = 0xA14
- SYS___CPOW_B = 0xA0D
- SYS___CPOW_H = 0xA0E
- SYS___CPROJF_B = 0xA19
- SYS___CPROJF_H = 0xA1A
- SYS___CPROJL_B = 0xA1C
- SYS___CPROJL_H = 0xA1D
- SYS___CPROJ_B = 0xA16
- SYS___CPROJ_H = 0xA17
- SYS___CREALF_B = 0xA22
- SYS___CREALF_H = 0xA23
- SYS___CREALL_B = 0xA25
- SYS___CREALL_H = 0xA26
- SYS___CREAL_B = 0xA1F
- SYS___CREAL_H = 0xA20
- SYS___CSINF_B = 0xA2B
- SYS___CSINF_H = 0xA2C
- SYS___CSINHF_B = 0xA34
- SYS___CSINHF_H = 0xA35
- SYS___CSINHL_B = 0xA37
- SYS___CSINHL_H = 0xA38
- SYS___CSINH_B = 0xA31
- SYS___CSINH_H = 0xA32
- SYS___CSINL_B = 0xA2E
- SYS___CSINL_H = 0xA2F
- SYS___CSIN_B = 0xA28
- SYS___CSIN_H = 0xA29
- SYS___CSNAP = 0x0C5
- SYS___CSQRTF_B = 0xA3D
- SYS___CSQRTF_H = 0xA3E
- SYS___CSQRTL_B = 0xA40
- SYS___CSQRTL_H = 0xA41
- SYS___CSQRT_B = 0xA3A
- SYS___CSQRT_H = 0xA3B
- SYS___CTANF_B = 0xA46
- SYS___CTANF_H = 0xA47
- SYS___CTANHF_B = 0xA4F
- SYS___CTANHF_H = 0xA50
- SYS___CTANHL_B = 0xA52
- SYS___CTANHL_H = 0xA53
- SYS___CTANH_B = 0xA4C
- SYS___CTANH_H = 0xA4D
- SYS___CTANL_B = 0xA49
- SYS___CTANL_H = 0xA4A
- SYS___CTAN_B = 0xA43
- SYS___CTAN_H = 0xA44
- SYS___CTEST = 0x0C7
- SYS___CTRACE = 0x0C6
- SYS___D1TOP = 0xC9B
- SYS___D2TOP = 0xC9C
- SYS___D4TOP = 0xC9D
- SYS___DYNALL = 0x0C3
- SYS___DYNFRE = 0x0C2
- SYS___EXP2F_H = 0xA5E
- SYS___EXP2L_H = 0xA5F
- SYS___EXP2_H = 0xA5D
- SYS___EXPM1F_H = 0xA5B
- SYS___EXPM1L_H = 0xA5C
- SYS___FBUFSIZE = 0xD60
- SYS___FLBF = 0xD62
- SYS___FLDATA = 0x0C1
- SYS___FMAF_B = 0xA67
- SYS___FMAF_H = 0xA68
- SYS___FMAL_B = 0xA6A
- SYS___FMAL_H = 0xA6B
- SYS___FMAXF_B = 0xA70
- SYS___FMAXF_H = 0xA71
- SYS___FMAXL_B = 0xA73
- SYS___FMAXL_H = 0xA74
- SYS___FMAX_B = 0xA6D
- SYS___FMAX_H = 0xA6E
- SYS___FMA_B = 0xA64
- SYS___FMA_H = 0xA65
- SYS___FMINF_B = 0xA79
- SYS___FMINF_H = 0xA7A
- SYS___FMINL_B = 0xA7C
- SYS___FMINL_H = 0xA7D
- SYS___FMIN_B = 0xA76
- SYS___FMIN_H = 0xA77
- SYS___FPENDING = 0xD61
- SYS___FPENDING_UNLOCKED = 0xD6C
- SYS___FPURGE = 0xD69
- SYS___FPURGE_UNLOCKED = 0xD70
- SYS___FP_CAST_D = 0xBCB
- SYS___FREADABLE = 0xD63
- SYS___FREADAHEAD = 0xD6A
- SYS___FREADAHEAD_UNLOCKED = 0xD71
- SYS___FREADING = 0xD65
- SYS___FREADING_UNLOCKED = 0xD6D
- SYS___FSEEK2 = 0xB3C
- SYS___FSETERR = 0xD6B
- SYS___FSETLOCKING = 0xD67
- SYS___FTCHEP = 0x0BF
- SYS___FTELL2 = 0xB3B
- SYS___FUPDT = 0x0B5
- SYS___FWRITABLE = 0xD64
- SYS___FWRITING = 0xD66
- SYS___FWRITING_UNLOCKED = 0xD6E
- SYS___GETCB = 0x0B4
- SYS___GETGRGID1 = 0xD5B
- SYS___GETGRNAM1 = 0xD5C
- SYS___GETTHENT = 0xCE5
- SYS___GETTOD = 0xD3E
- SYS___HYPOTF_H = 0xAF6
- SYS___HYPOTL_H = 0xAF7
- SYS___ILOGBF_B = 0xA7F
- SYS___ILOGBF_H = 0xA80
- SYS___ILOGBL_B = 0xA82
- SYS___ILOGBL_H = 0xA83
- SYS___ISBLANK_A = 0xB2E
- SYS___ISBLNK = 0x0FE
- SYS___ISWBLANK_A = 0xB2F
- SYS___LE_CEEGTJS = 0xD72
- SYS___LE_TRACEBACK = 0xB7A
- SYS___LGAMMAL_H = 0xA62
- SYS___LGAMMA_B_C99 = 0xB39
- SYS___LGAMMA_H_C99 = 0xB38
- SYS___LGAMMA_R_C99 = 0xB3A
- SYS___LLRINTF_B = 0xA88
- SYS___LLRINTF_H = 0xA89
- SYS___LLRINTL_B = 0xA8B
- SYS___LLRINTL_H = 0xA8C
- SYS___LLRINT_B = 0xA85
- SYS___LLRINT_H = 0xA86
- SYS___LLROUNDF_B = 0xA91
- SYS___LLROUNDF_H = 0xA92
- SYS___LLROUNDL_B = 0xA94
- SYS___LLROUNDL_H = 0xA95
- SYS___LLROUND_B = 0xA8E
- SYS___LLROUND_H = 0xA8F
- SYS___LOCALE_CTL = 0xD47
- SYS___LOG1PF_H = 0xA60
- SYS___LOG1PL_H = 0xA61
- SYS___LOGBF_B = 0xA97
- SYS___LOGBF_H = 0xA98
- SYS___LOGBL_B = 0xA9A
- SYS___LOGBL_H = 0xA9B
- SYS___LOGIN_APPLID = 0xCE2
- SYS___LRINTF_B = 0xAA0
- SYS___LRINTF_H = 0xAA1
- SYS___LRINTL_B = 0xAA3
- SYS___LRINTL_H = 0xAA4
- SYS___LRINT_B = 0xA9D
- SYS___LRINT_H = 0xA9E
- SYS___LROUNDF_FIXUP = 0xB31
- SYS___LROUNDL_B = 0xAA6
- SYS___LROUNDL_H = 0xAA7
- SYS___LROUND_FIXUP = 0xB30
- SYS___MOSERVICES = 0xD3D
- SYS___MUST_STAY_CLEAN = 0xB7C
- SYS___NANF_B = 0xAAB
- SYS___NANL_B = 0xAAD
- SYS___NAN_B = 0xAA9
- SYS___NEARBYINTF_B = 0xAB2
- SYS___NEARBYINTF_H = 0xAB3
- SYS___NEARBYINTL_B = 0xAB5
- SYS___NEARBYINTL_H = 0xAB6
- SYS___NEARBYINT_B = 0xAAF
- SYS___NEARBYINT_H = 0xAB0
- SYS___NEXTAFTERF_B = 0xAB8
- SYS___NEXTAFTERF_H = 0xAB9
- SYS___NEXTAFTERL_B = 0xABB
- SYS___NEXTAFTERL_H = 0xABC
- SYS___NEXTTOWARDF_B = 0xAC1
- SYS___NEXTTOWARDF_H = 0xAC2
- SYS___NEXTTOWARDL_B = 0xAC4
- SYS___NEXTTOWARDL_H = 0xAC5
- SYS___NEXTTOWARD_B = 0xABE
- SYS___NEXTTOWARD_H = 0xABF
- SYS___O_ENV = 0xB7D
- SYS___PASSWD_APPLID = 0xCE3
- SYS___PTOD1 = 0xC9E
- SYS___PTOD2 = 0xC9F
- SYS___PTOD4 = 0xCA0
- SYS___REGCOMP_STD = 0x0EA
- SYS___REMAINDERF_H = 0xAC6
- SYS___REMAINDERL_H = 0xAC7
- SYS___REMQUOD128 = 0xC10
- SYS___REMQUOD32 = 0xC0E
- SYS___REMQUOD64 = 0xC0F
- SYS___REMQUOF_H = 0xAC9
- SYS___REMQUOL_H = 0xACA
- SYS___REMQUO_H = 0xAC8
- SYS___RINTF_B = 0xACC
- SYS___RINTL_B = 0xACE
- SYS___ROUNDF_B = 0xAD3
- SYS___ROUNDF_H = 0xAD4
- SYS___ROUNDL_B = 0xAD6
- SYS___ROUNDL_H = 0xAD7
- SYS___ROUND_B = 0xAD0
- SYS___ROUND_H = 0xAD1
- SYS___SCALBLNF_B = 0xADC
- SYS___SCALBLNF_H = 0xADD
- SYS___SCALBLNL_B = 0xADF
- SYS___SCALBLNL_H = 0xAE0
- SYS___SCALBLN_B = 0xAD9
- SYS___SCALBLN_H = 0xADA
- SYS___SCALBNF_B = 0xAE4
- SYS___SCALBNF_H = 0xAE5
- SYS___SCALBNL_B = 0xAE7
- SYS___SCALBNL_H = 0xAE8
- SYS___SCALBN_B = 0xAE1
- SYS___SCALBN_H = 0xAE2
- SYS___SETENV = 0x0C8
- SYS___SINPID128 = 0xC73
- SYS___SINPID32 = 0xC71
- SYS___SINPID64 = 0xC72
- SYS___SMF_RECORD2 = 0xD48
- SYS___STATIC_REINIT = 0xB3D
- SYS___TGAMMAF_H_C99 = 0xB79
- SYS___TGAMMAL_H = 0xAE9
- SYS___TGAMMA_H_C99 = 0xB78
- SYS___TOCSNAME2 = 0xC9A
- SYS_CEIL = 0x01F
- SYS_CHAUDIT = 0x1E0
- SYS_EXP = 0x01A
- SYS_FCHAUDIT = 0x1E1
- SYS_FREXP = 0x01D
- SYS_GETGROUPSBYNAME = 0x1E2
- SYS_GETPWUID = 0x1A0
- SYS_GETUID = 0x1A1
- SYS_ISATTY = 0x1A3
- SYS_KILL = 0x1A4
- SYS_LDEXP = 0x01E
- SYS_LINK = 0x1A5
- SYS_LOG10 = 0x01C
- SYS_LSEEK = 0x1A6
- SYS_LSTAT = 0x1A7
- SYS_MKDIR = 0x1A8
- SYS_MKFIFO = 0x1A9
- SYS_MKNOD = 0x1AA
- SYS_MODF = 0x01B
- SYS_MOUNT = 0x1AB
- SYS_OPEN = 0x1AC
- SYS_OPENDIR = 0x1AD
- SYS_PATHCONF = 0x1AE
- SYS_PAUSE = 0x1AF
- SYS_PIPE = 0x1B0
- SYS_PTHREAD_ATTR_DESTROY = 0x1E7
- SYS_PTHREAD_ATTR_GETDETACHSTATE = 0x1EB
- SYS_PTHREAD_ATTR_GETSTACKSIZE = 0x1E9
- SYS_PTHREAD_ATTR_GETWEIGHT_NP = 0x1ED
- SYS_PTHREAD_ATTR_INIT = 0x1E6
- SYS_PTHREAD_ATTR_SETDETACHSTATE = 0x1EA
- SYS_PTHREAD_ATTR_SETSTACKSIZE = 0x1E8
- SYS_PTHREAD_ATTR_SETWEIGHT_NP = 0x1EC
- SYS_PTHREAD_CANCEL = 0x1EE
- SYS_PTHREAD_CLEANUP_POP = 0x1F0
- SYS_PTHREAD_CLEANUP_PUSH = 0x1EF
- SYS_PTHREAD_CONDATTR_DESTROY = 0x1F2
- SYS_PTHREAD_CONDATTR_INIT = 0x1F1
- SYS_PTHREAD_COND_BROADCAST = 0x1F6
- SYS_PTHREAD_COND_DESTROY = 0x1F4
- SYS_PTHREAD_COND_INIT = 0x1F3
- SYS_PTHREAD_COND_SIGNAL = 0x1F5
- SYS_PTHREAD_COND_TIMEDWAIT = 0x1F8
- SYS_PTHREAD_COND_WAIT = 0x1F7
- SYS_PTHREAD_CREATE = 0x1F9
- SYS_PTHREAD_DETACH = 0x1FA
- SYS_PTHREAD_EQUAL = 0x1FB
- SYS_PTHREAD_EXIT = 0x1E4
- SYS_PTHREAD_GETSPECIFIC = 0x1FC
- SYS_PTHREAD_JOIN = 0x1FD
- SYS_PTHREAD_KEY_CREATE = 0x1FE
- SYS_PTHREAD_KILL = 0x1E5
- SYS_PTHREAD_MUTEXATTR_INIT = 0x1FF
- SYS_READ = 0x1B2
- SYS_READDIR = 0x1B3
- SYS_READLINK = 0x1B4
- SYS_REWINDDIR = 0x1B5
- SYS_RMDIR = 0x1B6
- SYS_SETEGID = 0x1B7
- SYS_SETEUID = 0x1B8
- SYS_SETGID = 0x1B9
- SYS_SETPGID = 0x1BA
- SYS_SETSID = 0x1BB
- SYS_SETUID = 0x1BC
- SYS_SIGACTION = 0x1BD
- SYS_SIGADDSET = 0x1BE
- SYS_SIGDELSET = 0x1BF
- SYS_SIGEMPTYSET = 0x1C0
- SYS_SIGFILLSET = 0x1C1
- SYS_SIGISMEMBER = 0x1C2
- SYS_SIGLONGJMP = 0x1C3
- SYS_SIGPENDING = 0x1C4
- SYS_SIGPROCMASK = 0x1C5
- SYS_SIGSETJMP = 0x1C6
- SYS_SIGSUSPEND = 0x1C7
- SYS_SIGWAIT = 0x1E3
- SYS_SLEEP = 0x1C8
- SYS_STAT = 0x1C9
- SYS_SYMLINK = 0x1CB
- SYS_SYSCONF = 0x1CC
- SYS_TCDRAIN = 0x1CD
- SYS_TCFLOW = 0x1CE
- SYS_TCFLUSH = 0x1CF
- SYS_TCGETATTR = 0x1D0
- SYS_TCGETPGRP = 0x1D1
- SYS_TCSENDBREAK = 0x1D2
- SYS_TCSETATTR = 0x1D3
- SYS_TCSETPGRP = 0x1D4
- SYS_TIMES = 0x1D5
- SYS_TTYNAME = 0x1D6
- SYS_TZSET = 0x1D7
- SYS_UMASK = 0x1D8
- SYS_UMOUNT = 0x1D9
- SYS_UNAME = 0x1DA
- SYS_UNLINK = 0x1DB
- SYS_UTIME = 0x1DC
- SYS_WAIT = 0x1DD
- SYS_WAITPID = 0x1DE
- SYS_WRITE = 0x1DF
- SYS_W_GETPSENT = 0x1B1
- SYS_W_IOCTL = 0x1A2
- SYS_W_STATFS = 0x1CA
- SYS_A64L = 0x2EF
- SYS_BCMP = 0x2B9
- SYS_BCOPY = 0x2BA
- SYS_BZERO = 0x2BB
- SYS_CATCLOSE = 0x2B6
- SYS_CATGETS = 0x2B7
- SYS_CATOPEN = 0x2B8
- SYS_CRYPT = 0x2AC
- SYS_DBM_CLEARERR = 0x2F7
- SYS_DBM_CLOSE = 0x2F8
- SYS_DBM_DELETE = 0x2F9
- SYS_DBM_ERROR = 0x2FA
- SYS_DBM_FETCH = 0x2FB
- SYS_DBM_FIRSTKEY = 0x2FC
- SYS_DBM_NEXTKEY = 0x2FD
- SYS_DBM_OPEN = 0x2FE
- SYS_DBM_STORE = 0x2FF
- SYS_DRAND48 = 0x2B2
- SYS_ENCRYPT = 0x2AD
- SYS_ENDUTXENT = 0x2E1
- SYS_ERAND48 = 0x2B3
- SYS_ERF = 0x02C
- SYS_ERFC = 0x02D
- SYS_FCHDIR = 0x2D9
- SYS_FFS = 0x2BC
- SYS_FMTMSG = 0x2E5
- SYS_FSTATVFS = 0x2B4
- SYS_FTIME = 0x2F5
- SYS_GAMMA = 0x02E
- SYS_GETDATE = 0x2A6
- SYS_GETPAGESIZE = 0x2D8
- SYS_GETTIMEOFDAY = 0x2F6
- SYS_GETUTXENT = 0x2E0
- SYS_GETUTXID = 0x2E2
- SYS_GETUTXLINE = 0x2E3
- SYS_HCREATE = 0x2C6
- SYS_HDESTROY = 0x2C7
- SYS_HSEARCH = 0x2C8
- SYS_HYPOT = 0x02B
- SYS_INDEX = 0x2BD
- SYS_INITSTATE = 0x2C2
- SYS_INSQUE = 0x2CF
- SYS_ISASCII = 0x2ED
- SYS_JRAND48 = 0x2E6
- SYS_L64A = 0x2F0
- SYS_LCONG48 = 0x2EA
- SYS_LFIND = 0x2C9
- SYS_LRAND48 = 0x2E7
- SYS_LSEARCH = 0x2CA
- SYS_MEMCCPY = 0x2D4
- SYS_MRAND48 = 0x2E8
- SYS_NRAND48 = 0x2E9
- SYS_PCLOSE = 0x2D2
- SYS_POPEN = 0x2D1
- SYS_PUTUTXLINE = 0x2E4
- SYS_RANDOM = 0x2C4
- SYS_REMQUE = 0x2D0
- SYS_RINDEX = 0x2BE
- SYS_SEED48 = 0x2EC
- SYS_SETKEY = 0x2AE
- SYS_SETSTATE = 0x2C3
- SYS_SETUTXENT = 0x2DF
- SYS_SRAND48 = 0x2EB
- SYS_SRANDOM = 0x2C5
- SYS_STATVFS = 0x2B5
- SYS_STRCASECMP = 0x2BF
- SYS_STRDUP = 0x2C0
- SYS_STRNCASECMP = 0x2C1
- SYS_SWAB = 0x2D3
- SYS_TDELETE = 0x2CB
- SYS_TFIND = 0x2CC
- SYS_TOASCII = 0x2EE
- SYS_TSEARCH = 0x2CD
- SYS_TWALK = 0x2CE
- SYS_UALARM = 0x2F1
- SYS_USLEEP = 0x2F2
- SYS_WAIT3 = 0x2A7
- SYS_WAITID = 0x2A8
- SYS_Y1 = 0x02A
- SYS___ATOE = 0x2DB
- SYS___ATOE_L = 0x2DC
- SYS___CATTRM = 0x2A9
- SYS___CNVBLK = 0x2AF
- SYS___CRYTRM = 0x2B0
- SYS___DLGHT = 0x2A1
- SYS___ECRTRM = 0x2B1
- SYS___ETOA = 0x2DD
- SYS___ETOA_L = 0x2DE
- SYS___GDTRM = 0x2AA
- SYS___OCLCK = 0x2DA
- SYS___OPARGF = 0x2A2
- SYS___OPERRF = 0x2A5
- SYS___OPINDF = 0x2A4
- SYS___OPOPTF = 0x2A3
- SYS___RNDTRM = 0x2AB
- SYS___SRCTRM = 0x2F4
- SYS___TZONE = 0x2A0
- SYS___UTXTRM = 0x2F3
- SYS_ASIN = 0x03E
- SYS_ISXDIGIT = 0x03B
- SYS_SETLOCAL = 0x03A
- SYS_SETLOCALE = 0x03A
- SYS_SIN = 0x03F
- SYS_TOLOWER = 0x03C
- SYS_TOUPPER = 0x03D
- SYS_ACCEPT_AND_RECV = 0x4F7
- SYS_ATOL = 0x04E
- SYS_CHECKSCH = 0x4BC
- SYS_CHECKSCHENV = 0x4BC
- SYS_CLEARERR = 0x04C
- SYS_CONNECTS = 0x4B5
- SYS_CONNECTSERVER = 0x4B5
- SYS_CONNECTW = 0x4B4
- SYS_CONNECTWORKMGR = 0x4B4
- SYS_CONTINUE = 0x4B3
- SYS_CONTINUEWORKUNIT = 0x4B3
- SYS_COPYSIGN = 0x4C2
- SYS_CREATEWO = 0x4B2
- SYS_CREATEWORKUNIT = 0x4B2
- SYS_DELETEWO = 0x4B9
- SYS_DELETEWORKUNIT = 0x4B9
- SYS_DISCONNE = 0x4B6
- SYS_DISCONNECTSERVER = 0x4B6
- SYS_FEOF = 0x04D
- SYS_FERROR = 0x04A
- SYS_FINITE = 0x4C8
- SYS_GAMMA_R = 0x4E2
- SYS_JOINWORK = 0x4B7
- SYS_JOINWORKUNIT = 0x4B7
- SYS_LEAVEWOR = 0x4B8
- SYS_LEAVEWORKUNIT = 0x4B8
- SYS_LGAMMA_R = 0x4EB
- SYS_MATHERR = 0x4D0
- SYS_PERROR = 0x04F
- SYS_QUERYMET = 0x4BA
- SYS_QUERYMETRICS = 0x4BA
- SYS_QUERYSCH = 0x4BB
- SYS_QUERYSCHENV = 0x4BB
- SYS_REWIND = 0x04B
- SYS_SCALBN = 0x4D4
- SYS_SIGNIFIC = 0x4D5
- SYS_SIGNIFICAND = 0x4D5
- SYS___ACOSH_B = 0x4DA
- SYS___ACOS_B = 0x4D9
- SYS___ASINH_B = 0x4BE
- SYS___ASIN_B = 0x4DB
- SYS___ATAN2_B = 0x4DC
- SYS___ATANH_B = 0x4DD
- SYS___ATAN_B = 0x4BF
- SYS___CBRT_B = 0x4C0
- SYS___CEIL_B = 0x4C1
- SYS___COSH_B = 0x4DE
- SYS___COS_B = 0x4C3
- SYS___DGHT = 0x4A8
- SYS___ENVN = 0x4B0
- SYS___ERFC_B = 0x4C5
- SYS___ERF_B = 0x4C4
- SYS___EXPM1_B = 0x4C6
- SYS___EXP_B = 0x4DF
- SYS___FABS_B = 0x4C7
- SYS___FLOOR_B = 0x4C9
- SYS___FMOD_B = 0x4E0
- SYS___FP_SETMODE = 0x4F8
- SYS___FREXP_B = 0x4CA
- SYS___GAMMA_B = 0x4E1
- SYS___GDRR = 0x4A1
- SYS___HRRNO = 0x4A2
- SYS___HYPOT_B = 0x4E3
- SYS___ILOGB_B = 0x4CB
- SYS___ISNAN_B = 0x4CC
- SYS___J0_B = 0x4E4
- SYS___J1_B = 0x4E6
- SYS___JN_B = 0x4E8
- SYS___LDEXP_B = 0x4CD
- SYS___LGAMMA_B = 0x4EA
- SYS___LOG10_B = 0x4ED
- SYS___LOG1P_B = 0x4CE
- SYS___LOGB_B = 0x4CF
- SYS___LOGIN = 0x4F5
- SYS___LOG_B = 0x4EC
- SYS___MLOCKALL = 0x4B1
- SYS___MODF_B = 0x4D1
- SYS___NEXTAFTER_B = 0x4D2
- SYS___OPENDIR2 = 0x4F3
- SYS___OPEN_STAT = 0x4F6
- SYS___OPND = 0x4A5
- SYS___OPPT = 0x4A6
- SYS___OPRG = 0x4A3
- SYS___OPRR = 0x4A4
- SYS___PID_AFFINITY = 0x4BD
- SYS___POW_B = 0x4EE
- SYS___READDIR2 = 0x4F4
- SYS___REMAINDER_B = 0x4EF
- SYS___RINT_B = 0x4D3
- SYS___SCALB_B = 0x4F0
- SYS___SIGACTIONSET = 0x4FB
- SYS___SIGGM = 0x4A7
- SYS___SINH_B = 0x4F1
- SYS___SIN_B = 0x4D6
- SYS___SQRT_B = 0x4F2
- SYS___TANH_B = 0x4D8
- SYS___TAN_B = 0x4D7
- SYS___TRRNO = 0x4AF
- SYS___TZNE = 0x4A9
- SYS___TZZN = 0x4AA
- SYS___UCREATE = 0x4FC
- SYS___UFREE = 0x4FE
- SYS___UHEAPREPORT = 0x4FF
- SYS___UMALLOC = 0x4FD
- SYS___Y0_B = 0x4E5
- SYS___Y1_B = 0x4E7
- SYS___YN_B = 0x4E9
- SYS_ABORT = 0x05C
- SYS_ASCTIME_R = 0x5E0
- SYS_ATEXIT = 0x05D
- SYS_CONNECTE = 0x5AE
- SYS_CONNECTEXPORTIMPORT = 0x5AE
- SYS_CTIME_R = 0x5E1
- SYS_DN_COMP = 0x5DF
- SYS_DN_EXPAND = 0x5DD
- SYS_DN_SKIPNAME = 0x5DE
- SYS_EXIT = 0x05A
- SYS_EXPORTWO = 0x5A1
- SYS_EXPORTWORKUNIT = 0x5A1
- SYS_EXTRACTW = 0x5A5
- SYS_EXTRACTWORKUNIT = 0x5A5
- SYS_FSEEKO = 0x5C9
- SYS_FTELLO = 0x5C8
- SYS_GETGRGID_R = 0x5E7
- SYS_GETGRNAM_R = 0x5E8
- SYS_GETLOGIN_R = 0x5E9
- SYS_GETPWNAM_R = 0x5EA
- SYS_GETPWUID_R = 0x5EB
- SYS_GMTIME_R = 0x5E2
- SYS_IMPORTWO = 0x5A3
- SYS_IMPORTWORKUNIT = 0x5A3
- SYS_INET_NTOP = 0x5D3
- SYS_INET_PTON = 0x5D4
- SYS_LLABS = 0x5CE
- SYS_LLDIV = 0x5CB
- SYS_LOCALTIME_R = 0x5E3
- SYS_PTHREAD_ATFORK = 0x5ED
- SYS_PTHREAD_ATTR_GETDETACHSTATE_U98 = 0x5FB
- SYS_PTHREAD_ATTR_GETGUARDSIZE = 0x5EE
- SYS_PTHREAD_ATTR_GETSCHEDPARAM = 0x5F9
- SYS_PTHREAD_ATTR_GETSTACKADDR = 0x5EF
- SYS_PTHREAD_ATTR_SETDETACHSTATE_U98 = 0x5FC
- SYS_PTHREAD_ATTR_SETGUARDSIZE = 0x5F0
- SYS_PTHREAD_ATTR_SETSCHEDPARAM = 0x5FA
- SYS_PTHREAD_ATTR_SETSTACKADDR = 0x5F1
- SYS_PTHREAD_CONDATTR_GETPSHARED = 0x5F2
- SYS_PTHREAD_CONDATTR_SETPSHARED = 0x5F3
- SYS_PTHREAD_DETACH_U98 = 0x5FD
- SYS_PTHREAD_GETCONCURRENCY = 0x5F4
- SYS_PTHREAD_GETSPECIFIC_U98 = 0x5FE
- SYS_PTHREAD_KEY_DELETE = 0x5F5
- SYS_PTHREAD_SETCANCELSTATE = 0x5FF
- SYS_PTHREAD_SETCONCURRENCY = 0x5F6
- SYS_PTHREAD_SIGMASK = 0x5F7
- SYS_QUERYENC = 0x5AD
- SYS_QUERYWORKUNITCLASSIFICATION = 0x5AD
- SYS_RAISE = 0x05E
- SYS_RAND_R = 0x5E4
- SYS_READDIR_R = 0x5E6
- SYS_REALLOC = 0x05B
- SYS_RES_INIT = 0x5D8
- SYS_RES_MKQUERY = 0x5D7
- SYS_RES_QUERY = 0x5D9
- SYS_RES_QUERYDOMAIN = 0x5DC
- SYS_RES_SEARCH = 0x5DA
- SYS_RES_SEND = 0x5DB
- SYS_SETJMP = 0x05F
- SYS_SIGQUEUE = 0x5A9
- SYS_STRTOK_R = 0x5E5
- SYS_STRTOLL = 0x5B0
- SYS_STRTOULL = 0x5B1
- SYS_TTYNAME_R = 0x5EC
- SYS_UNDOEXPO = 0x5A2
- SYS_UNDOEXPORTWORKUNIT = 0x5A2
- SYS_UNDOIMPO = 0x5A4
- SYS_UNDOIMPORTWORKUNIT = 0x5A4
- SYS_WCSTOLL = 0x5CC
- SYS_WCSTOULL = 0x5CD
- SYS___ABORT = 0x05C
- SYS___CONSOLE2 = 0x5D2
- SYS___CPL = 0x5A6
- SYS___DISCARDDATA = 0x5F8
- SYS___DSA_PREV = 0x5B2
- SYS___EP_FIND = 0x5B3
- SYS___FP_SWAPMODE = 0x5AF
- SYS___GETUSERID = 0x5AB
- SYS___GET_CPUID = 0x5B9
- SYS___GET_SYSTEM_SETTINGS = 0x5BA
- SYS___IPDOMAINNAME = 0x5AC
- SYS___MAP_INIT = 0x5A7
- SYS___MAP_SERVICE = 0x5A8
- SYS___MOUNT = 0x5AA
- SYS___MSGRCV_TIMED = 0x5B7
- SYS___RES = 0x5D6
- SYS___SEMOP_TIMED = 0x5B8
- SYS___SERVER_THREADS_QUERY = 0x5B4
- SYS_FPRINTF = 0x06D
- SYS_FSCANF = 0x06A
- SYS_PRINTF = 0x06F
- SYS_SETBUF = 0x06B
- SYS_SETVBUF = 0x06C
- SYS_SSCANF = 0x06E
- SYS___CATGETS_A = 0x6C0
- SYS___CHAUDIT_A = 0x6F4
- SYS___CHMOD_A = 0x6E8
- SYS___COLLATE_INIT_A = 0x6AC
- SYS___CREAT_A = 0x6F6
- SYS___CTYPE_INIT_A = 0x6AF
- SYS___DLLLOAD_A = 0x6DF
- SYS___DLLQUERYFN_A = 0x6E0
- SYS___DLLQUERYVAR_A = 0x6E1
- SYS___E2A_L = 0x6E3
- SYS___EXECLE_A = 0x6A0
- SYS___EXECLP_A = 0x6A4
- SYS___EXECVE_A = 0x6C1
- SYS___EXECVP_A = 0x6C2
- SYS___EXECV_A = 0x6B1
- SYS___FPRINTF_A = 0x6FA
- SYS___GETADDRINFO_A = 0x6BF
- SYS___GETNAMEINFO_A = 0x6C4
- SYS___GET_WCTYPE_STD_A = 0x6AE
- SYS___ICONV_OPEN_A = 0x6DE
- SYS___IF_INDEXTONAME_A = 0x6DC
- SYS___IF_NAMETOINDEX_A = 0x6DB
- SYS___ISWCTYPE_A = 0x6B0
- SYS___IS_WCTYPE_STD_A = 0x6B2
- SYS___LOCALECONV_A = 0x6B8
- SYS___LOCALECONV_STD_A = 0x6B9
- SYS___LOCALE_INIT_A = 0x6B7
- SYS___LSTAT_A = 0x6EE
- SYS___LSTAT_O_A = 0x6EF
- SYS___MKDIR_A = 0x6E9
- SYS___MKFIFO_A = 0x6EC
- SYS___MKNOD_A = 0x6F0
- SYS___MONETARY_INIT_A = 0x6BC
- SYS___MOUNT_A = 0x6F1
- SYS___NL_CSINFO_A = 0x6D6
- SYS___NL_LANGINFO_A = 0x6BA
- SYS___NL_LNAGINFO_STD_A = 0x6BB
- SYS___NL_MONINFO_A = 0x6D7
- SYS___NL_NUMINFO_A = 0x6D8
- SYS___NL_RESPINFO_A = 0x6D9
- SYS___NL_TIMINFO_A = 0x6DA
- SYS___NUMERIC_INIT_A = 0x6C6
- SYS___OPEN_A = 0x6F7
- SYS___PRINTF_A = 0x6DD
- SYS___RESP_INIT_A = 0x6C7
- SYS___RPMATCH_A = 0x6C8
- SYS___RPMATCH_C_A = 0x6C9
- SYS___RPMATCH_STD_A = 0x6CA
- SYS___SETLOCALE_A = 0x6F9
- SYS___SPAWNP_A = 0x6C5
- SYS___SPAWN_A = 0x6C3
- SYS___SPRINTF_A = 0x6FB
- SYS___STAT_A = 0x6EA
- SYS___STAT_O_A = 0x6EB
- SYS___STRCOLL_STD_A = 0x6A1
- SYS___STRFMON_A = 0x6BD
- SYS___STRFMON_STD_A = 0x6BE
- SYS___STRFTIME_A = 0x6CC
- SYS___STRFTIME_STD_A = 0x6CD
- SYS___STRPTIME_A = 0x6CE
- SYS___STRPTIME_STD_A = 0x6CF
- SYS___STRXFRM_A = 0x6A2
- SYS___STRXFRM_C_A = 0x6A3
- SYS___STRXFRM_STD_A = 0x6A5
- SYS___SYNTAX_INIT_A = 0x6D4
- SYS___TIME_INIT_A = 0x6CB
- SYS___TOD_INIT_A = 0x6D5
- SYS___TOWLOWER_A = 0x6B3
- SYS___TOWLOWER_STD_A = 0x6B4
- SYS___TOWUPPER_A = 0x6B5
- SYS___TOWUPPER_STD_A = 0x6B6
- SYS___UMOUNT_A = 0x6F2
- SYS___VFPRINTF_A = 0x6FC
- SYS___VPRINTF_A = 0x6FD
- SYS___VSPRINTF_A = 0x6FE
- SYS___VSWPRINTF_A = 0x6FF
- SYS___WCSCOLL_A = 0x6A6
- SYS___WCSCOLL_C_A = 0x6A7
- SYS___WCSCOLL_STD_A = 0x6A8
- SYS___WCSFTIME_A = 0x6D0
- SYS___WCSFTIME_STD_A = 0x6D1
- SYS___WCSXFRM_A = 0x6A9
- SYS___WCSXFRM_C_A = 0x6AA
- SYS___WCSXFRM_STD_A = 0x6AB
- SYS___WCTYPE_A = 0x6AD
- SYS___W_GETMNTENT_A = 0x6F5
- SYS_____CCSIDTYPE_A = 0x6E6
- SYS_____CHATTR_A = 0x6E2
- SYS_____CSNAMETYPE_A = 0x6E7
- SYS_____OPEN_STAT_A = 0x6ED
- SYS_____SPAWN2_A = 0x6D2
- SYS_____SPAWNP2_A = 0x6D3
- SYS_____TOCCSID_A = 0x6E4
- SYS_____TOCSNAME_A = 0x6E5
- SYS_ACL_FREE = 0x7FF
- SYS_ACL_INIT = 0x7FE
- SYS_FWIDE = 0x7DF
- SYS_FWPRINTF = 0x7D1
- SYS_FWRITE = 0x07E
- SYS_FWSCANF = 0x7D5
- SYS_GETCHAR = 0x07B
- SYS_GETS = 0x07C
- SYS_M_CREATE_LAYOUT = 0x7C9
- SYS_M_DESTROY_LAYOUT = 0x7CA
- SYS_M_GETVALUES_LAYOUT = 0x7CB
- SYS_M_SETVALUES_LAYOUT = 0x7CC
- SYS_M_TRANSFORM_LAYOUT = 0x7CD
- SYS_M_WTRANSFORM_LAYOUT = 0x7CE
- SYS_PREAD = 0x7C7
- SYS_PUTC = 0x07D
- SYS_PUTCHAR = 0x07A
- SYS_PUTS = 0x07F
- SYS_PWRITE = 0x7C8
- SYS_TOWCTRAN = 0x7D8
- SYS_TOWCTRANS = 0x7D8
- SYS_UNATEXIT = 0x7B5
- SYS_VFWPRINT = 0x7D3
- SYS_VFWPRINTF = 0x7D3
- SYS_VWPRINTF = 0x7D4
- SYS_WCTRANS = 0x7D7
- SYS_WPRINTF = 0x7D2
- SYS_WSCANF = 0x7D6
- SYS___ASCTIME_R_A = 0x7A1
- SYS___BASENAME_A = 0x7DC
- SYS___BTOWC_A = 0x7E4
- SYS___CDUMP_A = 0x7B7
- SYS___CEE3DMP_A = 0x7B6
- SYS___CEILF_H = 0x7F4
- SYS___CEILL_H = 0x7F5
- SYS___CEIL_H = 0x7EA
- SYS___CRYPT_A = 0x7BE
- SYS___CSNAP_A = 0x7B8
- SYS___CTEST_A = 0x7B9
- SYS___CTIME_R_A = 0x7A2
- SYS___CTRACE_A = 0x7BA
- SYS___DBM_OPEN_A = 0x7E6
- SYS___DIRNAME_A = 0x7DD
- SYS___FABSF_H = 0x7FA
- SYS___FABSL_H = 0x7FB
- SYS___FABS_H = 0x7ED
- SYS___FGETWC_A = 0x7AA
- SYS___FGETWS_A = 0x7AD
- SYS___FLOORF_H = 0x7F6
- SYS___FLOORL_H = 0x7F7
- SYS___FLOOR_H = 0x7EB
- SYS___FPUTWC_A = 0x7A5
- SYS___FPUTWS_A = 0x7A8
- SYS___GETTIMEOFDAY_A = 0x7AE
- SYS___GETWCHAR_A = 0x7AC
- SYS___GETWC_A = 0x7AB
- SYS___GLOB_A = 0x7DE
- SYS___GMTIME_A = 0x7AF
- SYS___GMTIME_R_A = 0x7B0
- SYS___INET_PTON_A = 0x7BC
- SYS___J0_H = 0x7EE
- SYS___J1_H = 0x7EF
- SYS___JN_H = 0x7F0
- SYS___LOCALTIME_A = 0x7B1
- SYS___LOCALTIME_R_A = 0x7B2
- SYS___MALLOC24 = 0x7FC
- SYS___MALLOC31 = 0x7FD
- SYS___MKTIME_A = 0x7B3
- SYS___MODFF_H = 0x7F8
- SYS___MODFL_H = 0x7F9
- SYS___MODF_H = 0x7EC
- SYS___OPENDIR_A = 0x7C2
- SYS___OSNAME = 0x7E0
- SYS___PUTWCHAR_A = 0x7A7
- SYS___PUTWC_A = 0x7A6
- SYS___READDIR_A = 0x7C3
- SYS___STRTOLL_A = 0x7A3
- SYS___STRTOULL_A = 0x7A4
- SYS___SYSLOG_A = 0x7BD
- SYS___TZZNA = 0x7B4
- SYS___UNGETWC_A = 0x7A9
- SYS___UTIME_A = 0x7A0
- SYS___VFPRINTF2_A = 0x7E7
- SYS___VPRINTF2_A = 0x7E8
- SYS___VSPRINTF2_A = 0x7E9
- SYS___VSWPRNTF2_A = 0x7BB
- SYS___WCSTOD_A = 0x7D9
- SYS___WCSTOL_A = 0x7DA
- SYS___WCSTOUL_A = 0x7DB
- SYS___WCTOB_A = 0x7E5
- SYS___Y0_H = 0x7F1
- SYS___Y1_H = 0x7F2
- SYS___YN_H = 0x7F3
- SYS_____OPENDIR2_A = 0x7BF
- SYS_____OSNAME_A = 0x7E1
- SYS_____READDIR2_A = 0x7C0
- SYS_DLCLOSE = 0x8DF
- SYS_DLERROR = 0x8E0
- SYS_DLOPEN = 0x8DD
- SYS_DLSYM = 0x8DE
- SYS_FLOCKFILE = 0x8D3
- SYS_FTRYLOCKFILE = 0x8D4
- SYS_FUNLOCKFILE = 0x8D5
- SYS_GETCHAR_UNLOCKED = 0x8D7
- SYS_GETC_UNLOCKED = 0x8D6
- SYS_PUTCHAR_UNLOCKED = 0x8D9
- SYS_PUTC_UNLOCKED = 0x8D8
- SYS_SNPRINTF = 0x8DA
- SYS_VSNPRINTF = 0x8DB
- SYS_WCSCSPN = 0x08B
- SYS_WCSLEN = 0x08C
- SYS_WCSNCAT = 0x08D
- SYS_WCSNCMP = 0x08A
- SYS_WCSNCPY = 0x08F
- SYS_WCSSPN = 0x08E
- SYS___ABSF_H = 0x8E7
- SYS___ABSL_H = 0x8E8
- SYS___ABS_H = 0x8E6
- SYS___ACOSF_H = 0x8EA
- SYS___ACOSH_H = 0x8EC
- SYS___ACOSL_H = 0x8EB
- SYS___ACOS_H = 0x8E9
- SYS___ASINF_H = 0x8EE
- SYS___ASINH_H = 0x8F0
- SYS___ASINL_H = 0x8EF
- SYS___ASIN_H = 0x8ED
- SYS___ATAN2F_H = 0x8F8
- SYS___ATAN2L_H = 0x8F9
- SYS___ATAN2_H = 0x8F7
- SYS___ATANF_H = 0x8F2
- SYS___ATANHF_H = 0x8F5
- SYS___ATANHL_H = 0x8F6
- SYS___ATANH_H = 0x8F4
- SYS___ATANL_H = 0x8F3
- SYS___ATAN_H = 0x8F1
- SYS___CBRT_H = 0x8FA
- SYS___COPYSIGNF_H = 0x8FB
- SYS___COPYSIGNL_H = 0x8FC
- SYS___COSF_H = 0x8FE
- SYS___COSL_H = 0x8FF
- SYS___COS_H = 0x8FD
- SYS___DLERROR_A = 0x8D2
- SYS___DLOPEN_A = 0x8D0
- SYS___DLSYM_A = 0x8D1
- SYS___GETUTXENT_A = 0x8C6
- SYS___GETUTXID_A = 0x8C7
- SYS___GETUTXLINE_A = 0x8C8
- SYS___ITOA = 0x8AA
- SYS___ITOA_A = 0x8B0
- SYS___LE_CONDITION_TOKEN_BUILD = 0x8A5
- SYS___LE_MSG_ADD_INSERT = 0x8A6
- SYS___LE_MSG_GET = 0x8A7
- SYS___LE_MSG_GET_AND_WRITE = 0x8A8
- SYS___LE_MSG_WRITE = 0x8A9
- SYS___LLTOA = 0x8AE
- SYS___LLTOA_A = 0x8B4
- SYS___LTOA = 0x8AC
- SYS___LTOA_A = 0x8B2
- SYS___PUTCHAR_UNLOCKED_A = 0x8CC
- SYS___PUTC_UNLOCKED_A = 0x8CB
- SYS___PUTUTXLINE_A = 0x8C9
- SYS___RESET_EXCEPTION_HANDLER = 0x8E3
- SYS___REXEC_A = 0x8C4
- SYS___REXEC_AF_A = 0x8C5
- SYS___SET_EXCEPTION_HANDLER = 0x8E2
- SYS___SNPRINTF_A = 0x8CD
- SYS___SUPERKILL = 0x8A4
- SYS___TCGETATTR_A = 0x8A1
- SYS___TCSETATTR_A = 0x8A2
- SYS___ULLTOA = 0x8AF
- SYS___ULLTOA_A = 0x8B5
- SYS___ULTOA = 0x8AD
- SYS___ULTOA_A = 0x8B3
- SYS___UTOA = 0x8AB
- SYS___UTOA_A = 0x8B1
- SYS___VHM_EVENT = 0x8E4
- SYS___VSNPRINTF_A = 0x8CE
- SYS_____GETENV_A = 0x8C3
- SYS_____UTMPXNAME_A = 0x8CA
- SYS_CACOSH = 0x9A0
- SYS_CACOSHF = 0x9A3
- SYS_CACOSHL = 0x9A6
- SYS_CARG = 0x9A9
- SYS_CARGF = 0x9AC
- SYS_CARGL = 0x9AF
- SYS_CASIN = 0x9B2
- SYS_CASINF = 0x9B5
- SYS_CASINH = 0x9BB
- SYS_CASINHF = 0x9BE
- SYS_CASINHL = 0x9C1
- SYS_CASINL = 0x9B8
- SYS_CATAN = 0x9C4
- SYS_CATANF = 0x9C7
- SYS_CATANH = 0x9CD
- SYS_CATANHF = 0x9D0
- SYS_CATANHL = 0x9D3
- SYS_CATANL = 0x9CA
- SYS_CCOS = 0x9D6
- SYS_CCOSF = 0x9D9
- SYS_CCOSH = 0x9DF
- SYS_CCOSHF = 0x9E2
- SYS_CCOSHL = 0x9E5
- SYS_CCOSL = 0x9DC
- SYS_CEXP = 0x9E8
- SYS_CEXPF = 0x9EB
- SYS_CEXPL = 0x9EE
- SYS_CIMAG = 0x9F1
- SYS_CIMAGF = 0x9F4
- SYS_CIMAGL = 0x9F7
- SYS_CLOGF = 0x9FD
- SYS_MEMCHR = 0x09B
- SYS_MEMCMP = 0x09A
- SYS_STRCOLL = 0x09C
- SYS_STRNCMP = 0x09D
- SYS_STRRCHR = 0x09F
- SYS_STRXFRM = 0x09E
- SYS___CACOSHF_B = 0x9A4
- SYS___CACOSHF_H = 0x9A5
- SYS___CACOSHL_B = 0x9A7
- SYS___CACOSHL_H = 0x9A8
- SYS___CACOSH_B = 0x9A1
- SYS___CACOSH_H = 0x9A2
- SYS___CARGF_B = 0x9AD
- SYS___CARGF_H = 0x9AE
- SYS___CARGL_B = 0x9B0
- SYS___CARGL_H = 0x9B1
- SYS___CARG_B = 0x9AA
- SYS___CARG_H = 0x9AB
- SYS___CASINF_B = 0x9B6
- SYS___CASINF_H = 0x9B7
- SYS___CASINHF_B = 0x9BF
- SYS___CASINHF_H = 0x9C0
- SYS___CASINHL_B = 0x9C2
- SYS___CASINHL_H = 0x9C3
- SYS___CASINH_B = 0x9BC
- SYS___CASINH_H = 0x9BD
- SYS___CASINL_B = 0x9B9
- SYS___CASINL_H = 0x9BA
- SYS___CASIN_B = 0x9B3
- SYS___CASIN_H = 0x9B4
- SYS___CATANF_B = 0x9C8
- SYS___CATANF_H = 0x9C9
- SYS___CATANHF_B = 0x9D1
- SYS___CATANHF_H = 0x9D2
- SYS___CATANHL_B = 0x9D4
- SYS___CATANHL_H = 0x9D5
- SYS___CATANH_B = 0x9CE
- SYS___CATANH_H = 0x9CF
- SYS___CATANL_B = 0x9CB
- SYS___CATANL_H = 0x9CC
- SYS___CATAN_B = 0x9C5
- SYS___CATAN_H = 0x9C6
- SYS___CCOSF_B = 0x9DA
- SYS___CCOSF_H = 0x9DB
- SYS___CCOSHF_B = 0x9E3
- SYS___CCOSHF_H = 0x9E4
- SYS___CCOSHL_B = 0x9E6
- SYS___CCOSHL_H = 0x9E7
- SYS___CCOSH_B = 0x9E0
- SYS___CCOSH_H = 0x9E1
- SYS___CCOSL_B = 0x9DD
- SYS___CCOSL_H = 0x9DE
- SYS___CCOS_B = 0x9D7
- SYS___CCOS_H = 0x9D8
- SYS___CEXPF_B = 0x9EC
- SYS___CEXPF_H = 0x9ED
- SYS___CEXPL_B = 0x9EF
- SYS___CEXPL_H = 0x9F0
- SYS___CEXP_B = 0x9E9
- SYS___CEXP_H = 0x9EA
- SYS___CIMAGF_B = 0x9F5
- SYS___CIMAGF_H = 0x9F6
- SYS___CIMAGL_B = 0x9F8
- SYS___CIMAGL_H = 0x9F9
- SYS___CIMAG_B = 0x9F2
- SYS___CIMAG_H = 0x9F3
- SYS___CLOG = 0x9FA
- SYS___CLOGF_B = 0x9FE
- SYS___CLOGF_H = 0x9FF
- SYS___CLOG_B = 0x9FB
- SYS___CLOG_H = 0x9FC
- SYS_ISWCTYPE = 0x10C
- SYS_ISWXDIGI = 0x10A
- SYS_ISWXDIGIT = 0x10A
- SYS_MBSINIT = 0x10F
- SYS_TOWLOWER = 0x10D
- SYS_TOWUPPER = 0x10E
- SYS_WCTYPE = 0x10B
- SYS_WCSSTR = 0x11B
- SYS___RPMTCH = 0x11A
- SYS_WCSTOD = 0x12E
- SYS_WCSTOK = 0x12C
- SYS_WCSTOL = 0x12D
- SYS_WCSTOUL = 0x12F
- SYS_FGETWC = 0x13C
- SYS_FGETWS = 0x13D
- SYS_FPUTWC = 0x13E
- SYS_FPUTWS = 0x13F
- SYS_REGERROR = 0x13B
- SYS_REGFREE = 0x13A
- SYS_COLLEQUIV = 0x14F
- SYS_COLLTOSTR = 0x14E
- SYS_ISMCCOLLEL = 0x14C
- SYS_STRTOCOLL = 0x14D
- SYS_DLLFREE = 0x16F
- SYS_DLLQUERYFN = 0x16D
- SYS_DLLQUERYVAR = 0x16E
- SYS_GETMCCOLL = 0x16A
- SYS_GETWMCCOLL = 0x16B
- SYS___ERR2AD = 0x16C
- SYS_CFSETOSPEED = 0x17A
- SYS_CHDIR = 0x17B
- SYS_CHMOD = 0x17C
- SYS_CHOWN = 0x17D
- SYS_CLOSE = 0x17E
- SYS_CLOSEDIR = 0x17F
- SYS_LOG = 0x017
- SYS_COSH = 0x018
- SYS_FCHMOD = 0x18A
- SYS_FCHOWN = 0x18B
- SYS_FCNTL = 0x18C
- SYS_FILENO = 0x18D
- SYS_FORK = 0x18E
- SYS_FPATHCONF = 0x18F
- SYS_GETLOGIN = 0x19A
- SYS_GETPGRP = 0x19C
- SYS_GETPID = 0x19D
- SYS_GETPPID = 0x19E
- SYS_GETPWNAM = 0x19F
- SYS_TANH = 0x019
- SYS_W_GETMNTENT = 0x19B
- SYS_POW = 0x020
- SYS_PTHREAD_SELF = 0x20A
- SYS_PTHREAD_SETINTR = 0x20B
- SYS_PTHREAD_SETINTRTYPE = 0x20C
- SYS_PTHREAD_SETSPECIFIC = 0x20D
- SYS_PTHREAD_TESTINTR = 0x20E
- SYS_PTHREAD_YIELD = 0x20F
- SYS_SQRT = 0x021
- SYS_FLOOR = 0x022
- SYS_J1 = 0x023
- SYS_WCSPBRK = 0x23F
- SYS_BSEARCH = 0x24C
- SYS_FABS = 0x024
- SYS_GETENV = 0x24A
- SYS_LDIV = 0x24D
- SYS_SYSTEM = 0x24B
- SYS_FMOD = 0x025
- SYS___RETHROW = 0x25F
- SYS___THROW = 0x25E
- SYS_J0 = 0x026
- SYS_PUTENV = 0x26A
- SYS___GETENV = 0x26F
- SYS_SEMCTL = 0x27A
- SYS_SEMGET = 0x27B
- SYS_SEMOP = 0x27C
- SYS_SHMAT = 0x27D
- SYS_SHMCTL = 0x27E
- SYS_SHMDT = 0x27F
- SYS_YN = 0x027
- SYS_JN = 0x028
- SYS_SIGALTSTACK = 0x28A
- SYS_SIGHOLD = 0x28B
- SYS_SIGIGNORE = 0x28C
- SYS_SIGINTERRUPT = 0x28D
- SYS_SIGPAUSE = 0x28E
- SYS_SIGRELSE = 0x28F
- SYS_GETOPT = 0x29A
- SYS_GETSUBOPT = 0x29D
- SYS_LCHOWN = 0x29B
- SYS_SETPGRP = 0x29E
- SYS_TRUNCATE = 0x29C
- SYS_Y0 = 0x029
- SYS___GDERR = 0x29F
- SYS_ISALPHA = 0x030
- SYS_VFORK = 0x30F
- SYS__LONGJMP = 0x30D
- SYS__SETJMP = 0x30E
- SYS_GLOB = 0x31A
- SYS_GLOBFREE = 0x31B
- SYS_ISALNUM = 0x031
- SYS_PUTW = 0x31C
- SYS_SEEKDIR = 0x31D
- SYS_TELLDIR = 0x31E
- SYS_TEMPNAM = 0x31F
- SYS_GETTIMEOFDAY_R = 0x32E
- SYS_ISLOWER = 0x032
- SYS_LGAMMA = 0x32C
- SYS_REMAINDER = 0x32A
- SYS_SCALB = 0x32B
- SYS_SYNC = 0x32F
- SYS_TTYSLOT = 0x32D
- SYS_ENDPROTOENT = 0x33A
- SYS_ENDSERVENT = 0x33B
- SYS_GETHOSTBYADDR = 0x33D
- SYS_GETHOSTBYADDR_R = 0x33C
- SYS_GETHOSTBYNAME = 0x33F
- SYS_GETHOSTBYNAME_R = 0x33E
- SYS_ISCNTRL = 0x033
- SYS_GETSERVBYNAME = 0x34A
- SYS_GETSERVBYPORT = 0x34B
- SYS_GETSERVENT = 0x34C
- SYS_GETSOCKNAME = 0x34D
- SYS_GETSOCKOPT = 0x34E
- SYS_INET_ADDR = 0x34F
- SYS_ISDIGIT = 0x034
- SYS_ISGRAPH = 0x035
- SYS_SELECT = 0x35B
- SYS_SELECTEX = 0x35C
- SYS_SEND = 0x35D
- SYS_SENDTO = 0x35F
- SYS_CHROOT = 0x36A
- SYS_ISNAN = 0x36D
- SYS_ISUPPER = 0x036
- SYS_ULIMIT = 0x36C
- SYS_UTIMES = 0x36E
- SYS_W_STATVFS = 0x36B
- SYS___H_ERRNO = 0x36F
- SYS_GRANTPT = 0x37A
- SYS_ISPRINT = 0x037
- SYS_TCGETSID = 0x37C
- SYS_UNLOCKPT = 0x37B
- SYS___TCGETCP = 0x37D
- SYS___TCSETCP = 0x37E
- SYS___TCSETTABLES = 0x37F
- SYS_ISPUNCT = 0x038
- SYS_NLIST = 0x38C
- SYS___IPDBCS = 0x38D
- SYS___IPDSPX = 0x38E
- SYS___IPMSGC = 0x38F
- SYS___STHOSTENT = 0x38B
- SYS___STSERVENT = 0x38A
- SYS_ISSPACE = 0x039
- SYS_COS = 0x040
- SYS_T_ALLOC = 0x40A
- SYS_T_BIND = 0x40B
- SYS_T_CLOSE = 0x40C
- SYS_T_CONNECT = 0x40D
- SYS_T_ERROR = 0x40E
- SYS_T_FREE = 0x40F
- SYS_TAN = 0x041
- SYS_T_RCVREL = 0x41A
- SYS_T_RCVUDATA = 0x41B
- SYS_T_RCVUDERR = 0x41C
- SYS_T_SND = 0x41D
- SYS_T_SNDDIS = 0x41E
- SYS_T_SNDREL = 0x41F
- SYS_GETPMSG = 0x42A
- SYS_ISASTREAM = 0x42B
- SYS_PUTMSG = 0x42C
- SYS_PUTPMSG = 0x42D
- SYS_SINH = 0x042
- SYS___ISPOSIXON = 0x42E
- SYS___OPENMVSREL = 0x42F
- SYS_ACOS = 0x043
- SYS_ATAN = 0x044
- SYS_ATAN2 = 0x045
- SYS_FTELL = 0x046
- SYS_FGETPOS = 0x047
- SYS_SOCK_DEBUG = 0x47A
- SYS_SOCK_DO_TESTSTOR = 0x47D
- SYS_TAKESOCKET = 0x47E
- SYS___SERVER_INIT = 0x47F
- SYS_FSEEK = 0x048
- SYS___IPHOST = 0x48B
- SYS___IPNODE = 0x48C
- SYS___SERVER_CLASSIFY_CREATE = 0x48D
- SYS___SERVER_CLASSIFY_DESTROY = 0x48E
- SYS___SERVER_CLASSIFY_RESET = 0x48F
- SYS___SMF_RECORD = 0x48A
- SYS_FSETPOS = 0x049
- SYS___FNWSA = 0x49B
- SYS___SPAWN2 = 0x49D
- SYS___SPAWNP2 = 0x49E
- SYS_ATOF = 0x050
- SYS_PTHREAD_MUTEXATTR_GETPSHARED = 0x50A
- SYS_PTHREAD_MUTEXATTR_SETPSHARED = 0x50B
- SYS_PTHREAD_RWLOCK_DESTROY = 0x50C
- SYS_PTHREAD_RWLOCK_INIT = 0x50D
- SYS_PTHREAD_RWLOCK_RDLOCK = 0x50E
- SYS_PTHREAD_RWLOCK_TRYRDLOCK = 0x50F
- SYS_ATOI = 0x051
- SYS___FP_CLASS = 0x51D
- SYS___FP_CLR_FLAG = 0x51A
- SYS___FP_FINITE = 0x51E
- SYS___FP_ISNAN = 0x51F
- SYS___FP_RAISE_XCP = 0x51C
- SYS___FP_READ_FLAG = 0x51B
- SYS_RAND = 0x052
- SYS_SIGTIMEDWAIT = 0x52D
- SYS_SIGWAITINFO = 0x52E
- SYS___CHKBFP = 0x52F
- SYS___FPC_RS = 0x52C
- SYS___FPC_RW = 0x52A
- SYS___FPC_SM = 0x52B
- SYS_STRTOD = 0x053
- SYS_STRTOL = 0x054
- SYS_STRTOUL = 0x055
- SYS_MALLOC = 0x056
- SYS_SRAND = 0x057
- SYS_CALLOC = 0x058
- SYS_FREE = 0x059
- SYS___OSENV = 0x59F
- SYS___W_PIOCTL = 0x59E
- SYS_LONGJMP = 0x060
- SYS___FLOORF_B = 0x60A
- SYS___FLOORL_B = 0x60B
- SYS___FREXPF_B = 0x60C
- SYS___FREXPL_B = 0x60D
- SYS___LDEXPF_B = 0x60E
- SYS___LDEXPL_B = 0x60F
- SYS_SIGNAL = 0x061
- SYS___ATAN2F_B = 0x61A
- SYS___ATAN2L_B = 0x61B
- SYS___COSHF_B = 0x61C
- SYS___COSHL_B = 0x61D
- SYS___EXPF_B = 0x61E
- SYS___EXPL_B = 0x61F
- SYS_TMPNAM = 0x062
- SYS___ABSF_B = 0x62A
- SYS___ABSL_B = 0x62C
- SYS___ABS_B = 0x62B
- SYS___FMODF_B = 0x62D
- SYS___FMODL_B = 0x62E
- SYS___MODFF_B = 0x62F
- SYS_ATANL = 0x63A
- SYS_CEILF = 0x63B
- SYS_CEILL = 0x63C
- SYS_COSF = 0x63D
- SYS_COSHF = 0x63F
- SYS_COSL = 0x63E
- SYS_REMOVE = 0x063
- SYS_POWL = 0x64A
- SYS_RENAME = 0x064
- SYS_SINF = 0x64B
- SYS_SINHF = 0x64F
- SYS_SINL = 0x64C
- SYS_SQRTF = 0x64D
- SYS_SQRTL = 0x64E
- SYS_BTOWC = 0x65F
- SYS_FREXPL = 0x65A
- SYS_LDEXPF = 0x65B
- SYS_LDEXPL = 0x65C
- SYS_MODFF = 0x65D
- SYS_MODFL = 0x65E
- SYS_TMPFILE = 0x065
- SYS_FREOPEN = 0x066
- SYS___CHARMAP_INIT_A = 0x66E
- SYS___GETHOSTBYADDR_R_A = 0x66C
- SYS___GETHOSTBYNAME_A = 0x66A
- SYS___GETHOSTBYNAME_R_A = 0x66D
- SYS___MBLEN_A = 0x66F
- SYS___RES_INIT_A = 0x66B
- SYS_FCLOSE = 0x067
- SYS___GETGRGID_R_A = 0x67D
- SYS___WCSTOMBS_A = 0x67A
- SYS___WCSTOMBS_STD_A = 0x67B
- SYS___WCSWIDTH_A = 0x67C
- SYS___WCSWIDTH_ASIA = 0x67F
- SYS___WCSWIDTH_STD_A = 0x67E
- SYS_FFLUSH = 0x068
- SYS___GETLOGIN_R_A = 0x68E
- SYS___GETPWNAM_R_A = 0x68C
- SYS___GETPWUID_R_A = 0x68D
- SYS___TTYNAME_R_A = 0x68F
- SYS___WCWIDTH_ASIA = 0x68B
- SYS___WCWIDTH_STD_A = 0x68A
- SYS_FOPEN = 0x069
- SYS___REGEXEC_A = 0x69A
- SYS___REGEXEC_STD_A = 0x69B
- SYS___REGFREE_A = 0x69C
- SYS___REGFREE_STD_A = 0x69D
- SYS___STRCOLL_A = 0x69E
- SYS___STRCOLL_C_A = 0x69F
- SYS_SCANF = 0x070
- SYS___A64L_A = 0x70C
- SYS___ECVT_A = 0x70D
- SYS___FCVT_A = 0x70E
- SYS___GCVT_A = 0x70F
- SYS___STRTOUL_A = 0x70A
- SYS_____AE_CORRESTBL_QUERY_A = 0x70B
- SYS_SPRINTF = 0x071
- SYS___ACCESS_A = 0x71F
- SYS___CATOPEN_A = 0x71E
- SYS___GETOPT_A = 0x71D
- SYS___REALPATH_A = 0x71A
- SYS___SETENV_A = 0x71B
- SYS___SYSTEM_A = 0x71C
- SYS_FGETC = 0x072
- SYS___GAI_STRERROR_A = 0x72F
- SYS___RMDIR_A = 0x72A
- SYS___STATVFS_A = 0x72B
- SYS___SYMLINK_A = 0x72C
- SYS___TRUNCATE_A = 0x72D
- SYS___UNLINK_A = 0x72E
- SYS_VFPRINTF = 0x073
- SYS___ISSPACE_A = 0x73A
- SYS___ISUPPER_A = 0x73B
- SYS___ISWALNUM_A = 0x73F
- SYS___ISXDIGIT_A = 0x73C
- SYS___TOLOWER_A = 0x73D
- SYS___TOUPPER_A = 0x73E
- SYS_VPRINTF = 0x074
- SYS___CONFSTR_A = 0x74B
- SYS___FDOPEN_A = 0x74E
- SYS___FLDATA_A = 0x74F
- SYS___FTOK_A = 0x74C
- SYS___ISWXDIGIT_A = 0x74A
- SYS___MKTEMP_A = 0x74D
- SYS_VSPRINTF = 0x075
- SYS___GETGRGID_A = 0x75A
- SYS___GETGRNAM_A = 0x75B
- SYS___GETGROUPSBYNAME_A = 0x75C
- SYS___GETHOSTENT_A = 0x75D
- SYS___GETHOSTNAME_A = 0x75E
- SYS___GETLOGIN_A = 0x75F
- SYS_GETC = 0x076
- SYS___CREATEWORKUNIT_A = 0x76A
- SYS___CTERMID_A = 0x76B
- SYS___FMTMSG_A = 0x76C
- SYS___INITGROUPS_A = 0x76D
- SYS___MSGRCV_A = 0x76F
- SYS_____LOGIN_A = 0x76E
- SYS_FGETS = 0x077
- SYS___STRCASECMP_A = 0x77B
- SYS___STRNCASECMP_A = 0x77C
- SYS___TTYNAME_A = 0x77D
- SYS___UNAME_A = 0x77E
- SYS___UTIMES_A = 0x77F
- SYS_____SERVER_PWU_A = 0x77A
- SYS_FPUTC = 0x078
- SYS___CREAT_O_A = 0x78E
- SYS___ENVNA = 0x78F
- SYS___FREAD_A = 0x78A
- SYS___FWRITE_A = 0x78B
- SYS___ISASCII = 0x78D
- SYS___OPEN_O_A = 0x78C
- SYS_FPUTS = 0x079
- SYS___ASCTIME_A = 0x79C
- SYS___CTIME_A = 0x79D
- SYS___GETDATE_A = 0x79E
- SYS___GETSERVBYPORT_A = 0x79A
- SYS___GETSERVENT_A = 0x79B
- SYS___TZSET_A = 0x79F
- SYS_ACL_FROM_TEXT = 0x80C
- SYS_ACL_SET_FD = 0x80A
- SYS_ACL_SET_FILE = 0x80B
- SYS_ACL_SORT = 0x80E
- SYS_ACL_TO_TEXT = 0x80D
- SYS_UNGETC = 0x080
- SYS___SHUTDOWN_REGISTRATION = 0x80F
- SYS_FREAD = 0x081
- SYS_FREEADDRINFO = 0x81A
- SYS_GAI_STRERROR = 0x81B
- SYS_REXEC_AF = 0x81C
- SYS___DYNALLOC_A = 0x81F
- SYS___POE = 0x81D
- SYS_WCSTOMBS = 0x082
- SYS___INET_ADDR_A = 0x82F
- SYS___NLIST_A = 0x82A
- SYS_____TCGETCP_A = 0x82B
- SYS_____TCSETCP_A = 0x82C
- SYS_____W_PIOCTL_A = 0x82E
- SYS_MBTOWC = 0x083
- SYS___CABEND = 0x83D
- SYS___LE_CIB_GET = 0x83E
- SYS___RECVMSG_A = 0x83B
- SYS___SENDMSG_A = 0x83A
- SYS___SET_LAA_FOR_JIT = 0x83F
- SYS_____LCHATTR_A = 0x83C
- SYS_WCTOMB = 0x084
- SYS___CBRTL_B = 0x84A
- SYS___COPYSIGNF_B = 0x84B
- SYS___COPYSIGNL_B = 0x84C
- SYS___COTANF_B = 0x84D
- SYS___COTANL_B = 0x84F
- SYS___COTAN_B = 0x84E
- SYS_MBSTOWCS = 0x085
- SYS___LOG1PL_B = 0x85A
- SYS___LOG2F_B = 0x85B
- SYS___LOG2L_B = 0x85D
- SYS___LOG2_B = 0x85C
- SYS___REMAINDERF_B = 0x85E
- SYS___REMAINDERL_B = 0x85F
- SYS_ACOSHF = 0x86E
- SYS_ACOSHL = 0x86F
- SYS_WCSCPY = 0x086
- SYS___ERFCF_B = 0x86D
- SYS___ERFF_B = 0x86C
- SYS___LROUNDF_B = 0x86A
- SYS___LROUND_B = 0x86B
- SYS_COTANL = 0x87A
- SYS_EXP2F = 0x87B
- SYS_EXP2L = 0x87C
- SYS_EXPM1F = 0x87D
- SYS_EXPM1L = 0x87E
- SYS_FDIMF = 0x87F
- SYS_WCSCAT = 0x087
- SYS___COTANL = 0x87A
- SYS_REMAINDERF = 0x88A
- SYS_REMAINDERL = 0x88B
- SYS_REMAINDF = 0x88A
- SYS_REMAINDL = 0x88B
- SYS_REMQUO = 0x88D
- SYS_REMQUOF = 0x88C
- SYS_REMQUOL = 0x88E
- SYS_TGAMMAF = 0x88F
- SYS_WCSCHR = 0x088
- SYS_ERFCF = 0x89B
- SYS_ERFCL = 0x89C
- SYS_ERFL = 0x89A
- SYS_EXP2 = 0x89E
- SYS_WCSCMP = 0x089
- SYS___EXP2_B = 0x89D
- SYS___FAR_JUMP = 0x89F
- SYS_ABS = 0x090
- SYS___ERFCL_H = 0x90A
- SYS___EXPF_H = 0x90C
- SYS___EXPL_H = 0x90D
- SYS___EXPM1_H = 0x90E
- SYS___EXP_H = 0x90B
- SYS___FDIM_H = 0x90F
- SYS_DIV = 0x091
- SYS___LOG2F_H = 0x91F
- SYS___LOG2_H = 0x91E
- SYS___LOGB_H = 0x91D
- SYS___LOGF_H = 0x91B
- SYS___LOGL_H = 0x91C
- SYS___LOG_H = 0x91A
- SYS_LABS = 0x092
- SYS___POWL_H = 0x92A
- SYS___REMAINDER_H = 0x92B
- SYS___RINT_H = 0x92C
- SYS___SCALB_H = 0x92D
- SYS___SINF_H = 0x92F
- SYS___SIN_H = 0x92E
- SYS_STRNCPY = 0x093
- SYS___TANHF_H = 0x93B
- SYS___TANHL_H = 0x93C
- SYS___TANH_H = 0x93A
- SYS___TGAMMAF_H = 0x93E
- SYS___TGAMMA_H = 0x93D
- SYS___TRUNC_H = 0x93F
- SYS_MEMCPY = 0x094
- SYS_VFWSCANF = 0x94A
- SYS_VSWSCANF = 0x94E
- SYS_VWSCANF = 0x94C
- SYS_INET6_RTH_ADD = 0x95D
- SYS_INET6_RTH_INIT = 0x95C
- SYS_INET6_RTH_REVERSE = 0x95E
- SYS_INET6_RTH_SEGMENTS = 0x95F
- SYS_INET6_RTH_SPACE = 0x95B
- SYS_MEMMOVE = 0x095
- SYS_WCSTOLD = 0x95A
- SYS_STRCPY = 0x096
- SYS_STRCMP = 0x097
- SYS_CABS = 0x98E
- SYS_STRCAT = 0x098
- SYS___CABS_B = 0x98F
- SYS___POW_II = 0x98A
- SYS___POW_II_B = 0x98B
- SYS___POW_II_H = 0x98C
- SYS_CACOSF = 0x99A
- SYS_CACOSL = 0x99D
- SYS_STRNCAT = 0x099
- SYS___CACOSF_B = 0x99B
- SYS___CACOSF_H = 0x99C
- SYS___CACOSL_B = 0x99E
- SYS___CACOSL_H = 0x99F
- SYS_ISWALPHA = 0x100
- SYS_ISWBLANK = 0x101
- SYS___ISWBLK = 0x101
- SYS_ISWCNTRL = 0x102
- SYS_ISWDIGIT = 0x103
- SYS_ISWGRAPH = 0x104
- SYS_ISWLOWER = 0x105
- SYS_ISWPRINT = 0x106
- SYS_ISWPUNCT = 0x107
- SYS_ISWSPACE = 0x108
- SYS_ISWUPPER = 0x109
- SYS_WCTOB = 0x110
- SYS_MBRLEN = 0x111
- SYS_MBRTOWC = 0x112
- SYS_MBSRTOWC = 0x113
- SYS_MBSRTOWCS = 0x113
- SYS_WCRTOMB = 0x114
- SYS_WCSRTOMB = 0x115
- SYS_WCSRTOMBS = 0x115
- SYS___CSID = 0x116
- SYS___WCSID = 0x117
- SYS_STRPTIME = 0x118
- SYS___STRPTM = 0x118
- SYS_STRFMON = 0x119
- SYS_WCSCOLL = 0x130
- SYS_WCSXFRM = 0x131
- SYS_WCSWIDTH = 0x132
- SYS_WCWIDTH = 0x133
- SYS_WCSFTIME = 0x134
- SYS_SWPRINTF = 0x135
- SYS_VSWPRINT = 0x136
- SYS_VSWPRINTF = 0x136
- SYS_SWSCANF = 0x137
- SYS_REGCOMP = 0x138
- SYS_REGEXEC = 0x139
- SYS_GETWC = 0x140
- SYS_GETWCHAR = 0x141
- SYS_PUTWC = 0x142
- SYS_PUTWCHAR = 0x143
- SYS_UNGETWC = 0x144
- SYS_ICONV_OPEN = 0x145
- SYS_ICONV = 0x146
- SYS_ICONV_CLOSE = 0x147
- SYS_COLLRANGE = 0x150
- SYS_CCLASS = 0x151
- SYS_COLLORDER = 0x152
- SYS___DEMANGLE = 0x154
- SYS_FDOPEN = 0x155
- SYS___ERRNO = 0x156
- SYS___ERRNO2 = 0x157
- SYS___TERROR = 0x158
- SYS_MAXCOLL = 0x169
- SYS_DLLLOAD = 0x170
- SYS__EXIT = 0x174
- SYS_ACCESS = 0x175
- SYS_ALARM = 0x176
- SYS_CFGETISPEED = 0x177
- SYS_CFGETOSPEED = 0x178
- SYS_CFSETISPEED = 0x179
- SYS_CREAT = 0x180
- SYS_CTERMID = 0x181
- SYS_DUP = 0x182
- SYS_DUP2 = 0x183
- SYS_EXECL = 0x184
- SYS_EXECLE = 0x185
- SYS_EXECLP = 0x186
- SYS_EXECV = 0x187
- SYS_EXECVE = 0x188
- SYS_EXECVP = 0x189
- SYS_FSTAT = 0x190
- SYS_FSYNC = 0x191
- SYS_FTRUNCATE = 0x192
- SYS_GETCWD = 0x193
- SYS_GETEGID = 0x194
- SYS_GETEUID = 0x195
- SYS_GETGID = 0x196
- SYS_GETGRGID = 0x197
- SYS_GETGRNAM = 0x198
- SYS_GETGROUPS = 0x199
- SYS_PTHREAD_MUTEXATTR_DESTROY = 0x200
- SYS_PTHREAD_MUTEXATTR_SETKIND_NP = 0x201
- SYS_PTHREAD_MUTEXATTR_GETKIND_NP = 0x202
- SYS_PTHREAD_MUTEX_INIT = 0x203
- SYS_PTHREAD_MUTEX_DESTROY = 0x204
- SYS_PTHREAD_MUTEX_LOCK = 0x205
- SYS_PTHREAD_MUTEX_TRYLOCK = 0x206
- SYS_PTHREAD_MUTEX_UNLOCK = 0x207
- SYS_PTHREAD_ONCE = 0x209
- SYS_TW_OPEN = 0x210
- SYS_TW_FCNTL = 0x211
- SYS_PTHREAD_JOIN_D4_NP = 0x212
- SYS_PTHREAD_CONDATTR_SETKIND_NP = 0x213
- SYS_PTHREAD_CONDATTR_GETKIND_NP = 0x214
- SYS_EXTLINK_NP = 0x215
- SYS___PASSWD = 0x216
- SYS_SETGROUPS = 0x217
- SYS_INITGROUPS = 0x218
- SYS_WCSRCHR = 0x240
- SYS_SVC99 = 0x241
- SYS___SVC99 = 0x241
- SYS_WCSWCS = 0x242
- SYS_LOCALECO = 0x243
- SYS_LOCALECONV = 0x243
- SYS___LIBREL = 0x244
- SYS_RELEASE = 0x245
- SYS___RLSE = 0x245
- SYS_FLOCATE = 0x246
- SYS___FLOCT = 0x246
- SYS_FDELREC = 0x247
- SYS___FDLREC = 0x247
- SYS_FETCH = 0x248
- SYS___FETCH = 0x248
- SYS_QSORT = 0x249
- SYS___CLEANUPCATCH = 0x260
- SYS___CATCHMATCH = 0x261
- SYS___CLEAN2UPCATCH = 0x262
- SYS_GETPRIORITY = 0x270
- SYS_NICE = 0x271
- SYS_SETPRIORITY = 0x272
- SYS_GETITIMER = 0x273
- SYS_SETITIMER = 0x274
- SYS_MSGCTL = 0x275
- SYS_MSGGET = 0x276
- SYS_MSGRCV = 0x277
- SYS_MSGSND = 0x278
- SYS_MSGXRCV = 0x279
- SYS___MSGXR = 0x279
- SYS_SHMGET = 0x280
- SYS___GETIPC = 0x281
- SYS_SETGRENT = 0x282
- SYS_GETGRENT = 0x283
- SYS_ENDGRENT = 0x284
- SYS_SETPWENT = 0x285
- SYS_GETPWENT = 0x286
- SYS_ENDPWENT = 0x287
- SYS_BSD_SIGNAL = 0x288
- SYS_KILLPG = 0x289
- SYS_SIGSET = 0x290
- SYS_SIGSTACK = 0x291
- SYS_GETRLIMIT = 0x292
- SYS_SETRLIMIT = 0x293
- SYS_GETRUSAGE = 0x294
- SYS_MMAP = 0x295
- SYS_MPROTECT = 0x296
- SYS_MSYNC = 0x297
- SYS_MUNMAP = 0x298
- SYS_CONFSTR = 0x299
- SYS___NDMTRM = 0x300
- SYS_FTOK = 0x301
- SYS_BASENAME = 0x302
- SYS_DIRNAME = 0x303
- SYS_GETDTABLESIZE = 0x304
- SYS_MKSTEMP = 0x305
- SYS_MKTEMP = 0x306
- SYS_NFTW = 0x307
- SYS_GETWD = 0x308
- SYS_LOCKF = 0x309
- SYS_WORDEXP = 0x310
- SYS_WORDFREE = 0x311
- SYS_GETPGID = 0x312
- SYS_GETSID = 0x313
- SYS___UTMPXNAME = 0x314
- SYS_CUSERID = 0x315
- SYS_GETPASS = 0x316
- SYS_FNMATCH = 0x317
- SYS_FTW = 0x318
- SYS_GETW = 0x319
- SYS_ACOSH = 0x320
- SYS_ASINH = 0x321
- SYS_ATANH = 0x322
- SYS_CBRT = 0x323
- SYS_EXPM1 = 0x324
- SYS_ILOGB = 0x325
- SYS_LOGB = 0x326
- SYS_LOG1P = 0x327
- SYS_NEXTAFTER = 0x328
- SYS_RINT = 0x329
- SYS_SPAWN = 0x330
- SYS_SPAWNP = 0x331
- SYS_GETLOGIN_UU = 0x332
- SYS_ECVT = 0x333
- SYS_FCVT = 0x334
- SYS_GCVT = 0x335
- SYS_ACCEPT = 0x336
- SYS_BIND = 0x337
- SYS_CONNECT = 0x338
- SYS_ENDHOSTENT = 0x339
- SYS_GETHOSTENT = 0x340
- SYS_GETHOSTID = 0x341
- SYS_GETHOSTNAME = 0x342
- SYS_GETNETBYADDR = 0x343
- SYS_GETNETBYNAME = 0x344
- SYS_GETNETENT = 0x345
- SYS_GETPEERNAME = 0x346
- SYS_GETPROTOBYNAME = 0x347
- SYS_GETPROTOBYNUMBER = 0x348
- SYS_GETPROTOENT = 0x349
- SYS_INET_LNAOF = 0x350
- SYS_INET_MAKEADDR = 0x351
- SYS_INET_NETOF = 0x352
- SYS_INET_NETWORK = 0x353
- SYS_INET_NTOA = 0x354
- SYS_IOCTL = 0x355
- SYS_LISTEN = 0x356
- SYS_READV = 0x357
- SYS_RECV = 0x358
- SYS_RECVFROM = 0x359
- SYS_SETHOSTENT = 0x360
- SYS_SETNETENT = 0x361
- SYS_SETPEER = 0x362
- SYS_SETPROTOENT = 0x363
- SYS_SETSERVENT = 0x364
- SYS_SETSOCKOPT = 0x365
- SYS_SHUTDOWN = 0x366
- SYS_SOCKET = 0x367
- SYS_SOCKETPAIR = 0x368
- SYS_WRITEV = 0x369
- SYS_ENDNETENT = 0x370
- SYS_CLOSELOG = 0x371
- SYS_OPENLOG = 0x372
- SYS_SETLOGMASK = 0x373
- SYS_SYSLOG = 0x374
- SYS_PTSNAME = 0x375
- SYS_SETREUID = 0x376
- SYS_SETREGID = 0x377
- SYS_REALPATH = 0x378
- SYS___SIGNGAM = 0x379
- SYS_POLL = 0x380
- SYS_REXEC = 0x381
- SYS___ISASCII2 = 0x382
- SYS___TOASCII2 = 0x383
- SYS_CHPRIORITY = 0x384
- SYS_PTHREAD_ATTR_SETSYNCTYPE_NP = 0x385
- SYS_PTHREAD_ATTR_GETSYNCTYPE_NP = 0x386
- SYS_PTHREAD_SET_LIMIT_NP = 0x387
- SYS___STNETENT = 0x388
- SYS___STPROTOENT = 0x389
- SYS___SELECT1 = 0x390
- SYS_PTHREAD_SECURITY_NP = 0x391
- SYS___CHECK_RESOURCE_AUTH_NP = 0x392
- SYS___CONVERT_ID_NP = 0x393
- SYS___OPENVMREL = 0x394
- SYS_WMEMCHR = 0x395
- SYS_WMEMCMP = 0x396
- SYS_WMEMCPY = 0x397
- SYS_WMEMMOVE = 0x398
- SYS_WMEMSET = 0x399
- SYS___FPUTWC = 0x400
- SYS___PUTWC = 0x401
- SYS___PWCHAR = 0x402
- SYS___WCSFTM = 0x403
- SYS___WCSTOK = 0x404
- SYS___WCWDTH = 0x405
- SYS_T_ACCEPT = 0x409
- SYS_T_GETINFO = 0x410
- SYS_T_GETPROTADDR = 0x411
- SYS_T_GETSTATE = 0x412
- SYS_T_LISTEN = 0x413
- SYS_T_LOOK = 0x414
- SYS_T_OPEN = 0x415
- SYS_T_OPTMGMT = 0x416
- SYS_T_RCV = 0x417
- SYS_T_RCVCONNECT = 0x418
- SYS_T_RCVDIS = 0x419
- SYS_T_SNDUDATA = 0x420
- SYS_T_STRERROR = 0x421
- SYS_T_SYNC = 0x422
- SYS_T_UNBIND = 0x423
- SYS___T_ERRNO = 0x424
- SYS___RECVMSG2 = 0x425
- SYS___SENDMSG2 = 0x426
- SYS_FATTACH = 0x427
- SYS_FDETACH = 0x428
- SYS_GETMSG = 0x429
- SYS_GETCONTEXT = 0x430
- SYS_SETCONTEXT = 0x431
- SYS_MAKECONTEXT = 0x432
- SYS_SWAPCONTEXT = 0x433
- SYS_PTHREAD_GETSPECIFIC_D8_NP = 0x434
- SYS_GETCLIENTID = 0x470
- SYS___GETCLIENTID = 0x471
- SYS_GETSTABLESIZE = 0x472
- SYS_GETIBMOPT = 0x473
- SYS_GETIBMSOCKOPT = 0x474
- SYS_GIVESOCKET = 0x475
- SYS_IBMSFLUSH = 0x476
- SYS_MAXDESC = 0x477
- SYS_SETIBMOPT = 0x478
- SYS_SETIBMSOCKOPT = 0x479
- SYS___SERVER_PWU = 0x480
- SYS_PTHREAD_TAG_NP = 0x481
- SYS___CONSOLE = 0x482
- SYS___WSINIT = 0x483
- SYS___IPTCPN = 0x489
- SYS___SERVER_CLASSIFY = 0x490
- SYS___HEAPRPT = 0x496
- SYS___ISBFP = 0x500
- SYS___FP_CAST = 0x501
- SYS___CERTIFICATE = 0x502
- SYS_SEND_FILE = 0x503
- SYS_AIO_CANCEL = 0x504
- SYS_AIO_ERROR = 0x505
- SYS_AIO_READ = 0x506
- SYS_AIO_RETURN = 0x507
- SYS_AIO_SUSPEND = 0x508
- SYS_AIO_WRITE = 0x509
- SYS_PTHREAD_RWLOCK_TRYWRLOCK = 0x510
- SYS_PTHREAD_RWLOCK_UNLOCK = 0x511
- SYS_PTHREAD_RWLOCK_WRLOCK = 0x512
- SYS_PTHREAD_RWLOCKATTR_GETPSHARED = 0x513
- SYS_PTHREAD_RWLOCKATTR_SETPSHARED = 0x514
- SYS_PTHREAD_RWLOCKATTR_INIT = 0x515
- SYS_PTHREAD_RWLOCKATTR_DESTROY = 0x516
- SYS___CTTBL = 0x517
- SYS_PTHREAD_MUTEXATTR_SETTYPE = 0x518
- SYS_PTHREAD_MUTEXATTR_GETTYPE = 0x519
- SYS___FP_UNORDERED = 0x520
- SYS___FP_READ_RND = 0x521
- SYS___FP_READ_RND_B = 0x522
- SYS___FP_SWAP_RND = 0x523
- SYS___FP_SWAP_RND_B = 0x524
- SYS___FP_LEVEL = 0x525
- SYS___FP_BTOH = 0x526
- SYS___FP_HTOB = 0x527
- SYS___FPC_RD = 0x528
- SYS___FPC_WR = 0x529
- SYS_PTHREAD_SETCANCELTYPE = 0x600
- SYS_PTHREAD_TESTCANCEL = 0x601
- SYS___ATANF_B = 0x602
- SYS___ATANL_B = 0x603
- SYS___CEILF_B = 0x604
- SYS___CEILL_B = 0x605
- SYS___COSF_B = 0x606
- SYS___COSL_B = 0x607
- SYS___FABSF_B = 0x608
- SYS___FABSL_B = 0x609
- SYS___SINF_B = 0x610
- SYS___SINL_B = 0x611
- SYS___TANF_B = 0x612
- SYS___TANL_B = 0x613
- SYS___TANHF_B = 0x614
- SYS___TANHL_B = 0x615
- SYS___ACOSF_B = 0x616
- SYS___ACOSL_B = 0x617
- SYS___ASINF_B = 0x618
- SYS___ASINL_B = 0x619
- SYS___LOGF_B = 0x620
- SYS___LOGL_B = 0x621
- SYS___LOG10F_B = 0x622
- SYS___LOG10L_B = 0x623
- SYS___POWF_B = 0x624
- SYS___POWL_B = 0x625
- SYS___SINHF_B = 0x626
- SYS___SINHL_B = 0x627
- SYS___SQRTF_B = 0x628
- SYS___SQRTL_B = 0x629
- SYS___MODFL_B = 0x630
- SYS_ABSF = 0x631
- SYS_ABSL = 0x632
- SYS_ACOSF = 0x633
- SYS_ACOSL = 0x634
- SYS_ASINF = 0x635
- SYS_ASINL = 0x636
- SYS_ATAN2F = 0x637
- SYS_ATAN2L = 0x638
- SYS_ATANF = 0x639
- SYS_COSHL = 0x640
- SYS_EXPF = 0x641
- SYS_EXPL = 0x642
- SYS_TANHF = 0x643
- SYS_TANHL = 0x644
- SYS_LOG10F = 0x645
- SYS_LOG10L = 0x646
- SYS_LOGF = 0x647
- SYS_LOGL = 0x648
- SYS_POWF = 0x649
- SYS_SINHL = 0x650
- SYS_TANF = 0x651
- SYS_TANL = 0x652
- SYS_FABSF = 0x653
- SYS_FABSL = 0x654
- SYS_FLOORF = 0x655
- SYS_FLOORL = 0x656
- SYS_FMODF = 0x657
- SYS_FMODL = 0x658
- SYS_FREXPF = 0x659
- SYS___CHATTR = 0x660
- SYS___FCHATTR = 0x661
- SYS___TOCCSID = 0x662
- SYS___CSNAMETYPE = 0x663
- SYS___TOCSNAME = 0x664
- SYS___CCSIDTYPE = 0x665
- SYS___AE_CORRESTBL_QUERY = 0x666
- SYS___AE_AUTOCONVERT_STATE = 0x667
- SYS_DN_FIND = 0x668
- SYS___GETHOSTBYADDR_A = 0x669
- SYS___MBLEN_SB_A = 0x670
- SYS___MBLEN_STD_A = 0x671
- SYS___MBLEN_UTF = 0x672
- SYS___MBSTOWCS_A = 0x673
- SYS___MBSTOWCS_STD_A = 0x674
- SYS___MBTOWC_A = 0x675
- SYS___MBTOWC_ISO1 = 0x676
- SYS___MBTOWC_SBCS = 0x677
- SYS___MBTOWC_MBCS = 0x678
- SYS___MBTOWC_UTF = 0x679
- SYS___CSID_A = 0x680
- SYS___CSID_STD_A = 0x681
- SYS___WCSID_A = 0x682
- SYS___WCSID_STD_A = 0x683
- SYS___WCTOMB_A = 0x684
- SYS___WCTOMB_ISO1 = 0x685
- SYS___WCTOMB_STD_A = 0x686
- SYS___WCTOMB_UTF = 0x687
- SYS___WCWIDTH_A = 0x688
- SYS___GETGRNAM_R_A = 0x689
- SYS___READDIR_R_A = 0x690
- SYS___E2A_S = 0x691
- SYS___FNMATCH_A = 0x692
- SYS___FNMATCH_C_A = 0x693
- SYS___EXECL_A = 0x694
- SYS___FNMATCH_STD_A = 0x695
- SYS___REGCOMP_A = 0x696
- SYS___REGCOMP_STD_A = 0x697
- SYS___REGERROR_A = 0x698
- SYS___REGERROR_STD_A = 0x699
- SYS___SWPRINTF_A = 0x700
- SYS___FSCANF_A = 0x701
- SYS___SCANF_A = 0x702
- SYS___SSCANF_A = 0x703
- SYS___SWSCANF_A = 0x704
- SYS___ATOF_A = 0x705
- SYS___ATOI_A = 0x706
- SYS___ATOL_A = 0x707
- SYS___STRTOD_A = 0x708
- SYS___STRTOL_A = 0x709
- SYS___L64A_A = 0x710
- SYS___STRERROR_A = 0x711
- SYS___PERROR_A = 0x712
- SYS___FETCH_A = 0x713
- SYS___GETENV_A = 0x714
- SYS___MKSTEMP_A = 0x717
- SYS___PTSNAME_A = 0x718
- SYS___PUTENV_A = 0x719
- SYS___CHDIR_A = 0x720
- SYS___CHOWN_A = 0x721
- SYS___CHROOT_A = 0x722
- SYS___GETCWD_A = 0x723
- SYS___GETWD_A = 0x724
- SYS___LCHOWN_A = 0x725
- SYS___LINK_A = 0x726
- SYS___PATHCONF_A = 0x727
- SYS___IF_NAMEINDEX_A = 0x728
- SYS___READLINK_A = 0x729
- SYS___EXTLINK_NP_A = 0x730
- SYS___ISALNUM_A = 0x731
- SYS___ISALPHA_A = 0x732
- SYS___A2E_S = 0x733
- SYS___ISCNTRL_A = 0x734
- SYS___ISDIGIT_A = 0x735
- SYS___ISGRAPH_A = 0x736
- SYS___ISLOWER_A = 0x737
- SYS___ISPRINT_A = 0x738
- SYS___ISPUNCT_A = 0x739
- SYS___ISWALPHA_A = 0x740
- SYS___A2E_L = 0x741
- SYS___ISWCNTRL_A = 0x742
- SYS___ISWDIGIT_A = 0x743
- SYS___ISWGRAPH_A = 0x744
- SYS___ISWLOWER_A = 0x745
- SYS___ISWPRINT_A = 0x746
- SYS___ISWPUNCT_A = 0x747
- SYS___ISWSPACE_A = 0x748
- SYS___ISWUPPER_A = 0x749
- SYS___REMOVE_A = 0x750
- SYS___RENAME_A = 0x751
- SYS___TMPNAM_A = 0x752
- SYS___FOPEN_A = 0x753
- SYS___FREOPEN_A = 0x754
- SYS___CUSERID_A = 0x755
- SYS___POPEN_A = 0x756
- SYS___TEMPNAM_A = 0x757
- SYS___FTW_A = 0x758
- SYS___GETGRENT_A = 0x759
- SYS___INET_NTOP_A = 0x760
- SYS___GETPASS_A = 0x761
- SYS___GETPWENT_A = 0x762
- SYS___GETPWNAM_A = 0x763
- SYS___GETPWUID_A = 0x764
- SYS_____CHECK_RESOURCE_AUTH_NP_A = 0x765
- SYS___CHECKSCHENV_A = 0x766
- SYS___CONNECTSERVER_A = 0x767
- SYS___CONNECTWORKMGR_A = 0x768
- SYS_____CONSOLE_A = 0x769
- SYS___MSGSND_A = 0x770
- SYS___MSGXRCV_A = 0x771
- SYS___NFTW_A = 0x772
- SYS_____PASSWD_A = 0x773
- SYS___PTHREAD_SECURITY_NP_A = 0x774
- SYS___QUERYMETRICS_A = 0x775
- SYS___QUERYSCHENV = 0x776
- SYS___READV_A = 0x777
- SYS_____SERVER_CLASSIFY_A = 0x778
- SYS_____SERVER_INIT_A = 0x779
- SYS___W_GETPSENT_A = 0x780
- SYS___WRITEV_A = 0x781
- SYS___W_STATFS_A = 0x782
- SYS___W_STATVFS_A = 0x783
- SYS___FPUTC_A = 0x784
- SYS___PUTCHAR_A = 0x785
- SYS___PUTS_A = 0x786
- SYS___FGETS_A = 0x787
- SYS___GETS_A = 0x788
- SYS___FPUTS_A = 0x789
- SYS___PUTC_A = 0x790
- SYS___AE_THREAD_SETMODE = 0x791
- SYS___AE_THREAD_SWAPMODE = 0x792
- SYS___GETNETBYADDR_A = 0x793
- SYS___GETNETBYNAME_A = 0x794
- SYS___GETNETENT_A = 0x795
- SYS___GETPROTOBYNAME_A = 0x796
- SYS___GETPROTOBYNUMBER_A = 0x797
- SYS___GETPROTOENT_A = 0x798
- SYS___GETSERVBYNAME_A = 0x799
- SYS_ACL_FIRST_ENTRY = 0x800
- SYS_ACL_GET_ENTRY = 0x801
- SYS_ACL_VALID = 0x802
- SYS_ACL_CREATE_ENTRY = 0x803
- SYS_ACL_DELETE_ENTRY = 0x804
- SYS_ACL_UPDATE_ENTRY = 0x805
- SYS_ACL_DELETE_FD = 0x806
- SYS_ACL_DELETE_FILE = 0x807
- SYS_ACL_GET_FD = 0x808
- SYS_ACL_GET_FILE = 0x809
- SYS___ERFL_B = 0x810
- SYS___ERFCL_B = 0x811
- SYS___LGAMMAL_B = 0x812
- SYS___SETHOOKEVENTS = 0x813
- SYS_IF_NAMETOINDEX = 0x814
- SYS_IF_INDEXTONAME = 0x815
- SYS_IF_NAMEINDEX = 0x816
- SYS_IF_FREENAMEINDEX = 0x817
- SYS_GETADDRINFO = 0x818
- SYS_GETNAMEINFO = 0x819
- SYS___DYNFREE_A = 0x820
- SYS___RES_QUERY_A = 0x821
- SYS___RES_SEARCH_A = 0x822
- SYS___RES_QUERYDOMAIN_A = 0x823
- SYS___RES_MKQUERY_A = 0x824
- SYS___RES_SEND_A = 0x825
- SYS___DN_EXPAND_A = 0x826
- SYS___DN_SKIPNAME_A = 0x827
- SYS___DN_COMP_A = 0x828
- SYS___DN_FIND_A = 0x829
- SYS___INET_NTOA_A = 0x830
- SYS___INET_NETWORK_A = 0x831
- SYS___ACCEPT_A = 0x832
- SYS___ACCEPT_AND_RECV_A = 0x833
- SYS___BIND_A = 0x834
- SYS___CONNECT_A = 0x835
- SYS___GETPEERNAME_A = 0x836
- SYS___GETSOCKNAME_A = 0x837
- SYS___RECVFROM_A = 0x838
- SYS___SENDTO_A = 0x839
- SYS___LCHATTR = 0x840
- SYS___WRITEDOWN = 0x841
- SYS_PTHREAD_MUTEX_INIT2 = 0x842
- SYS___ACOSHF_B = 0x843
- SYS___ACOSHL_B = 0x844
- SYS___ASINHF_B = 0x845
- SYS___ASINHL_B = 0x846
- SYS___ATANHF_B = 0x847
- SYS___ATANHL_B = 0x848
- SYS___CBRTF_B = 0x849
- SYS___EXP2F_B = 0x850
- SYS___EXP2L_B = 0x851
- SYS___EXPM1F_B = 0x852
- SYS___EXPM1L_B = 0x853
- SYS___FDIMF_B = 0x854
- SYS___FDIM_B = 0x855
- SYS___FDIML_B = 0x856
- SYS___HYPOTF_B = 0x857
- SYS___HYPOTL_B = 0x858
- SYS___LOG1PF_B = 0x859
- SYS___REMQUOF_B = 0x860
- SYS___REMQUO_B = 0x861
- SYS___REMQUOL_B = 0x862
- SYS___TGAMMAF_B = 0x863
- SYS___TGAMMA_B = 0x864
- SYS___TGAMMAL_B = 0x865
- SYS___TRUNCF_B = 0x866
- SYS___TRUNC_B = 0x867
- SYS___TRUNCL_B = 0x868
- SYS___LGAMMAF_B = 0x869
- SYS_ASINHF = 0x870
- SYS_ASINHL = 0x871
- SYS_ATANHF = 0x872
- SYS_ATANHL = 0x873
- SYS_CBRTF = 0x874
- SYS_CBRTL = 0x875
- SYS_COPYSIGNF = 0x876
- SYS_CPYSIGNF = 0x876
- SYS_COPYSIGNL = 0x877
- SYS_CPYSIGNL = 0x877
- SYS_COTANF = 0x878
- SYS___COTANF = 0x878
- SYS_COTAN = 0x879
- SYS___COTAN = 0x879
- SYS_FDIM = 0x881
- SYS_FDIML = 0x882
- SYS_HYPOTF = 0x883
- SYS_HYPOTL = 0x884
- SYS_LOG1PF = 0x885
- SYS_LOG1PL = 0x886
- SYS_LOG2F = 0x887
- SYS_LOG2 = 0x888
- SYS_LOG2L = 0x889
- SYS_TGAMMA = 0x890
- SYS_TGAMMAL = 0x891
- SYS_TRUNCF = 0x892
- SYS_TRUNC = 0x893
- SYS_TRUNCL = 0x894
- SYS_LGAMMAF = 0x895
- SYS_LGAMMAL = 0x896
- SYS_LROUNDF = 0x897
- SYS_LROUND = 0x898
- SYS_ERFF = 0x899
- SYS___COSHF_H = 0x900
- SYS___COSHL_H = 0x901
- SYS___COTAN_H = 0x902
- SYS___COTANF_H = 0x903
- SYS___COTANL_H = 0x904
- SYS___ERF_H = 0x905
- SYS___ERFF_H = 0x906
- SYS___ERFL_H = 0x907
- SYS___ERFC_H = 0x908
- SYS___ERFCF_H = 0x909
- SYS___FDIMF_H = 0x910
- SYS___FDIML_H = 0x911
- SYS___FMOD_H = 0x912
- SYS___FMODF_H = 0x913
- SYS___FMODL_H = 0x914
- SYS___GAMMA_H = 0x915
- SYS___HYPOT_H = 0x916
- SYS___ILOGB_H = 0x917
- SYS___LGAMMA_H = 0x918
- SYS___LGAMMAF_H = 0x919
- SYS___LOG2L_H = 0x920
- SYS___LOG1P_H = 0x921
- SYS___LOG10_H = 0x922
- SYS___LOG10F_H = 0x923
- SYS___LOG10L_H = 0x924
- SYS___LROUND_H = 0x925
- SYS___LROUNDF_H = 0x926
- SYS___NEXTAFTER_H = 0x927
- SYS___POW_H = 0x928
- SYS___POWF_H = 0x929
- SYS___SINL_H = 0x930
- SYS___SINH_H = 0x931
- SYS___SINHF_H = 0x932
- SYS___SINHL_H = 0x933
- SYS___SQRT_H = 0x934
- SYS___SQRTF_H = 0x935
- SYS___SQRTL_H = 0x936
- SYS___TAN_H = 0x937
- SYS___TANF_H = 0x938
- SYS___TANL_H = 0x939
- SYS___TRUNCF_H = 0x940
- SYS___TRUNCL_H = 0x941
- SYS___COSH_H = 0x942
- SYS___LE_DEBUG_SET_RESUME_MCH = 0x943
- SYS_VFSCANF = 0x944
- SYS_VSCANF = 0x946
- SYS_VSSCANF = 0x948
- SYS_IMAXABS = 0x950
- SYS_IMAXDIV = 0x951
- SYS_STRTOIMAX = 0x952
- SYS_STRTOUMAX = 0x953
- SYS_WCSTOIMAX = 0x954
- SYS_WCSTOUMAX = 0x955
- SYS_ATOLL = 0x956
- SYS_STRTOF = 0x957
- SYS_STRTOLD = 0x958
- SYS_WCSTOF = 0x959
- SYS_INET6_RTH_GETADDR = 0x960
- SYS_INET6_OPT_INIT = 0x961
- SYS_INET6_OPT_APPEND = 0x962
- SYS_INET6_OPT_FINISH = 0x963
- SYS_INET6_OPT_SET_VAL = 0x964
- SYS_INET6_OPT_NEXT = 0x965
- SYS_INET6_OPT_FIND = 0x966
- SYS_INET6_OPT_GET_VAL = 0x967
- SYS___POW_I = 0x987
- SYS___POW_I_B = 0x988
- SYS___POW_I_H = 0x989
- SYS___CABS_H = 0x990
- SYS_CABSF = 0x991
- SYS___CABSF_B = 0x992
- SYS___CABSF_H = 0x993
- SYS_CABSL = 0x994
- SYS___CABSL_B = 0x995
- SYS___CABSL_H = 0x996
- SYS_CACOS = 0x997
- SYS___CACOS_B = 0x998
- SYS___CACOS_H = 0x999
+ SYS_LOG = 0x17 // 23
+ SYS_COSH = 0x18 // 24
+ SYS_TANH = 0x19 // 25
+ SYS_EXP = 0x1A // 26
+ SYS_MODF = 0x1B // 27
+ SYS_LOG10 = 0x1C // 28
+ SYS_FREXP = 0x1D // 29
+ SYS_LDEXP = 0x1E // 30
+ SYS_CEIL = 0x1F // 31
+ SYS_POW = 0x20 // 32
+ SYS_SQRT = 0x21 // 33
+ SYS_FLOOR = 0x22 // 34
+ SYS_J1 = 0x23 // 35
+ SYS_FABS = 0x24 // 36
+ SYS_FMOD = 0x25 // 37
+ SYS_J0 = 0x26 // 38
+ SYS_YN = 0x27 // 39
+ SYS_JN = 0x28 // 40
+ SYS_Y0 = 0x29 // 41
+ SYS_Y1 = 0x2A // 42
+ SYS_HYPOT = 0x2B // 43
+ SYS_ERF = 0x2C // 44
+ SYS_ERFC = 0x2D // 45
+ SYS_GAMMA = 0x2E // 46
+ SYS_ISALPHA = 0x30 // 48
+ SYS_ISALNUM = 0x31 // 49
+ SYS_ISLOWER = 0x32 // 50
+ SYS_ISCNTRL = 0x33 // 51
+ SYS_ISDIGIT = 0x34 // 52
+ SYS_ISGRAPH = 0x35 // 53
+ SYS_ISUPPER = 0x36 // 54
+ SYS_ISPRINT = 0x37 // 55
+ SYS_ISPUNCT = 0x38 // 56
+ SYS_ISSPACE = 0x39 // 57
+ SYS_SETLOCAL = 0x3A // 58
+ SYS_SETLOCALE = 0x3A // 58
+ SYS_ISXDIGIT = 0x3B // 59
+ SYS_TOLOWER = 0x3C // 60
+ SYS_TOUPPER = 0x3D // 61
+ SYS_ASIN = 0x3E // 62
+ SYS_SIN = 0x3F // 63
+ SYS_COS = 0x40 // 64
+ SYS_TAN = 0x41 // 65
+ SYS_SINH = 0x42 // 66
+ SYS_ACOS = 0x43 // 67
+ SYS_ATAN = 0x44 // 68
+ SYS_ATAN2 = 0x45 // 69
+ SYS_FTELL = 0x46 // 70
+ SYS_FGETPOS = 0x47 // 71
+ SYS_FSEEK = 0x48 // 72
+ SYS_FSETPOS = 0x49 // 73
+ SYS_FERROR = 0x4A // 74
+ SYS_REWIND = 0x4B // 75
+ SYS_CLEARERR = 0x4C // 76
+ SYS_FEOF = 0x4D // 77
+ SYS_ATOL = 0x4E // 78
+ SYS_PERROR = 0x4F // 79
+ SYS_ATOF = 0x50 // 80
+ SYS_ATOI = 0x51 // 81
+ SYS_RAND = 0x52 // 82
+ SYS_STRTOD = 0x53 // 83
+ SYS_STRTOL = 0x54 // 84
+ SYS_STRTOUL = 0x55 // 85
+ SYS_MALLOC = 0x56 // 86
+ SYS_SRAND = 0x57 // 87
+ SYS_CALLOC = 0x58 // 88
+ SYS_FREE = 0x59 // 89
+ SYS_EXIT = 0x5A // 90
+ SYS_REALLOC = 0x5B // 91
+ SYS_ABORT = 0x5C // 92
+ SYS___ABORT = 0x5C // 92
+ SYS_ATEXIT = 0x5D // 93
+ SYS_RAISE = 0x5E // 94
+ SYS_SETJMP = 0x5F // 95
+ SYS_LONGJMP = 0x60 // 96
+ SYS_SIGNAL = 0x61 // 97
+ SYS_TMPNAM = 0x62 // 98
+ SYS_REMOVE = 0x63 // 99
+ SYS_RENAME = 0x64 // 100
+ SYS_TMPFILE = 0x65 // 101
+ SYS_FREOPEN = 0x66 // 102
+ SYS_FCLOSE = 0x67 // 103
+ SYS_FFLUSH = 0x68 // 104
+ SYS_FOPEN = 0x69 // 105
+ SYS_FSCANF = 0x6A // 106
+ SYS_SETBUF = 0x6B // 107
+ SYS_SETVBUF = 0x6C // 108
+ SYS_FPRINTF = 0x6D // 109
+ SYS_SSCANF = 0x6E // 110
+ SYS_PRINTF = 0x6F // 111
+ SYS_SCANF = 0x70 // 112
+ SYS_SPRINTF = 0x71 // 113
+ SYS_FGETC = 0x72 // 114
+ SYS_VFPRINTF = 0x73 // 115
+ SYS_VPRINTF = 0x74 // 116
+ SYS_VSPRINTF = 0x75 // 117
+ SYS_GETC = 0x76 // 118
+ SYS_FGETS = 0x77 // 119
+ SYS_FPUTC = 0x78 // 120
+ SYS_FPUTS = 0x79 // 121
+ SYS_PUTCHAR = 0x7A // 122
+ SYS_GETCHAR = 0x7B // 123
+ SYS_GETS = 0x7C // 124
+ SYS_PUTC = 0x7D // 125
+ SYS_FWRITE = 0x7E // 126
+ SYS_PUTS = 0x7F // 127
+ SYS_UNGETC = 0x80 // 128
+ SYS_FREAD = 0x81 // 129
+ SYS_WCSTOMBS = 0x82 // 130
+ SYS_MBTOWC = 0x83 // 131
+ SYS_WCTOMB = 0x84 // 132
+ SYS_MBSTOWCS = 0x85 // 133
+ SYS_WCSCPY = 0x86 // 134
+ SYS_WCSCAT = 0x87 // 135
+ SYS_WCSCHR = 0x88 // 136
+ SYS_WCSCMP = 0x89 // 137
+ SYS_WCSNCMP = 0x8A // 138
+ SYS_WCSCSPN = 0x8B // 139
+ SYS_WCSLEN = 0x8C // 140
+ SYS_WCSNCAT = 0x8D // 141
+ SYS_WCSSPN = 0x8E // 142
+ SYS_WCSNCPY = 0x8F // 143
+ SYS_ABS = 0x90 // 144
+ SYS_DIV = 0x91 // 145
+ SYS_LABS = 0x92 // 146
+ SYS_STRNCPY = 0x93 // 147
+ SYS_MEMCPY = 0x94 // 148
+ SYS_MEMMOVE = 0x95 // 149
+ SYS_STRCPY = 0x96 // 150
+ SYS_STRCMP = 0x97 // 151
+ SYS_STRCAT = 0x98 // 152
+ SYS_STRNCAT = 0x99 // 153
+ SYS_MEMCMP = 0x9A // 154
+ SYS_MEMCHR = 0x9B // 155
+ SYS_STRCOLL = 0x9C // 156
+ SYS_STRNCMP = 0x9D // 157
+ SYS_STRXFRM = 0x9E // 158
+ SYS_STRRCHR = 0x9F // 159
+ SYS_STRCHR = 0xA0 // 160
+ SYS_STRCSPN = 0xA1 // 161
+ SYS_STRPBRK = 0xA2 // 162
+ SYS_MEMSET = 0xA3 // 163
+ SYS_STRSPN = 0xA4 // 164
+ SYS_STRSTR = 0xA5 // 165
+ SYS_STRTOK = 0xA6 // 166
+ SYS_DIFFTIME = 0xA7 // 167
+ SYS_STRERROR = 0xA8 // 168
+ SYS_STRLEN = 0xA9 // 169
+ SYS_CLOCK = 0xAA // 170
+ SYS_CTIME = 0xAB // 171
+ SYS_MKTIME = 0xAC // 172
+ SYS_TIME = 0xAD // 173
+ SYS_ASCTIME = 0xAE // 174
+ SYS_MBLEN = 0xAF // 175
+ SYS_GMTIME = 0xB0 // 176
+ SYS_LOCALTIM = 0xB1 // 177
+ SYS_LOCALTIME = 0xB1 // 177
+ SYS_STRFTIME = 0xB2 // 178
+ SYS___GETCB = 0xB4 // 180
+ SYS_FUPDATE = 0xB5 // 181
+ SYS___FUPDT = 0xB5 // 181
+ SYS_CLRMEMF = 0xBD // 189
+ SYS___CLRMF = 0xBD // 189
+ SYS_FETCHEP = 0xBF // 191
+ SYS___FTCHEP = 0xBF // 191
+ SYS_FLDATA = 0xC1 // 193
+ SYS___FLDATA = 0xC1 // 193
+ SYS_DYNFREE = 0xC2 // 194
+ SYS___DYNFRE = 0xC2 // 194
+ SYS_DYNALLOC = 0xC3 // 195
+ SYS___DYNALL = 0xC3 // 195
+ SYS___CDUMP = 0xC4 // 196
+ SYS_CSNAP = 0xC5 // 197
+ SYS___CSNAP = 0xC5 // 197
+ SYS_CTRACE = 0xC6 // 198
+ SYS___CTRACE = 0xC6 // 198
+ SYS___CTEST = 0xC7 // 199
+ SYS_SETENV = 0xC8 // 200
+ SYS___SETENV = 0xC8 // 200
+ SYS_CLEARENV = 0xC9 // 201
+ SYS___CLRENV = 0xC9 // 201
+ SYS___REGCOMP_STD = 0xEA // 234
+ SYS_NL_LANGINFO = 0xFC // 252
+ SYS_GETSYNTX = 0xFD // 253
+ SYS_ISBLANK = 0xFE // 254
+ SYS___ISBLNK = 0xFE // 254
+ SYS_ISWALNUM = 0xFF // 255
+ SYS_ISWALPHA = 0x100 // 256
+ SYS_ISWBLANK = 0x101 // 257
+ SYS___ISWBLK = 0x101 // 257
+ SYS_ISWCNTRL = 0x102 // 258
+ SYS_ISWDIGIT = 0x103 // 259
+ SYS_ISWGRAPH = 0x104 // 260
+ SYS_ISWLOWER = 0x105 // 261
+ SYS_ISWPRINT = 0x106 // 262
+ SYS_ISWPUNCT = 0x107 // 263
+ SYS_ISWSPACE = 0x108 // 264
+ SYS_ISWUPPER = 0x109 // 265
+ SYS_ISWXDIGI = 0x10A // 266
+ SYS_ISWXDIGIT = 0x10A // 266
+ SYS_WCTYPE = 0x10B // 267
+ SYS_ISWCTYPE = 0x10C // 268
+ SYS_TOWLOWER = 0x10D // 269
+ SYS_TOWUPPER = 0x10E // 270
+ SYS_MBSINIT = 0x10F // 271
+ SYS_WCTOB = 0x110 // 272
+ SYS_MBRLEN = 0x111 // 273
+ SYS_MBRTOWC = 0x112 // 274
+ SYS_MBSRTOWC = 0x113 // 275
+ SYS_MBSRTOWCS = 0x113 // 275
+ SYS_WCRTOMB = 0x114 // 276
+ SYS_WCSRTOMB = 0x115 // 277
+ SYS_WCSRTOMBS = 0x115 // 277
+ SYS___CSID = 0x116 // 278
+ SYS___WCSID = 0x117 // 279
+ SYS_STRPTIME = 0x118 // 280
+ SYS___STRPTM = 0x118 // 280
+ SYS_STRFMON = 0x119 // 281
+ SYS___RPMTCH = 0x11A // 282
+ SYS_WCSSTR = 0x11B // 283
+ SYS_WCSTOK = 0x12C // 300
+ SYS_WCSTOL = 0x12D // 301
+ SYS_WCSTOD = 0x12E // 302
+ SYS_WCSTOUL = 0x12F // 303
+ SYS_WCSCOLL = 0x130 // 304
+ SYS_WCSXFRM = 0x131 // 305
+ SYS_WCSWIDTH = 0x132 // 306
+ SYS_WCWIDTH = 0x133 // 307
+ SYS_WCSFTIME = 0x134 // 308
+ SYS_SWPRINTF = 0x135 // 309
+ SYS_VSWPRINT = 0x136 // 310
+ SYS_VSWPRINTF = 0x136 // 310
+ SYS_SWSCANF = 0x137 // 311
+ SYS_REGCOMP = 0x138 // 312
+ SYS_REGEXEC = 0x139 // 313
+ SYS_REGFREE = 0x13A // 314
+ SYS_REGERROR = 0x13B // 315
+ SYS_FGETWC = 0x13C // 316
+ SYS_FGETWS = 0x13D // 317
+ SYS_FPUTWC = 0x13E // 318
+ SYS_FPUTWS = 0x13F // 319
+ SYS_GETWC = 0x140 // 320
+ SYS_GETWCHAR = 0x141 // 321
+ SYS_PUTWC = 0x142 // 322
+ SYS_PUTWCHAR = 0x143 // 323
+ SYS_UNGETWC = 0x144 // 324
+ SYS_ICONV_OPEN = 0x145 // 325
+ SYS_ICONV = 0x146 // 326
+ SYS_ICONV_CLOSE = 0x147 // 327
+ SYS_ISMCCOLLEL = 0x14C // 332
+ SYS_STRTOCOLL = 0x14D // 333
+ SYS_COLLTOSTR = 0x14E // 334
+ SYS_COLLEQUIV = 0x14F // 335
+ SYS_COLLRANGE = 0x150 // 336
+ SYS_CCLASS = 0x151 // 337
+ SYS_COLLORDER = 0x152 // 338
+ SYS___DEMANGLE = 0x154 // 340
+ SYS_FDOPEN = 0x155 // 341
+ SYS___ERRNO = 0x156 // 342
+ SYS___ERRNO2 = 0x157 // 343
+ SYS___TERROR = 0x158 // 344
+ SYS_MAXCOLL = 0x169 // 361
+ SYS_GETMCCOLL = 0x16A // 362
+ SYS_GETWMCCOLL = 0x16B // 363
+ SYS___ERR2AD = 0x16C // 364
+ SYS_DLLQUERYFN = 0x16D // 365
+ SYS_DLLQUERYVAR = 0x16E // 366
+ SYS_DLLFREE = 0x16F // 367
+ SYS_DLLLOAD = 0x170 // 368
+ SYS__EXIT = 0x174 // 372
+ SYS_ACCESS = 0x175 // 373
+ SYS_ALARM = 0x176 // 374
+ SYS_CFGETISPEED = 0x177 // 375
+ SYS_CFGETOSPEED = 0x178 // 376
+ SYS_CFSETISPEED = 0x179 // 377
+ SYS_CFSETOSPEED = 0x17A // 378
+ SYS_CHDIR = 0x17B // 379
+ SYS_CHMOD = 0x17C // 380
+ SYS_CHOWN = 0x17D // 381
+ SYS_CLOSE = 0x17E // 382
+ SYS_CLOSEDIR = 0x17F // 383
+ SYS_CREAT = 0x180 // 384
+ SYS_CTERMID = 0x181 // 385
+ SYS_DUP = 0x182 // 386
+ SYS_DUP2 = 0x183 // 387
+ SYS_EXECL = 0x184 // 388
+ SYS_EXECLE = 0x185 // 389
+ SYS_EXECLP = 0x186 // 390
+ SYS_EXECV = 0x187 // 391
+ SYS_EXECVE = 0x188 // 392
+ SYS_EXECVP = 0x189 // 393
+ SYS_FCHMOD = 0x18A // 394
+ SYS_FCHOWN = 0x18B // 395
+ SYS_FCNTL = 0x18C // 396
+ SYS_FILENO = 0x18D // 397
+ SYS_FORK = 0x18E // 398
+ SYS_FPATHCONF = 0x18F // 399
+ SYS_FSTAT = 0x190 // 400
+ SYS_FSYNC = 0x191 // 401
+ SYS_FTRUNCATE = 0x192 // 402
+ SYS_GETCWD = 0x193 // 403
+ SYS_GETEGID = 0x194 // 404
+ SYS_GETEUID = 0x195 // 405
+ SYS_GETGID = 0x196 // 406
+ SYS_GETGRGID = 0x197 // 407
+ SYS_GETGRNAM = 0x198 // 408
+ SYS_GETGROUPS = 0x199 // 409
+ SYS_GETLOGIN = 0x19A // 410
+ SYS_W_GETMNTENT = 0x19B // 411
+ SYS_GETPGRP = 0x19C // 412
+ SYS_GETPID = 0x19D // 413
+ SYS_GETPPID = 0x19E // 414
+ SYS_GETPWNAM = 0x19F // 415
+ SYS_GETPWUID = 0x1A0 // 416
+ SYS_GETUID = 0x1A1 // 417
+ SYS_W_IOCTL = 0x1A2 // 418
+ SYS_ISATTY = 0x1A3 // 419
+ SYS_KILL = 0x1A4 // 420
+ SYS_LINK = 0x1A5 // 421
+ SYS_LSEEK = 0x1A6 // 422
+ SYS_LSTAT = 0x1A7 // 423
+ SYS_MKDIR = 0x1A8 // 424
+ SYS_MKFIFO = 0x1A9 // 425
+ SYS_MKNOD = 0x1AA // 426
+ SYS_MOUNT = 0x1AB // 427
+ SYS_OPEN = 0x1AC // 428
+ SYS_OPENDIR = 0x1AD // 429
+ SYS_PATHCONF = 0x1AE // 430
+ SYS_PAUSE = 0x1AF // 431
+ SYS_PIPE = 0x1B0 // 432
+ SYS_W_GETPSENT = 0x1B1 // 433
+ SYS_READ = 0x1B2 // 434
+ SYS_READDIR = 0x1B3 // 435
+ SYS_READLINK = 0x1B4 // 436
+ SYS_REWINDDIR = 0x1B5 // 437
+ SYS_RMDIR = 0x1B6 // 438
+ SYS_SETEGID = 0x1B7 // 439
+ SYS_SETEUID = 0x1B8 // 440
+ SYS_SETGID = 0x1B9 // 441
+ SYS_SETPGID = 0x1BA // 442
+ SYS_SETSID = 0x1BB // 443
+ SYS_SETUID = 0x1BC // 444
+ SYS_SIGACTION = 0x1BD // 445
+ SYS_SIGADDSET = 0x1BE // 446
+ SYS_SIGDELSET = 0x1BF // 447
+ SYS_SIGEMPTYSET = 0x1C0 // 448
+ SYS_SIGFILLSET = 0x1C1 // 449
+ SYS_SIGISMEMBER = 0x1C2 // 450
+ SYS_SIGLONGJMP = 0x1C3 // 451
+ SYS_SIGPENDING = 0x1C4 // 452
+ SYS_SIGPROCMASK = 0x1C5 // 453
+ SYS_SIGSETJMP = 0x1C6 // 454
+ SYS_SIGSUSPEND = 0x1C7 // 455
+ SYS_SLEEP = 0x1C8 // 456
+ SYS_STAT = 0x1C9 // 457
+ SYS_W_STATFS = 0x1CA // 458
+ SYS_SYMLINK = 0x1CB // 459
+ SYS_SYSCONF = 0x1CC // 460
+ SYS_TCDRAIN = 0x1CD // 461
+ SYS_TCFLOW = 0x1CE // 462
+ SYS_TCFLUSH = 0x1CF // 463
+ SYS_TCGETATTR = 0x1D0 // 464
+ SYS_TCGETPGRP = 0x1D1 // 465
+ SYS_TCSENDBREAK = 0x1D2 // 466
+ SYS_TCSETATTR = 0x1D3 // 467
+ SYS_TCSETPGRP = 0x1D4 // 468
+ SYS_TIMES = 0x1D5 // 469
+ SYS_TTYNAME = 0x1D6 // 470
+ SYS_TZSET = 0x1D7 // 471
+ SYS_UMASK = 0x1D8 // 472
+ SYS_UMOUNT = 0x1D9 // 473
+ SYS_UNAME = 0x1DA // 474
+ SYS_UNLINK = 0x1DB // 475
+ SYS_UTIME = 0x1DC // 476
+ SYS_WAIT = 0x1DD // 477
+ SYS_WAITPID = 0x1DE // 478
+ SYS_WRITE = 0x1DF // 479
+ SYS_CHAUDIT = 0x1E0 // 480
+ SYS_FCHAUDIT = 0x1E1 // 481
+ SYS_GETGROUPSBYNAME = 0x1E2 // 482
+ SYS_SIGWAIT = 0x1E3 // 483
+ SYS_PTHREAD_EXIT = 0x1E4 // 484
+ SYS_PTHREAD_KILL = 0x1E5 // 485
+ SYS_PTHREAD_ATTR_INIT = 0x1E6 // 486
+ SYS_PTHREAD_ATTR_DESTROY = 0x1E7 // 487
+ SYS_PTHREAD_ATTR_SETSTACKSIZE = 0x1E8 // 488
+ SYS_PTHREAD_ATTR_GETSTACKSIZE = 0x1E9 // 489
+ SYS_PTHREAD_ATTR_SETDETACHSTATE = 0x1EA // 490
+ SYS_PTHREAD_ATTR_GETDETACHSTATE = 0x1EB // 491
+ SYS_PTHREAD_ATTR_SETWEIGHT_NP = 0x1EC // 492
+ SYS_PTHREAD_ATTR_GETWEIGHT_NP = 0x1ED // 493
+ SYS_PTHREAD_CANCEL = 0x1EE // 494
+ SYS_PTHREAD_CLEANUP_PUSH = 0x1EF // 495
+ SYS_PTHREAD_CLEANUP_POP = 0x1F0 // 496
+ SYS_PTHREAD_CONDATTR_INIT = 0x1F1 // 497
+ SYS_PTHREAD_CONDATTR_DESTROY = 0x1F2 // 498
+ SYS_PTHREAD_COND_INIT = 0x1F3 // 499
+ SYS_PTHREAD_COND_DESTROY = 0x1F4 // 500
+ SYS_PTHREAD_COND_SIGNAL = 0x1F5 // 501
+ SYS_PTHREAD_COND_BROADCAST = 0x1F6 // 502
+ SYS_PTHREAD_COND_WAIT = 0x1F7 // 503
+ SYS_PTHREAD_COND_TIMEDWAIT = 0x1F8 // 504
+ SYS_PTHREAD_CREATE = 0x1F9 // 505
+ SYS_PTHREAD_DETACH = 0x1FA // 506
+ SYS_PTHREAD_EQUAL = 0x1FB // 507
+ SYS_PTHREAD_GETSPECIFIC = 0x1FC // 508
+ SYS_PTHREAD_JOIN = 0x1FD // 509
+ SYS_PTHREAD_KEY_CREATE = 0x1FE // 510
+ SYS_PTHREAD_MUTEXATTR_INIT = 0x1FF // 511
+ SYS_PTHREAD_MUTEXATTR_DESTROY = 0x200 // 512
+ SYS_PTHREAD_MUTEXATTR_SETKIND_NP = 0x201 // 513
+ SYS_PTHREAD_MUTEXATTR_GETKIND_NP = 0x202 // 514
+ SYS_PTHREAD_MUTEX_INIT = 0x203 // 515
+ SYS_PTHREAD_MUTEX_DESTROY = 0x204 // 516
+ SYS_PTHREAD_MUTEX_LOCK = 0x205 // 517
+ SYS_PTHREAD_MUTEX_TRYLOCK = 0x206 // 518
+ SYS_PTHREAD_MUTEX_UNLOCK = 0x207 // 519
+ SYS_PTHREAD_ONCE = 0x209 // 521
+ SYS_PTHREAD_SELF = 0x20A // 522
+ SYS_PTHREAD_SETINTR = 0x20B // 523
+ SYS_PTHREAD_SETINTRTYPE = 0x20C // 524
+ SYS_PTHREAD_SETSPECIFIC = 0x20D // 525
+ SYS_PTHREAD_TESTINTR = 0x20E // 526
+ SYS_PTHREAD_YIELD = 0x20F // 527
+ SYS_TW_OPEN = 0x210 // 528
+ SYS_TW_FCNTL = 0x211 // 529
+ SYS_PTHREAD_JOIN_D4_NP = 0x212 // 530
+ SYS_PTHREAD_CONDATTR_SETKIND_NP = 0x213 // 531
+ SYS_PTHREAD_CONDATTR_GETKIND_NP = 0x214 // 532
+ SYS_EXTLINK_NP = 0x215 // 533
+ SYS___PASSWD = 0x216 // 534
+ SYS_SETGROUPS = 0x217 // 535
+ SYS_INITGROUPS = 0x218 // 536
+ SYS_WCSPBRK = 0x23F // 575
+ SYS_WCSRCHR = 0x240 // 576
+ SYS_SVC99 = 0x241 // 577
+ SYS___SVC99 = 0x241 // 577
+ SYS_WCSWCS = 0x242 // 578
+ SYS_LOCALECO = 0x243 // 579
+ SYS_LOCALECONV = 0x243 // 579
+ SYS___LIBREL = 0x244 // 580
+ SYS_RELEASE = 0x245 // 581
+ SYS___RLSE = 0x245 // 581
+ SYS_FLOCATE = 0x246 // 582
+ SYS___FLOCT = 0x246 // 582
+ SYS_FDELREC = 0x247 // 583
+ SYS___FDLREC = 0x247 // 583
+ SYS_FETCH = 0x248 // 584
+ SYS___FETCH = 0x248 // 584
+ SYS_QSORT = 0x249 // 585
+ SYS_GETENV = 0x24A // 586
+ SYS_SYSTEM = 0x24B // 587
+ SYS_BSEARCH = 0x24C // 588
+ SYS_LDIV = 0x24D // 589
+ SYS___THROW = 0x25E // 606
+ SYS___RETHROW = 0x25F // 607
+ SYS___CLEANUPCATCH = 0x260 // 608
+ SYS___CATCHMATCH = 0x261 // 609
+ SYS___CLEAN2UPCATCH = 0x262 // 610
+ SYS_PUTENV = 0x26A // 618
+ SYS___GETENV = 0x26F // 623
+ SYS_GETPRIORITY = 0x270 // 624
+ SYS_NICE = 0x271 // 625
+ SYS_SETPRIORITY = 0x272 // 626
+ SYS_GETITIMER = 0x273 // 627
+ SYS_SETITIMER = 0x274 // 628
+ SYS_MSGCTL = 0x275 // 629
+ SYS_MSGGET = 0x276 // 630
+ SYS_MSGRCV = 0x277 // 631
+ SYS_MSGSND = 0x278 // 632
+ SYS_MSGXRCV = 0x279 // 633
+ SYS___MSGXR = 0x279 // 633
+ SYS_SEMCTL = 0x27A // 634
+ SYS_SEMGET = 0x27B // 635
+ SYS_SEMOP = 0x27C // 636
+ SYS_SHMAT = 0x27D // 637
+ SYS_SHMCTL = 0x27E // 638
+ SYS_SHMDT = 0x27F // 639
+ SYS_SHMGET = 0x280 // 640
+ SYS___GETIPC = 0x281 // 641
+ SYS_SETGRENT = 0x282 // 642
+ SYS_GETGRENT = 0x283 // 643
+ SYS_ENDGRENT = 0x284 // 644
+ SYS_SETPWENT = 0x285 // 645
+ SYS_GETPWENT = 0x286 // 646
+ SYS_ENDPWENT = 0x287 // 647
+ SYS_BSD_SIGNAL = 0x288 // 648
+ SYS_KILLPG = 0x289 // 649
+ SYS_SIGALTSTACK = 0x28A // 650
+ SYS_SIGHOLD = 0x28B // 651
+ SYS_SIGIGNORE = 0x28C // 652
+ SYS_SIGINTERRUPT = 0x28D // 653
+ SYS_SIGPAUSE = 0x28E // 654
+ SYS_SIGRELSE = 0x28F // 655
+ SYS_SIGSET = 0x290 // 656
+ SYS_SIGSTACK = 0x291 // 657
+ SYS_GETRLIMIT = 0x292 // 658
+ SYS_SETRLIMIT = 0x293 // 659
+ SYS_GETRUSAGE = 0x294 // 660
+ SYS_MMAP = 0x295 // 661
+ SYS_MPROTECT = 0x296 // 662
+ SYS_MSYNC = 0x297 // 663
+ SYS_MUNMAP = 0x298 // 664
+ SYS_CONFSTR = 0x299 // 665
+ SYS_GETOPT = 0x29A // 666
+ SYS_LCHOWN = 0x29B // 667
+ SYS_TRUNCATE = 0x29C // 668
+ SYS_GETSUBOPT = 0x29D // 669
+ SYS_SETPGRP = 0x29E // 670
+ SYS___GDERR = 0x29F // 671
+ SYS___TZONE = 0x2A0 // 672
+ SYS___DLGHT = 0x2A1 // 673
+ SYS___OPARGF = 0x2A2 // 674
+ SYS___OPOPTF = 0x2A3 // 675
+ SYS___OPINDF = 0x2A4 // 676
+ SYS___OPERRF = 0x2A5 // 677
+ SYS_GETDATE = 0x2A6 // 678
+ SYS_WAIT3 = 0x2A7 // 679
+ SYS_WAITID = 0x2A8 // 680
+ SYS___CATTRM = 0x2A9 // 681
+ SYS___GDTRM = 0x2AA // 682
+ SYS___RNDTRM = 0x2AB // 683
+ SYS_CRYPT = 0x2AC // 684
+ SYS_ENCRYPT = 0x2AD // 685
+ SYS_SETKEY = 0x2AE // 686
+ SYS___CNVBLK = 0x2AF // 687
+ SYS___CRYTRM = 0x2B0 // 688
+ SYS___ECRTRM = 0x2B1 // 689
+ SYS_DRAND48 = 0x2B2 // 690
+ SYS_ERAND48 = 0x2B3 // 691
+ SYS_FSTATVFS = 0x2B4 // 692
+ SYS_STATVFS = 0x2B5 // 693
+ SYS_CATCLOSE = 0x2B6 // 694
+ SYS_CATGETS = 0x2B7 // 695
+ SYS_CATOPEN = 0x2B8 // 696
+ SYS_BCMP = 0x2B9 // 697
+ SYS_BCOPY = 0x2BA // 698
+ SYS_BZERO = 0x2BB // 699
+ SYS_FFS = 0x2BC // 700
+ SYS_INDEX = 0x2BD // 701
+ SYS_RINDEX = 0x2BE // 702
+ SYS_STRCASECMP = 0x2BF // 703
+ SYS_STRDUP = 0x2C0 // 704
+ SYS_STRNCASECMP = 0x2C1 // 705
+ SYS_INITSTATE = 0x2C2 // 706
+ SYS_SETSTATE = 0x2C3 // 707
+ SYS_RANDOM = 0x2C4 // 708
+ SYS_SRANDOM = 0x2C5 // 709
+ SYS_HCREATE = 0x2C6 // 710
+ SYS_HDESTROY = 0x2C7 // 711
+ SYS_HSEARCH = 0x2C8 // 712
+ SYS_LFIND = 0x2C9 // 713
+ SYS_LSEARCH = 0x2CA // 714
+ SYS_TDELETE = 0x2CB // 715
+ SYS_TFIND = 0x2CC // 716
+ SYS_TSEARCH = 0x2CD // 717
+ SYS_TWALK = 0x2CE // 718
+ SYS_INSQUE = 0x2CF // 719
+ SYS_REMQUE = 0x2D0 // 720
+ SYS_POPEN = 0x2D1 // 721
+ SYS_PCLOSE = 0x2D2 // 722
+ SYS_SWAB = 0x2D3 // 723
+ SYS_MEMCCPY = 0x2D4 // 724
+ SYS_GETPAGESIZE = 0x2D8 // 728
+ SYS_FCHDIR = 0x2D9 // 729
+ SYS___OCLCK = 0x2DA // 730
+ SYS___ATOE = 0x2DB // 731
+ SYS___ATOE_L = 0x2DC // 732
+ SYS___ETOA = 0x2DD // 733
+ SYS___ETOA_L = 0x2DE // 734
+ SYS_SETUTXENT = 0x2DF // 735
+ SYS_GETUTXENT = 0x2E0 // 736
+ SYS_ENDUTXENT = 0x2E1 // 737
+ SYS_GETUTXID = 0x2E2 // 738
+ SYS_GETUTXLINE = 0x2E3 // 739
+ SYS_PUTUTXLINE = 0x2E4 // 740
+ SYS_FMTMSG = 0x2E5 // 741
+ SYS_JRAND48 = 0x2E6 // 742
+ SYS_LRAND48 = 0x2E7 // 743
+ SYS_MRAND48 = 0x2E8 // 744
+ SYS_NRAND48 = 0x2E9 // 745
+ SYS_LCONG48 = 0x2EA // 746
+ SYS_SRAND48 = 0x2EB // 747
+ SYS_SEED48 = 0x2EC // 748
+ SYS_ISASCII = 0x2ED // 749
+ SYS_TOASCII = 0x2EE // 750
+ SYS_A64L = 0x2EF // 751
+ SYS_L64A = 0x2F0 // 752
+ SYS_UALARM = 0x2F1 // 753
+ SYS_USLEEP = 0x2F2 // 754
+ SYS___UTXTRM = 0x2F3 // 755
+ SYS___SRCTRM = 0x2F4 // 756
+ SYS_FTIME = 0x2F5 // 757
+ SYS_GETTIMEOFDAY = 0x2F6 // 758
+ SYS_DBM_CLEARERR = 0x2F7 // 759
+ SYS_DBM_CLOSE = 0x2F8 // 760
+ SYS_DBM_DELETE = 0x2F9 // 761
+ SYS_DBM_ERROR = 0x2FA // 762
+ SYS_DBM_FETCH = 0x2FB // 763
+ SYS_DBM_FIRSTKEY = 0x2FC // 764
+ SYS_DBM_NEXTKEY = 0x2FD // 765
+ SYS_DBM_OPEN = 0x2FE // 766
+ SYS_DBM_STORE = 0x2FF // 767
+ SYS___NDMTRM = 0x300 // 768
+ SYS_FTOK = 0x301 // 769
+ SYS_BASENAME = 0x302 // 770
+ SYS_DIRNAME = 0x303 // 771
+ SYS_GETDTABLESIZE = 0x304 // 772
+ SYS_MKSTEMP = 0x305 // 773
+ SYS_MKTEMP = 0x306 // 774
+ SYS_NFTW = 0x307 // 775
+ SYS_GETWD = 0x308 // 776
+ SYS_LOCKF = 0x309 // 777
+ SYS__LONGJMP = 0x30D // 781
+ SYS__SETJMP = 0x30E // 782
+ SYS_VFORK = 0x30F // 783
+ SYS_WORDEXP = 0x310 // 784
+ SYS_WORDFREE = 0x311 // 785
+ SYS_GETPGID = 0x312 // 786
+ SYS_GETSID = 0x313 // 787
+ SYS___UTMPXNAME = 0x314 // 788
+ SYS_CUSERID = 0x315 // 789
+ SYS_GETPASS = 0x316 // 790
+ SYS_FNMATCH = 0x317 // 791
+ SYS_FTW = 0x318 // 792
+ SYS_GETW = 0x319 // 793
+ SYS_GLOB = 0x31A // 794
+ SYS_GLOBFREE = 0x31B // 795
+ SYS_PUTW = 0x31C // 796
+ SYS_SEEKDIR = 0x31D // 797
+ SYS_TELLDIR = 0x31E // 798
+ SYS_TEMPNAM = 0x31F // 799
+ SYS_ACOSH = 0x320 // 800
+ SYS_ASINH = 0x321 // 801
+ SYS_ATANH = 0x322 // 802
+ SYS_CBRT = 0x323 // 803
+ SYS_EXPM1 = 0x324 // 804
+ SYS_ILOGB = 0x325 // 805
+ SYS_LOGB = 0x326 // 806
+ SYS_LOG1P = 0x327 // 807
+ SYS_NEXTAFTER = 0x328 // 808
+ SYS_RINT = 0x329 // 809
+ SYS_REMAINDER = 0x32A // 810
+ SYS_SCALB = 0x32B // 811
+ SYS_LGAMMA = 0x32C // 812
+ SYS_TTYSLOT = 0x32D // 813
+ SYS_GETTIMEOFDAY_R = 0x32E // 814
+ SYS_SYNC = 0x32F // 815
+ SYS_SPAWN = 0x330 // 816
+ SYS_SPAWNP = 0x331 // 817
+ SYS_GETLOGIN_UU = 0x332 // 818
+ SYS_ECVT = 0x333 // 819
+ SYS_FCVT = 0x334 // 820
+ SYS_GCVT = 0x335 // 821
+ SYS_ACCEPT = 0x336 // 822
+ SYS_BIND = 0x337 // 823
+ SYS_CONNECT = 0x338 // 824
+ SYS_ENDHOSTENT = 0x339 // 825
+ SYS_ENDPROTOENT = 0x33A // 826
+ SYS_ENDSERVENT = 0x33B // 827
+ SYS_GETHOSTBYADDR_R = 0x33C // 828
+ SYS_GETHOSTBYADDR = 0x33D // 829
+ SYS_GETHOSTBYNAME_R = 0x33E // 830
+ SYS_GETHOSTBYNAME = 0x33F // 831
+ SYS_GETHOSTENT = 0x340 // 832
+ SYS_GETHOSTID = 0x341 // 833
+ SYS_GETHOSTNAME = 0x342 // 834
+ SYS_GETNETBYADDR = 0x343 // 835
+ SYS_GETNETBYNAME = 0x344 // 836
+ SYS_GETNETENT = 0x345 // 837
+ SYS_GETPEERNAME = 0x346 // 838
+ SYS_GETPROTOBYNAME = 0x347 // 839
+ SYS_GETPROTOBYNUMBER = 0x348 // 840
+ SYS_GETPROTOENT = 0x349 // 841
+ SYS_GETSERVBYNAME = 0x34A // 842
+ SYS_GETSERVBYPORT = 0x34B // 843
+ SYS_GETSERVENT = 0x34C // 844
+ SYS_GETSOCKNAME = 0x34D // 845
+ SYS_GETSOCKOPT = 0x34E // 846
+ SYS_INET_ADDR = 0x34F // 847
+ SYS_INET_LNAOF = 0x350 // 848
+ SYS_INET_MAKEADDR = 0x351 // 849
+ SYS_INET_NETOF = 0x352 // 850
+ SYS_INET_NETWORK = 0x353 // 851
+ SYS_INET_NTOA = 0x354 // 852
+ SYS_IOCTL = 0x355 // 853
+ SYS_LISTEN = 0x356 // 854
+ SYS_READV = 0x357 // 855
+ SYS_RECV = 0x358 // 856
+ SYS_RECVFROM = 0x359 // 857
+ SYS_SELECT = 0x35B // 859
+ SYS_SELECTEX = 0x35C // 860
+ SYS_SEND = 0x35D // 861
+ SYS_SENDTO = 0x35F // 863
+ SYS_SETHOSTENT = 0x360 // 864
+ SYS_SETNETENT = 0x361 // 865
+ SYS_SETPEER = 0x362 // 866
+ SYS_SETPROTOENT = 0x363 // 867
+ SYS_SETSERVENT = 0x364 // 868
+ SYS_SETSOCKOPT = 0x365 // 869
+ SYS_SHUTDOWN = 0x366 // 870
+ SYS_SOCKET = 0x367 // 871
+ SYS_SOCKETPAIR = 0x368 // 872
+ SYS_WRITEV = 0x369 // 873
+ SYS_CHROOT = 0x36A // 874
+ SYS_W_STATVFS = 0x36B // 875
+ SYS_ULIMIT = 0x36C // 876
+ SYS_ISNAN = 0x36D // 877
+ SYS_UTIMES = 0x36E // 878
+ SYS___H_ERRNO = 0x36F // 879
+ SYS_ENDNETENT = 0x370 // 880
+ SYS_CLOSELOG = 0x371 // 881
+ SYS_OPENLOG = 0x372 // 882
+ SYS_SETLOGMASK = 0x373 // 883
+ SYS_SYSLOG = 0x374 // 884
+ SYS_PTSNAME = 0x375 // 885
+ SYS_SETREUID = 0x376 // 886
+ SYS_SETREGID = 0x377 // 887
+ SYS_REALPATH = 0x378 // 888
+ SYS___SIGNGAM = 0x379 // 889
+ SYS_GRANTPT = 0x37A // 890
+ SYS_UNLOCKPT = 0x37B // 891
+ SYS_TCGETSID = 0x37C // 892
+ SYS___TCGETCP = 0x37D // 893
+ SYS___TCSETCP = 0x37E // 894
+ SYS___TCSETTABLES = 0x37F // 895
+ SYS_POLL = 0x380 // 896
+ SYS_REXEC = 0x381 // 897
+ SYS___ISASCII2 = 0x382 // 898
+ SYS___TOASCII2 = 0x383 // 899
+ SYS_CHPRIORITY = 0x384 // 900
+ SYS_PTHREAD_ATTR_SETSYNCTYPE_NP = 0x385 // 901
+ SYS_PTHREAD_ATTR_GETSYNCTYPE_NP = 0x386 // 902
+ SYS_PTHREAD_SET_LIMIT_NP = 0x387 // 903
+ SYS___STNETENT = 0x388 // 904
+ SYS___STPROTOENT = 0x389 // 905
+ SYS___STSERVENT = 0x38A // 906
+ SYS___STHOSTENT = 0x38B // 907
+ SYS_NLIST = 0x38C // 908
+ SYS___IPDBCS = 0x38D // 909
+ SYS___IPDSPX = 0x38E // 910
+ SYS___IPMSGC = 0x38F // 911
+ SYS___SELECT1 = 0x390 // 912
+ SYS_PTHREAD_SECURITY_NP = 0x391 // 913
+ SYS___CHECK_RESOURCE_AUTH_NP = 0x392 // 914
+ SYS___CONVERT_ID_NP = 0x393 // 915
+ SYS___OPENVMREL = 0x394 // 916
+ SYS_WMEMCHR = 0x395 // 917
+ SYS_WMEMCMP = 0x396 // 918
+ SYS_WMEMCPY = 0x397 // 919
+ SYS_WMEMMOVE = 0x398 // 920
+ SYS_WMEMSET = 0x399 // 921
+ SYS___FPUTWC = 0x400 // 1024
+ SYS___PUTWC = 0x401 // 1025
+ SYS___PWCHAR = 0x402 // 1026
+ SYS___WCSFTM = 0x403 // 1027
+ SYS___WCSTOK = 0x404 // 1028
+ SYS___WCWDTH = 0x405 // 1029
+ SYS_T_ACCEPT = 0x409 // 1033
+ SYS_T_ALLOC = 0x40A // 1034
+ SYS_T_BIND = 0x40B // 1035
+ SYS_T_CLOSE = 0x40C // 1036
+ SYS_T_CONNECT = 0x40D // 1037
+ SYS_T_ERROR = 0x40E // 1038
+ SYS_T_FREE = 0x40F // 1039
+ SYS_T_GETINFO = 0x410 // 1040
+ SYS_T_GETPROTADDR = 0x411 // 1041
+ SYS_T_GETSTATE = 0x412 // 1042
+ SYS_T_LISTEN = 0x413 // 1043
+ SYS_T_LOOK = 0x414 // 1044
+ SYS_T_OPEN = 0x415 // 1045
+ SYS_T_OPTMGMT = 0x416 // 1046
+ SYS_T_RCV = 0x417 // 1047
+ SYS_T_RCVCONNECT = 0x418 // 1048
+ SYS_T_RCVDIS = 0x419 // 1049
+ SYS_T_RCVREL = 0x41A // 1050
+ SYS_T_RCVUDATA = 0x41B // 1051
+ SYS_T_RCVUDERR = 0x41C // 1052
+ SYS_T_SND = 0x41D // 1053
+ SYS_T_SNDDIS = 0x41E // 1054
+ SYS_T_SNDREL = 0x41F // 1055
+ SYS_T_SNDUDATA = 0x420 // 1056
+ SYS_T_STRERROR = 0x421 // 1057
+ SYS_T_SYNC = 0x422 // 1058
+ SYS_T_UNBIND = 0x423 // 1059
+ SYS___T_ERRNO = 0x424 // 1060
+ SYS___RECVMSG2 = 0x425 // 1061
+ SYS___SENDMSG2 = 0x426 // 1062
+ SYS_FATTACH = 0x427 // 1063
+ SYS_FDETACH = 0x428 // 1064
+ SYS_GETMSG = 0x429 // 1065
+ SYS_GETPMSG = 0x42A // 1066
+ SYS_ISASTREAM = 0x42B // 1067
+ SYS_PUTMSG = 0x42C // 1068
+ SYS_PUTPMSG = 0x42D // 1069
+ SYS___ISPOSIXON = 0x42E // 1070
+ SYS___OPENMVSREL = 0x42F // 1071
+ SYS_GETCONTEXT = 0x430 // 1072
+ SYS_SETCONTEXT = 0x431 // 1073
+ SYS_MAKECONTEXT = 0x432 // 1074
+ SYS_SWAPCONTEXT = 0x433 // 1075
+ SYS_PTHREAD_GETSPECIFIC_D8_NP = 0x434 // 1076
+ SYS_GETCLIENTID = 0x470 // 1136
+ SYS___GETCLIENTID = 0x471 // 1137
+ SYS_GETSTABLESIZE = 0x472 // 1138
+ SYS_GETIBMOPT = 0x473 // 1139
+ SYS_GETIBMSOCKOPT = 0x474 // 1140
+ SYS_GIVESOCKET = 0x475 // 1141
+ SYS_IBMSFLUSH = 0x476 // 1142
+ SYS_MAXDESC = 0x477 // 1143
+ SYS_SETIBMOPT = 0x478 // 1144
+ SYS_SETIBMSOCKOPT = 0x479 // 1145
+ SYS_SOCK_DEBUG = 0x47A // 1146
+ SYS_SOCK_DO_TESTSTOR = 0x47D // 1149
+ SYS_TAKESOCKET = 0x47E // 1150
+ SYS___SERVER_INIT = 0x47F // 1151
+ SYS___SERVER_PWU = 0x480 // 1152
+ SYS_PTHREAD_TAG_NP = 0x481 // 1153
+ SYS___CONSOLE = 0x482 // 1154
+ SYS___WSINIT = 0x483 // 1155
+ SYS___IPTCPN = 0x489 // 1161
+ SYS___SMF_RECORD = 0x48A // 1162
+ SYS___IPHOST = 0x48B // 1163
+ SYS___IPNODE = 0x48C // 1164
+ SYS___SERVER_CLASSIFY_CREATE = 0x48D // 1165
+ SYS___SERVER_CLASSIFY_DESTROY = 0x48E // 1166
+ SYS___SERVER_CLASSIFY_RESET = 0x48F // 1167
+ SYS___SERVER_CLASSIFY = 0x490 // 1168
+ SYS___HEAPRPT = 0x496 // 1174
+ SYS___FNWSA = 0x49B // 1179
+ SYS___SPAWN2 = 0x49D // 1181
+ SYS___SPAWNP2 = 0x49E // 1182
+ SYS___GDRR = 0x4A1 // 1185
+ SYS___HRRNO = 0x4A2 // 1186
+ SYS___OPRG = 0x4A3 // 1187
+ SYS___OPRR = 0x4A4 // 1188
+ SYS___OPND = 0x4A5 // 1189
+ SYS___OPPT = 0x4A6 // 1190
+ SYS___SIGGM = 0x4A7 // 1191
+ SYS___DGHT = 0x4A8 // 1192
+ SYS___TZNE = 0x4A9 // 1193
+ SYS___TZZN = 0x4AA // 1194
+ SYS___TRRNO = 0x4AF // 1199
+ SYS___ENVN = 0x4B0 // 1200
+ SYS___MLOCKALL = 0x4B1 // 1201
+ SYS_CREATEWO = 0x4B2 // 1202
+ SYS_CREATEWORKUNIT = 0x4B2 // 1202
+ SYS_CONTINUE = 0x4B3 // 1203
+ SYS_CONTINUEWORKUNIT = 0x4B3 // 1203
+ SYS_CONNECTW = 0x4B4 // 1204
+ SYS_CONNECTWORKMGR = 0x4B4 // 1204
+ SYS_CONNECTS = 0x4B5 // 1205
+ SYS_CONNECTSERVER = 0x4B5 // 1205
+ SYS_DISCONNE = 0x4B6 // 1206
+ SYS_DISCONNECTSERVER = 0x4B6 // 1206
+ SYS_JOINWORK = 0x4B7 // 1207
+ SYS_JOINWORKUNIT = 0x4B7 // 1207
+ SYS_LEAVEWOR = 0x4B8 // 1208
+ SYS_LEAVEWORKUNIT = 0x4B8 // 1208
+ SYS_DELETEWO = 0x4B9 // 1209
+ SYS_DELETEWORKUNIT = 0x4B9 // 1209
+ SYS_QUERYMET = 0x4BA // 1210
+ SYS_QUERYMETRICS = 0x4BA // 1210
+ SYS_QUERYSCH = 0x4BB // 1211
+ SYS_QUERYSCHENV = 0x4BB // 1211
+ SYS_CHECKSCH = 0x4BC // 1212
+ SYS_CHECKSCHENV = 0x4BC // 1212
+ SYS___PID_AFFINITY = 0x4BD // 1213
+ SYS___ASINH_B = 0x4BE // 1214
+ SYS___ATAN_B = 0x4BF // 1215
+ SYS___CBRT_B = 0x4C0 // 1216
+ SYS___CEIL_B = 0x4C1 // 1217
+ SYS_COPYSIGN = 0x4C2 // 1218
+ SYS___COS_B = 0x4C3 // 1219
+ SYS___ERF_B = 0x4C4 // 1220
+ SYS___ERFC_B = 0x4C5 // 1221
+ SYS___EXPM1_B = 0x4C6 // 1222
+ SYS___FABS_B = 0x4C7 // 1223
+ SYS_FINITE = 0x4C8 // 1224
+ SYS___FLOOR_B = 0x4C9 // 1225
+ SYS___FREXP_B = 0x4CA // 1226
+ SYS___ILOGB_B = 0x4CB // 1227
+ SYS___ISNAN_B = 0x4CC // 1228
+ SYS___LDEXP_B = 0x4CD // 1229
+ SYS___LOG1P_B = 0x4CE // 1230
+ SYS___LOGB_B = 0x4CF // 1231
+ SYS_MATHERR = 0x4D0 // 1232
+ SYS___MODF_B = 0x4D1 // 1233
+ SYS___NEXTAFTER_B = 0x4D2 // 1234
+ SYS___RINT_B = 0x4D3 // 1235
+ SYS_SCALBN = 0x4D4 // 1236
+ SYS_SIGNIFIC = 0x4D5 // 1237
+ SYS_SIGNIFICAND = 0x4D5 // 1237
+ SYS___SIN_B = 0x4D6 // 1238
+ SYS___TAN_B = 0x4D7 // 1239
+ SYS___TANH_B = 0x4D8 // 1240
+ SYS___ACOS_B = 0x4D9 // 1241
+ SYS___ACOSH_B = 0x4DA // 1242
+ SYS___ASIN_B = 0x4DB // 1243
+ SYS___ATAN2_B = 0x4DC // 1244
+ SYS___ATANH_B = 0x4DD // 1245
+ SYS___COSH_B = 0x4DE // 1246
+ SYS___EXP_B = 0x4DF // 1247
+ SYS___FMOD_B = 0x4E0 // 1248
+ SYS___GAMMA_B = 0x4E1 // 1249
+ SYS_GAMMA_R = 0x4E2 // 1250
+ SYS___HYPOT_B = 0x4E3 // 1251
+ SYS___J0_B = 0x4E4 // 1252
+ SYS___Y0_B = 0x4E5 // 1253
+ SYS___J1_B = 0x4E6 // 1254
+ SYS___Y1_B = 0x4E7 // 1255
+ SYS___JN_B = 0x4E8 // 1256
+ SYS___YN_B = 0x4E9 // 1257
+ SYS___LGAMMA_B = 0x4EA // 1258
+ SYS_LGAMMA_R = 0x4EB // 1259
+ SYS___LOG_B = 0x4EC // 1260
+ SYS___LOG10_B = 0x4ED // 1261
+ SYS___POW_B = 0x4EE // 1262
+ SYS___REMAINDER_B = 0x4EF // 1263
+ SYS___SCALB_B = 0x4F0 // 1264
+ SYS___SINH_B = 0x4F1 // 1265
+ SYS___SQRT_B = 0x4F2 // 1266
+ SYS___OPENDIR2 = 0x4F3 // 1267
+ SYS___READDIR2 = 0x4F4 // 1268
+ SYS___LOGIN = 0x4F5 // 1269
+ SYS___OPEN_STAT = 0x4F6 // 1270
+ SYS_ACCEPT_AND_RECV = 0x4F7 // 1271
+ SYS___FP_SETMODE = 0x4F8 // 1272
+ SYS___SIGACTIONSET = 0x4FB // 1275
+ SYS___UCREATE = 0x4FC // 1276
+ SYS___UMALLOC = 0x4FD // 1277
+ SYS___UFREE = 0x4FE // 1278
+ SYS___UHEAPREPORT = 0x4FF // 1279
+ SYS___ISBFP = 0x500 // 1280
+ SYS___FP_CAST = 0x501 // 1281
+ SYS___CERTIFICATE = 0x502 // 1282
+ SYS_SEND_FILE = 0x503 // 1283
+ SYS_AIO_CANCEL = 0x504 // 1284
+ SYS_AIO_ERROR = 0x505 // 1285
+ SYS_AIO_READ = 0x506 // 1286
+ SYS_AIO_RETURN = 0x507 // 1287
+ SYS_AIO_SUSPEND = 0x508 // 1288
+ SYS_AIO_WRITE = 0x509 // 1289
+ SYS_PTHREAD_MUTEXATTR_GETPSHARED = 0x50A // 1290
+ SYS_PTHREAD_MUTEXATTR_SETPSHARED = 0x50B // 1291
+ SYS_PTHREAD_RWLOCK_DESTROY = 0x50C // 1292
+ SYS_PTHREAD_RWLOCK_INIT = 0x50D // 1293
+ SYS_PTHREAD_RWLOCK_RDLOCK = 0x50E // 1294
+ SYS_PTHREAD_RWLOCK_TRYRDLOCK = 0x50F // 1295
+ SYS_PTHREAD_RWLOCK_TRYWRLOCK = 0x510 // 1296
+ SYS_PTHREAD_RWLOCK_UNLOCK = 0x511 // 1297
+ SYS_PTHREAD_RWLOCK_WRLOCK = 0x512 // 1298
+ SYS_PTHREAD_RWLOCKATTR_GETPSHARED = 0x513 // 1299
+ SYS_PTHREAD_RWLOCKATTR_SETPSHARED = 0x514 // 1300
+ SYS_PTHREAD_RWLOCKATTR_INIT = 0x515 // 1301
+ SYS_PTHREAD_RWLOCKATTR_DESTROY = 0x516 // 1302
+ SYS___CTTBL = 0x517 // 1303
+ SYS_PTHREAD_MUTEXATTR_SETTYPE = 0x518 // 1304
+ SYS_PTHREAD_MUTEXATTR_GETTYPE = 0x519 // 1305
+ SYS___FP_CLR_FLAG = 0x51A // 1306
+ SYS___FP_READ_FLAG = 0x51B // 1307
+ SYS___FP_RAISE_XCP = 0x51C // 1308
+ SYS___FP_CLASS = 0x51D // 1309
+ SYS___FP_FINITE = 0x51E // 1310
+ SYS___FP_ISNAN = 0x51F // 1311
+ SYS___FP_UNORDERED = 0x520 // 1312
+ SYS___FP_READ_RND = 0x521 // 1313
+ SYS___FP_READ_RND_B = 0x522 // 1314
+ SYS___FP_SWAP_RND = 0x523 // 1315
+ SYS___FP_SWAP_RND_B = 0x524 // 1316
+ SYS___FP_LEVEL = 0x525 // 1317
+ SYS___FP_BTOH = 0x526 // 1318
+ SYS___FP_HTOB = 0x527 // 1319
+ SYS___FPC_RD = 0x528 // 1320
+ SYS___FPC_WR = 0x529 // 1321
+ SYS___FPC_RW = 0x52A // 1322
+ SYS___FPC_SM = 0x52B // 1323
+ SYS___FPC_RS = 0x52C // 1324
+ SYS_SIGTIMEDWAIT = 0x52D // 1325
+ SYS_SIGWAITINFO = 0x52E // 1326
+ SYS___CHKBFP = 0x52F // 1327
+ SYS___W_PIOCTL = 0x59E // 1438
+ SYS___OSENV = 0x59F // 1439
+ SYS_EXPORTWO = 0x5A1 // 1441
+ SYS_EXPORTWORKUNIT = 0x5A1 // 1441
+ SYS_UNDOEXPO = 0x5A2 // 1442
+ SYS_UNDOEXPORTWORKUNIT = 0x5A2 // 1442
+ SYS_IMPORTWO = 0x5A3 // 1443
+ SYS_IMPORTWORKUNIT = 0x5A3 // 1443
+ SYS_UNDOIMPO = 0x5A4 // 1444
+ SYS_UNDOIMPORTWORKUNIT = 0x5A4 // 1444
+ SYS_EXTRACTW = 0x5A5 // 1445
+ SYS_EXTRACTWORKUNIT = 0x5A5 // 1445
+ SYS___CPL = 0x5A6 // 1446
+ SYS___MAP_INIT = 0x5A7 // 1447
+ SYS___MAP_SERVICE = 0x5A8 // 1448
+ SYS_SIGQUEUE = 0x5A9 // 1449
+ SYS___MOUNT = 0x5AA // 1450
+ SYS___GETUSERID = 0x5AB // 1451
+ SYS___IPDOMAINNAME = 0x5AC // 1452
+ SYS_QUERYENC = 0x5AD // 1453
+ SYS_QUERYWORKUNITCLASSIFICATION = 0x5AD // 1453
+ SYS_CONNECTE = 0x5AE // 1454
+ SYS_CONNECTEXPORTIMPORT = 0x5AE // 1454
+ SYS___FP_SWAPMODE = 0x5AF // 1455
+ SYS_STRTOLL = 0x5B0 // 1456
+ SYS_STRTOULL = 0x5B1 // 1457
+ SYS___DSA_PREV = 0x5B2 // 1458
+ SYS___EP_FIND = 0x5B3 // 1459
+ SYS___SERVER_THREADS_QUERY = 0x5B4 // 1460
+ SYS___MSGRCV_TIMED = 0x5B7 // 1463
+ SYS___SEMOP_TIMED = 0x5B8 // 1464
+ SYS___GET_CPUID = 0x5B9 // 1465
+ SYS___GET_SYSTEM_SETTINGS = 0x5BA // 1466
+ SYS_FTELLO = 0x5C8 // 1480
+ SYS_FSEEKO = 0x5C9 // 1481
+ SYS_LLDIV = 0x5CB // 1483
+ SYS_WCSTOLL = 0x5CC // 1484
+ SYS_WCSTOULL = 0x5CD // 1485
+ SYS_LLABS = 0x5CE // 1486
+ SYS___CONSOLE2 = 0x5D2 // 1490
+ SYS_INET_NTOP = 0x5D3 // 1491
+ SYS_INET_PTON = 0x5D4 // 1492
+ SYS___RES = 0x5D6 // 1494
+ SYS_RES_MKQUERY = 0x5D7 // 1495
+ SYS_RES_INIT = 0x5D8 // 1496
+ SYS_RES_QUERY = 0x5D9 // 1497
+ SYS_RES_SEARCH = 0x5DA // 1498
+ SYS_RES_SEND = 0x5DB // 1499
+ SYS_RES_QUERYDOMAIN = 0x5DC // 1500
+ SYS_DN_EXPAND = 0x5DD // 1501
+ SYS_DN_SKIPNAME = 0x5DE // 1502
+ SYS_DN_COMP = 0x5DF // 1503
+ SYS_ASCTIME_R = 0x5E0 // 1504
+ SYS_CTIME_R = 0x5E1 // 1505
+ SYS_GMTIME_R = 0x5E2 // 1506
+ SYS_LOCALTIME_R = 0x5E3 // 1507
+ SYS_RAND_R = 0x5E4 // 1508
+ SYS_STRTOK_R = 0x5E5 // 1509
+ SYS_READDIR_R = 0x5E6 // 1510
+ SYS_GETGRGID_R = 0x5E7 // 1511
+ SYS_GETGRNAM_R = 0x5E8 // 1512
+ SYS_GETLOGIN_R = 0x5E9 // 1513
+ SYS_GETPWNAM_R = 0x5EA // 1514
+ SYS_GETPWUID_R = 0x5EB // 1515
+ SYS_TTYNAME_R = 0x5EC // 1516
+ SYS_PTHREAD_ATFORK = 0x5ED // 1517
+ SYS_PTHREAD_ATTR_GETGUARDSIZE = 0x5EE // 1518
+ SYS_PTHREAD_ATTR_GETSTACKADDR = 0x5EF // 1519
+ SYS_PTHREAD_ATTR_SETGUARDSIZE = 0x5F0 // 1520
+ SYS_PTHREAD_ATTR_SETSTACKADDR = 0x5F1 // 1521
+ SYS_PTHREAD_CONDATTR_GETPSHARED = 0x5F2 // 1522
+ SYS_PTHREAD_CONDATTR_SETPSHARED = 0x5F3 // 1523
+ SYS_PTHREAD_GETCONCURRENCY = 0x5F4 // 1524
+ SYS_PTHREAD_KEY_DELETE = 0x5F5 // 1525
+ SYS_PTHREAD_SETCONCURRENCY = 0x5F6 // 1526
+ SYS_PTHREAD_SIGMASK = 0x5F7 // 1527
+ SYS___DISCARDDATA = 0x5F8 // 1528
+ SYS_PTHREAD_ATTR_GETSCHEDPARAM = 0x5F9 // 1529
+ SYS_PTHREAD_ATTR_SETSCHEDPARAM = 0x5FA // 1530
+ SYS_PTHREAD_ATTR_GETDETACHSTATE_U98 = 0x5FB // 1531
+ SYS_PTHREAD_ATTR_SETDETACHSTATE_U98 = 0x5FC // 1532
+ SYS_PTHREAD_DETACH_U98 = 0x5FD // 1533
+ SYS_PTHREAD_GETSPECIFIC_U98 = 0x5FE // 1534
+ SYS_PTHREAD_SETCANCELSTATE = 0x5FF // 1535
+ SYS_PTHREAD_SETCANCELTYPE = 0x600 // 1536
+ SYS_PTHREAD_TESTCANCEL = 0x601 // 1537
+ SYS___ATANF_B = 0x602 // 1538
+ SYS___ATANL_B = 0x603 // 1539
+ SYS___CEILF_B = 0x604 // 1540
+ SYS___CEILL_B = 0x605 // 1541
+ SYS___COSF_B = 0x606 // 1542
+ SYS___COSL_B = 0x607 // 1543
+ SYS___FABSF_B = 0x608 // 1544
+ SYS___FABSL_B = 0x609 // 1545
+ SYS___FLOORF_B = 0x60A // 1546
+ SYS___FLOORL_B = 0x60B // 1547
+ SYS___FREXPF_B = 0x60C // 1548
+ SYS___FREXPL_B = 0x60D // 1549
+ SYS___LDEXPF_B = 0x60E // 1550
+ SYS___LDEXPL_B = 0x60F // 1551
+ SYS___SINF_B = 0x610 // 1552
+ SYS___SINL_B = 0x611 // 1553
+ SYS___TANF_B = 0x612 // 1554
+ SYS___TANL_B = 0x613 // 1555
+ SYS___TANHF_B = 0x614 // 1556
+ SYS___TANHL_B = 0x615 // 1557
+ SYS___ACOSF_B = 0x616 // 1558
+ SYS___ACOSL_B = 0x617 // 1559
+ SYS___ASINF_B = 0x618 // 1560
+ SYS___ASINL_B = 0x619 // 1561
+ SYS___ATAN2F_B = 0x61A // 1562
+ SYS___ATAN2L_B = 0x61B // 1563
+ SYS___COSHF_B = 0x61C // 1564
+ SYS___COSHL_B = 0x61D // 1565
+ SYS___EXPF_B = 0x61E // 1566
+ SYS___EXPL_B = 0x61F // 1567
+ SYS___LOGF_B = 0x620 // 1568
+ SYS___LOGL_B = 0x621 // 1569
+ SYS___LOG10F_B = 0x622 // 1570
+ SYS___LOG10L_B = 0x623 // 1571
+ SYS___POWF_B = 0x624 // 1572
+ SYS___POWL_B = 0x625 // 1573
+ SYS___SINHF_B = 0x626 // 1574
+ SYS___SINHL_B = 0x627 // 1575
+ SYS___SQRTF_B = 0x628 // 1576
+ SYS___SQRTL_B = 0x629 // 1577
+ SYS___ABSF_B = 0x62A // 1578
+ SYS___ABS_B = 0x62B // 1579
+ SYS___ABSL_B = 0x62C // 1580
+ SYS___FMODF_B = 0x62D // 1581
+ SYS___FMODL_B = 0x62E // 1582
+ SYS___MODFF_B = 0x62F // 1583
+ SYS___MODFL_B = 0x630 // 1584
+ SYS_ABSF = 0x631 // 1585
+ SYS_ABSL = 0x632 // 1586
+ SYS_ACOSF = 0x633 // 1587
+ SYS_ACOSL = 0x634 // 1588
+ SYS_ASINF = 0x635 // 1589
+ SYS_ASINL = 0x636 // 1590
+ SYS_ATAN2F = 0x637 // 1591
+ SYS_ATAN2L = 0x638 // 1592
+ SYS_ATANF = 0x639 // 1593
+ SYS_ATANL = 0x63A // 1594
+ SYS_CEILF = 0x63B // 1595
+ SYS_CEILL = 0x63C // 1596
+ SYS_COSF = 0x63D // 1597
+ SYS_COSL = 0x63E // 1598
+ SYS_COSHF = 0x63F // 1599
+ SYS_COSHL = 0x640 // 1600
+ SYS_EXPF = 0x641 // 1601
+ SYS_EXPL = 0x642 // 1602
+ SYS_TANHF = 0x643 // 1603
+ SYS_TANHL = 0x644 // 1604
+ SYS_LOG10F = 0x645 // 1605
+ SYS_LOG10L = 0x646 // 1606
+ SYS_LOGF = 0x647 // 1607
+ SYS_LOGL = 0x648 // 1608
+ SYS_POWF = 0x649 // 1609
+ SYS_POWL = 0x64A // 1610
+ SYS_SINF = 0x64B // 1611
+ SYS_SINL = 0x64C // 1612
+ SYS_SQRTF = 0x64D // 1613
+ SYS_SQRTL = 0x64E // 1614
+ SYS_SINHF = 0x64F // 1615
+ SYS_SINHL = 0x650 // 1616
+ SYS_TANF = 0x651 // 1617
+ SYS_TANL = 0x652 // 1618
+ SYS_FABSF = 0x653 // 1619
+ SYS_FABSL = 0x654 // 1620
+ SYS_FLOORF = 0x655 // 1621
+ SYS_FLOORL = 0x656 // 1622
+ SYS_FMODF = 0x657 // 1623
+ SYS_FMODL = 0x658 // 1624
+ SYS_FREXPF = 0x659 // 1625
+ SYS_FREXPL = 0x65A // 1626
+ SYS_LDEXPF = 0x65B // 1627
+ SYS_LDEXPL = 0x65C // 1628
+ SYS_MODFF = 0x65D // 1629
+ SYS_MODFL = 0x65E // 1630
+ SYS_BTOWC = 0x65F // 1631
+ SYS___CHATTR = 0x660 // 1632
+ SYS___FCHATTR = 0x661 // 1633
+ SYS___TOCCSID = 0x662 // 1634
+ SYS___CSNAMETYPE = 0x663 // 1635
+ SYS___TOCSNAME = 0x664 // 1636
+ SYS___CCSIDTYPE = 0x665 // 1637
+ SYS___AE_CORRESTBL_QUERY = 0x666 // 1638
+ SYS___AE_AUTOCONVERT_STATE = 0x667 // 1639
+ SYS_DN_FIND = 0x668 // 1640
+ SYS___GETHOSTBYADDR_A = 0x669 // 1641
+ SYS___GETHOSTBYNAME_A = 0x66A // 1642
+ SYS___RES_INIT_A = 0x66B // 1643
+ SYS___GETHOSTBYADDR_R_A = 0x66C // 1644
+ SYS___GETHOSTBYNAME_R_A = 0x66D // 1645
+ SYS___CHARMAP_INIT_A = 0x66E // 1646
+ SYS___MBLEN_A = 0x66F // 1647
+ SYS___MBLEN_SB_A = 0x670 // 1648
+ SYS___MBLEN_STD_A = 0x671 // 1649
+ SYS___MBLEN_UTF = 0x672 // 1650
+ SYS___MBSTOWCS_A = 0x673 // 1651
+ SYS___MBSTOWCS_STD_A = 0x674 // 1652
+ SYS___MBTOWC_A = 0x675 // 1653
+ SYS___MBTOWC_ISO1 = 0x676 // 1654
+ SYS___MBTOWC_SBCS = 0x677 // 1655
+ SYS___MBTOWC_MBCS = 0x678 // 1656
+ SYS___MBTOWC_UTF = 0x679 // 1657
+ SYS___WCSTOMBS_A = 0x67A // 1658
+ SYS___WCSTOMBS_STD_A = 0x67B // 1659
+ SYS___WCSWIDTH_A = 0x67C // 1660
+ SYS___GETGRGID_R_A = 0x67D // 1661
+ SYS___WCSWIDTH_STD_A = 0x67E // 1662
+ SYS___WCSWIDTH_ASIA = 0x67F // 1663
+ SYS___CSID_A = 0x680 // 1664
+ SYS___CSID_STD_A = 0x681 // 1665
+ SYS___WCSID_A = 0x682 // 1666
+ SYS___WCSID_STD_A = 0x683 // 1667
+ SYS___WCTOMB_A = 0x684 // 1668
+ SYS___WCTOMB_ISO1 = 0x685 // 1669
+ SYS___WCTOMB_STD_A = 0x686 // 1670
+ SYS___WCTOMB_UTF = 0x687 // 1671
+ SYS___WCWIDTH_A = 0x688 // 1672
+ SYS___GETGRNAM_R_A = 0x689 // 1673
+ SYS___WCWIDTH_STD_A = 0x68A // 1674
+ SYS___WCWIDTH_ASIA = 0x68B // 1675
+ SYS___GETPWNAM_R_A = 0x68C // 1676
+ SYS___GETPWUID_R_A = 0x68D // 1677
+ SYS___GETLOGIN_R_A = 0x68E // 1678
+ SYS___TTYNAME_R_A = 0x68F // 1679
+ SYS___READDIR_R_A = 0x690 // 1680
+ SYS___E2A_S = 0x691 // 1681
+ SYS___FNMATCH_A = 0x692 // 1682
+ SYS___FNMATCH_C_A = 0x693 // 1683
+ SYS___EXECL_A = 0x694 // 1684
+ SYS___FNMATCH_STD_A = 0x695 // 1685
+ SYS___REGCOMP_A = 0x696 // 1686
+ SYS___REGCOMP_STD_A = 0x697 // 1687
+ SYS___REGERROR_A = 0x698 // 1688
+ SYS___REGERROR_STD_A = 0x699 // 1689
+ SYS___REGEXEC_A = 0x69A // 1690
+ SYS___REGEXEC_STD_A = 0x69B // 1691
+ SYS___REGFREE_A = 0x69C // 1692
+ SYS___REGFREE_STD_A = 0x69D // 1693
+ SYS___STRCOLL_A = 0x69E // 1694
+ SYS___STRCOLL_C_A = 0x69F // 1695
+ SYS___EXECLE_A = 0x6A0 // 1696
+ SYS___STRCOLL_STD_A = 0x6A1 // 1697
+ SYS___STRXFRM_A = 0x6A2 // 1698
+ SYS___STRXFRM_C_A = 0x6A3 // 1699
+ SYS___EXECLP_A = 0x6A4 // 1700
+ SYS___STRXFRM_STD_A = 0x6A5 // 1701
+ SYS___WCSCOLL_A = 0x6A6 // 1702
+ SYS___WCSCOLL_C_A = 0x6A7 // 1703
+ SYS___WCSCOLL_STD_A = 0x6A8 // 1704
+ SYS___WCSXFRM_A = 0x6A9 // 1705
+ SYS___WCSXFRM_C_A = 0x6AA // 1706
+ SYS___WCSXFRM_STD_A = 0x6AB // 1707
+ SYS___COLLATE_INIT_A = 0x6AC // 1708
+ SYS___WCTYPE_A = 0x6AD // 1709
+ SYS___GET_WCTYPE_STD_A = 0x6AE // 1710
+ SYS___CTYPE_INIT_A = 0x6AF // 1711
+ SYS___ISWCTYPE_A = 0x6B0 // 1712
+ SYS___EXECV_A = 0x6B1 // 1713
+ SYS___IS_WCTYPE_STD_A = 0x6B2 // 1714
+ SYS___TOWLOWER_A = 0x6B3 // 1715
+ SYS___TOWLOWER_STD_A = 0x6B4 // 1716
+ SYS___TOWUPPER_A = 0x6B5 // 1717
+ SYS___TOWUPPER_STD_A = 0x6B6 // 1718
+ SYS___LOCALE_INIT_A = 0x6B7 // 1719
+ SYS___LOCALECONV_A = 0x6B8 // 1720
+ SYS___LOCALECONV_STD_A = 0x6B9 // 1721
+ SYS___NL_LANGINFO_A = 0x6BA // 1722
+ SYS___NL_LNAGINFO_STD_A = 0x6BB // 1723
+ SYS___MONETARY_INIT_A = 0x6BC // 1724
+ SYS___STRFMON_A = 0x6BD // 1725
+ SYS___STRFMON_STD_A = 0x6BE // 1726
+ SYS___GETADDRINFO_A = 0x6BF // 1727
+ SYS___CATGETS_A = 0x6C0 // 1728
+ SYS___EXECVE_A = 0x6C1 // 1729
+ SYS___EXECVP_A = 0x6C2 // 1730
+ SYS___SPAWN_A = 0x6C3 // 1731
+ SYS___GETNAMEINFO_A = 0x6C4 // 1732
+ SYS___SPAWNP_A = 0x6C5 // 1733
+ SYS___NUMERIC_INIT_A = 0x6C6 // 1734
+ SYS___RESP_INIT_A = 0x6C7 // 1735
+ SYS___RPMATCH_A = 0x6C8 // 1736
+ SYS___RPMATCH_C_A = 0x6C9 // 1737
+ SYS___RPMATCH_STD_A = 0x6CA // 1738
+ SYS___TIME_INIT_A = 0x6CB // 1739
+ SYS___STRFTIME_A = 0x6CC // 1740
+ SYS___STRFTIME_STD_A = 0x6CD // 1741
+ SYS___STRPTIME_A = 0x6CE // 1742
+ SYS___STRPTIME_STD_A = 0x6CF // 1743
+ SYS___WCSFTIME_A = 0x6D0 // 1744
+ SYS___WCSFTIME_STD_A = 0x6D1 // 1745
+ SYS_____SPAWN2_A = 0x6D2 // 1746
+ SYS_____SPAWNP2_A = 0x6D3 // 1747
+ SYS___SYNTAX_INIT_A = 0x6D4 // 1748
+ SYS___TOD_INIT_A = 0x6D5 // 1749
+ SYS___NL_CSINFO_A = 0x6D6 // 1750
+ SYS___NL_MONINFO_A = 0x6D7 // 1751
+ SYS___NL_NUMINFO_A = 0x6D8 // 1752
+ SYS___NL_RESPINFO_A = 0x6D9 // 1753
+ SYS___NL_TIMINFO_A = 0x6DA // 1754
+ SYS___IF_NAMETOINDEX_A = 0x6DB // 1755
+ SYS___IF_INDEXTONAME_A = 0x6DC // 1756
+ SYS___PRINTF_A = 0x6DD // 1757
+ SYS___ICONV_OPEN_A = 0x6DE // 1758
+ SYS___DLLLOAD_A = 0x6DF // 1759
+ SYS___DLLQUERYFN_A = 0x6E0 // 1760
+ SYS___DLLQUERYVAR_A = 0x6E1 // 1761
+ SYS_____CHATTR_A = 0x6E2 // 1762
+ SYS___E2A_L = 0x6E3 // 1763
+ SYS_____TOCCSID_A = 0x6E4 // 1764
+ SYS_____TOCSNAME_A = 0x6E5 // 1765
+ SYS_____CCSIDTYPE_A = 0x6E6 // 1766
+ SYS_____CSNAMETYPE_A = 0x6E7 // 1767
+ SYS___CHMOD_A = 0x6E8 // 1768
+ SYS___MKDIR_A = 0x6E9 // 1769
+ SYS___STAT_A = 0x6EA // 1770
+ SYS___STAT_O_A = 0x6EB // 1771
+ SYS___MKFIFO_A = 0x6EC // 1772
+ SYS_____OPEN_STAT_A = 0x6ED // 1773
+ SYS___LSTAT_A = 0x6EE // 1774
+ SYS___LSTAT_O_A = 0x6EF // 1775
+ SYS___MKNOD_A = 0x6F0 // 1776
+ SYS___MOUNT_A = 0x6F1 // 1777
+ SYS___UMOUNT_A = 0x6F2 // 1778
+ SYS___CHAUDIT_A = 0x6F4 // 1780
+ SYS___W_GETMNTENT_A = 0x6F5 // 1781
+ SYS___CREAT_A = 0x6F6 // 1782
+ SYS___OPEN_A = 0x6F7 // 1783
+ SYS___SETLOCALE_A = 0x6F9 // 1785
+ SYS___FPRINTF_A = 0x6FA // 1786
+ SYS___SPRINTF_A = 0x6FB // 1787
+ SYS___VFPRINTF_A = 0x6FC // 1788
+ SYS___VPRINTF_A = 0x6FD // 1789
+ SYS___VSPRINTF_A = 0x6FE // 1790
+ SYS___VSWPRINTF_A = 0x6FF // 1791
+ SYS___SWPRINTF_A = 0x700 // 1792
+ SYS___FSCANF_A = 0x701 // 1793
+ SYS___SCANF_A = 0x702 // 1794
+ SYS___SSCANF_A = 0x703 // 1795
+ SYS___SWSCANF_A = 0x704 // 1796
+ SYS___ATOF_A = 0x705 // 1797
+ SYS___ATOI_A = 0x706 // 1798
+ SYS___ATOL_A = 0x707 // 1799
+ SYS___STRTOD_A = 0x708 // 1800
+ SYS___STRTOL_A = 0x709 // 1801
+ SYS___STRTOUL_A = 0x70A // 1802
+ SYS_____AE_CORRESTBL_QUERY_A = 0x70B // 1803
+ SYS___A64L_A = 0x70C // 1804
+ SYS___ECVT_A = 0x70D // 1805
+ SYS___FCVT_A = 0x70E // 1806
+ SYS___GCVT_A = 0x70F // 1807
+ SYS___L64A_A = 0x710 // 1808
+ SYS___STRERROR_A = 0x711 // 1809
+ SYS___PERROR_A = 0x712 // 1810
+ SYS___FETCH_A = 0x713 // 1811
+ SYS___GETENV_A = 0x714 // 1812
+ SYS___MKSTEMP_A = 0x717 // 1815
+ SYS___PTSNAME_A = 0x718 // 1816
+ SYS___PUTENV_A = 0x719 // 1817
+ SYS___REALPATH_A = 0x71A // 1818
+ SYS___SETENV_A = 0x71B // 1819
+ SYS___SYSTEM_A = 0x71C // 1820
+ SYS___GETOPT_A = 0x71D // 1821
+ SYS___CATOPEN_A = 0x71E // 1822
+ SYS___ACCESS_A = 0x71F // 1823
+ SYS___CHDIR_A = 0x720 // 1824
+ SYS___CHOWN_A = 0x721 // 1825
+ SYS___CHROOT_A = 0x722 // 1826
+ SYS___GETCWD_A = 0x723 // 1827
+ SYS___GETWD_A = 0x724 // 1828
+ SYS___LCHOWN_A = 0x725 // 1829
+ SYS___LINK_A = 0x726 // 1830
+ SYS___PATHCONF_A = 0x727 // 1831
+ SYS___IF_NAMEINDEX_A = 0x728 // 1832
+ SYS___READLINK_A = 0x729 // 1833
+ SYS___RMDIR_A = 0x72A // 1834
+ SYS___STATVFS_A = 0x72B // 1835
+ SYS___SYMLINK_A = 0x72C // 1836
+ SYS___TRUNCATE_A = 0x72D // 1837
+ SYS___UNLINK_A = 0x72E // 1838
+ SYS___GAI_STRERROR_A = 0x72F // 1839
+ SYS___EXTLINK_NP_A = 0x730 // 1840
+ SYS___ISALNUM_A = 0x731 // 1841
+ SYS___ISALPHA_A = 0x732 // 1842
+ SYS___A2E_S = 0x733 // 1843
+ SYS___ISCNTRL_A = 0x734 // 1844
+ SYS___ISDIGIT_A = 0x735 // 1845
+ SYS___ISGRAPH_A = 0x736 // 1846
+ SYS___ISLOWER_A = 0x737 // 1847
+ SYS___ISPRINT_A = 0x738 // 1848
+ SYS___ISPUNCT_A = 0x739 // 1849
+ SYS___ISSPACE_A = 0x73A // 1850
+ SYS___ISUPPER_A = 0x73B // 1851
+ SYS___ISXDIGIT_A = 0x73C // 1852
+ SYS___TOLOWER_A = 0x73D // 1853
+ SYS___TOUPPER_A = 0x73E // 1854
+ SYS___ISWALNUM_A = 0x73F // 1855
+ SYS___ISWALPHA_A = 0x740 // 1856
+ SYS___A2E_L = 0x741 // 1857
+ SYS___ISWCNTRL_A = 0x742 // 1858
+ SYS___ISWDIGIT_A = 0x743 // 1859
+ SYS___ISWGRAPH_A = 0x744 // 1860
+ SYS___ISWLOWER_A = 0x745 // 1861
+ SYS___ISWPRINT_A = 0x746 // 1862
+ SYS___ISWPUNCT_A = 0x747 // 1863
+ SYS___ISWSPACE_A = 0x748 // 1864
+ SYS___ISWUPPER_A = 0x749 // 1865
+ SYS___ISWXDIGIT_A = 0x74A // 1866
+ SYS___CONFSTR_A = 0x74B // 1867
+ SYS___FTOK_A = 0x74C // 1868
+ SYS___MKTEMP_A = 0x74D // 1869
+ SYS___FDOPEN_A = 0x74E // 1870
+ SYS___FLDATA_A = 0x74F // 1871
+ SYS___REMOVE_A = 0x750 // 1872
+ SYS___RENAME_A = 0x751 // 1873
+ SYS___TMPNAM_A = 0x752 // 1874
+ SYS___FOPEN_A = 0x753 // 1875
+ SYS___FREOPEN_A = 0x754 // 1876
+ SYS___CUSERID_A = 0x755 // 1877
+ SYS___POPEN_A = 0x756 // 1878
+ SYS___TEMPNAM_A = 0x757 // 1879
+ SYS___FTW_A = 0x758 // 1880
+ SYS___GETGRENT_A = 0x759 // 1881
+ SYS___GETGRGID_A = 0x75A // 1882
+ SYS___GETGRNAM_A = 0x75B // 1883
+ SYS___GETGROUPSBYNAME_A = 0x75C // 1884
+ SYS___GETHOSTENT_A = 0x75D // 1885
+ SYS___GETHOSTNAME_A = 0x75E // 1886
+ SYS___GETLOGIN_A = 0x75F // 1887
+ SYS___INET_NTOP_A = 0x760 // 1888
+ SYS___GETPASS_A = 0x761 // 1889
+ SYS___GETPWENT_A = 0x762 // 1890
+ SYS___GETPWNAM_A = 0x763 // 1891
+ SYS___GETPWUID_A = 0x764 // 1892
+ SYS_____CHECK_RESOURCE_AUTH_NP_A = 0x765 // 1893
+ SYS___CHECKSCHENV_A = 0x766 // 1894
+ SYS___CONNECTSERVER_A = 0x767 // 1895
+ SYS___CONNECTWORKMGR_A = 0x768 // 1896
+ SYS_____CONSOLE_A = 0x769 // 1897
+ SYS___CREATEWORKUNIT_A = 0x76A // 1898
+ SYS___CTERMID_A = 0x76B // 1899
+ SYS___FMTMSG_A = 0x76C // 1900
+ SYS___INITGROUPS_A = 0x76D // 1901
+ SYS_____LOGIN_A = 0x76E // 1902
+ SYS___MSGRCV_A = 0x76F // 1903
+ SYS___MSGSND_A = 0x770 // 1904
+ SYS___MSGXRCV_A = 0x771 // 1905
+ SYS___NFTW_A = 0x772 // 1906
+ SYS_____PASSWD_A = 0x773 // 1907
+ SYS___PTHREAD_SECURITY_NP_A = 0x774 // 1908
+ SYS___QUERYMETRICS_A = 0x775 // 1909
+ SYS___QUERYSCHENV = 0x776 // 1910
+ SYS___READV_A = 0x777 // 1911
+ SYS_____SERVER_CLASSIFY_A = 0x778 // 1912
+ SYS_____SERVER_INIT_A = 0x779 // 1913
+ SYS_____SERVER_PWU_A = 0x77A // 1914
+ SYS___STRCASECMP_A = 0x77B // 1915
+ SYS___STRNCASECMP_A = 0x77C // 1916
+ SYS___TTYNAME_A = 0x77D // 1917
+ SYS___UNAME_A = 0x77E // 1918
+ SYS___UTIMES_A = 0x77F // 1919
+ SYS___W_GETPSENT_A = 0x780 // 1920
+ SYS___WRITEV_A = 0x781 // 1921
+ SYS___W_STATFS_A = 0x782 // 1922
+ SYS___W_STATVFS_A = 0x783 // 1923
+ SYS___FPUTC_A = 0x784 // 1924
+ SYS___PUTCHAR_A = 0x785 // 1925
+ SYS___PUTS_A = 0x786 // 1926
+ SYS___FGETS_A = 0x787 // 1927
+ SYS___GETS_A = 0x788 // 1928
+ SYS___FPUTS_A = 0x789 // 1929
+ SYS___FREAD_A = 0x78A // 1930
+ SYS___FWRITE_A = 0x78B // 1931
+ SYS___OPEN_O_A = 0x78C // 1932
+ SYS___ISASCII = 0x78D // 1933
+ SYS___CREAT_O_A = 0x78E // 1934
+ SYS___ENVNA = 0x78F // 1935
+ SYS___PUTC_A = 0x790 // 1936
+ SYS___AE_THREAD_SETMODE = 0x791 // 1937
+ SYS___AE_THREAD_SWAPMODE = 0x792 // 1938
+ SYS___GETNETBYADDR_A = 0x793 // 1939
+ SYS___GETNETBYNAME_A = 0x794 // 1940
+ SYS___GETNETENT_A = 0x795 // 1941
+ SYS___GETPROTOBYNAME_A = 0x796 // 1942
+ SYS___GETPROTOBYNUMBER_A = 0x797 // 1943
+ SYS___GETPROTOENT_A = 0x798 // 1944
+ SYS___GETSERVBYNAME_A = 0x799 // 1945
+ SYS___GETSERVBYPORT_A = 0x79A // 1946
+ SYS___GETSERVENT_A = 0x79B // 1947
+ SYS___ASCTIME_A = 0x79C // 1948
+ SYS___CTIME_A = 0x79D // 1949
+ SYS___GETDATE_A = 0x79E // 1950
+ SYS___TZSET_A = 0x79F // 1951
+ SYS___UTIME_A = 0x7A0 // 1952
+ SYS___ASCTIME_R_A = 0x7A1 // 1953
+ SYS___CTIME_R_A = 0x7A2 // 1954
+ SYS___STRTOLL_A = 0x7A3 // 1955
+ SYS___STRTOULL_A = 0x7A4 // 1956
+ SYS___FPUTWC_A = 0x7A5 // 1957
+ SYS___PUTWC_A = 0x7A6 // 1958
+ SYS___PUTWCHAR_A = 0x7A7 // 1959
+ SYS___FPUTWS_A = 0x7A8 // 1960
+ SYS___UNGETWC_A = 0x7A9 // 1961
+ SYS___FGETWC_A = 0x7AA // 1962
+ SYS___GETWC_A = 0x7AB // 1963
+ SYS___GETWCHAR_A = 0x7AC // 1964
+ SYS___FGETWS_A = 0x7AD // 1965
+ SYS___GETTIMEOFDAY_A = 0x7AE // 1966
+ SYS___GMTIME_A = 0x7AF // 1967
+ SYS___GMTIME_R_A = 0x7B0 // 1968
+ SYS___LOCALTIME_A = 0x7B1 // 1969
+ SYS___LOCALTIME_R_A = 0x7B2 // 1970
+ SYS___MKTIME_A = 0x7B3 // 1971
+ SYS___TZZNA = 0x7B4 // 1972
+ SYS_UNATEXIT = 0x7B5 // 1973
+ SYS___CEE3DMP_A = 0x7B6 // 1974
+ SYS___CDUMP_A = 0x7B7 // 1975
+ SYS___CSNAP_A = 0x7B8 // 1976
+ SYS___CTEST_A = 0x7B9 // 1977
+ SYS___CTRACE_A = 0x7BA // 1978
+ SYS___VSWPRNTF2_A = 0x7BB // 1979
+ SYS___INET_PTON_A = 0x7BC // 1980
+ SYS___SYSLOG_A = 0x7BD // 1981
+ SYS___CRYPT_A = 0x7BE // 1982
+ SYS_____OPENDIR2_A = 0x7BF // 1983
+ SYS_____READDIR2_A = 0x7C0 // 1984
+ SYS___OPENDIR_A = 0x7C2 // 1986
+ SYS___READDIR_A = 0x7C3 // 1987
+ SYS_PREAD = 0x7C7 // 1991
+ SYS_PWRITE = 0x7C8 // 1992
+ SYS_M_CREATE_LAYOUT = 0x7C9 // 1993
+ SYS_M_DESTROY_LAYOUT = 0x7CA // 1994
+ SYS_M_GETVALUES_LAYOUT = 0x7CB // 1995
+ SYS_M_SETVALUES_LAYOUT = 0x7CC // 1996
+ SYS_M_TRANSFORM_LAYOUT = 0x7CD // 1997
+ SYS_M_WTRANSFORM_LAYOUT = 0x7CE // 1998
+ SYS_FWPRINTF = 0x7D1 // 2001
+ SYS_WPRINTF = 0x7D2 // 2002
+ SYS_VFWPRINT = 0x7D3 // 2003
+ SYS_VFWPRINTF = 0x7D3 // 2003
+ SYS_VWPRINTF = 0x7D4 // 2004
+ SYS_FWSCANF = 0x7D5 // 2005
+ SYS_WSCANF = 0x7D6 // 2006
+ SYS_WCTRANS = 0x7D7 // 2007
+ SYS_TOWCTRAN = 0x7D8 // 2008
+ SYS_TOWCTRANS = 0x7D8 // 2008
+ SYS___WCSTOD_A = 0x7D9 // 2009
+ SYS___WCSTOL_A = 0x7DA // 2010
+ SYS___WCSTOUL_A = 0x7DB // 2011
+ SYS___BASENAME_A = 0x7DC // 2012
+ SYS___DIRNAME_A = 0x7DD // 2013
+ SYS___GLOB_A = 0x7DE // 2014
+ SYS_FWIDE = 0x7DF // 2015
+ SYS___OSNAME = 0x7E0 // 2016
+ SYS_____OSNAME_A = 0x7E1 // 2017
+ SYS___BTOWC_A = 0x7E4 // 2020
+ SYS___WCTOB_A = 0x7E5 // 2021
+ SYS___DBM_OPEN_A = 0x7E6 // 2022
+ SYS___VFPRINTF2_A = 0x7E7 // 2023
+ SYS___VPRINTF2_A = 0x7E8 // 2024
+ SYS___VSPRINTF2_A = 0x7E9 // 2025
+ SYS___CEIL_H = 0x7EA // 2026
+ SYS___FLOOR_H = 0x7EB // 2027
+ SYS___MODF_H = 0x7EC // 2028
+ SYS___FABS_H = 0x7ED // 2029
+ SYS___J0_H = 0x7EE // 2030
+ SYS___J1_H = 0x7EF // 2031
+ SYS___JN_H = 0x7F0 // 2032
+ SYS___Y0_H = 0x7F1 // 2033
+ SYS___Y1_H = 0x7F2 // 2034
+ SYS___YN_H = 0x7F3 // 2035
+ SYS___CEILF_H = 0x7F4 // 2036
+ SYS___CEILL_H = 0x7F5 // 2037
+ SYS___FLOORF_H = 0x7F6 // 2038
+ SYS___FLOORL_H = 0x7F7 // 2039
+ SYS___MODFF_H = 0x7F8 // 2040
+ SYS___MODFL_H = 0x7F9 // 2041
+ SYS___FABSF_H = 0x7FA // 2042
+ SYS___FABSL_H = 0x7FB // 2043
+ SYS___MALLOC24 = 0x7FC // 2044
+ SYS___MALLOC31 = 0x7FD // 2045
+ SYS_ACL_INIT = 0x7FE // 2046
+ SYS_ACL_FREE = 0x7FF // 2047
+ SYS_ACL_FIRST_ENTRY = 0x800 // 2048
+ SYS_ACL_GET_ENTRY = 0x801 // 2049
+ SYS_ACL_VALID = 0x802 // 2050
+ SYS_ACL_CREATE_ENTRY = 0x803 // 2051
+ SYS_ACL_DELETE_ENTRY = 0x804 // 2052
+ SYS_ACL_UPDATE_ENTRY = 0x805 // 2053
+ SYS_ACL_DELETE_FD = 0x806 // 2054
+ SYS_ACL_DELETE_FILE = 0x807 // 2055
+ SYS_ACL_GET_FD = 0x808 // 2056
+ SYS_ACL_GET_FILE = 0x809 // 2057
+ SYS_ACL_SET_FD = 0x80A // 2058
+ SYS_ACL_SET_FILE = 0x80B // 2059
+ SYS_ACL_FROM_TEXT = 0x80C // 2060
+ SYS_ACL_TO_TEXT = 0x80D // 2061
+ SYS_ACL_SORT = 0x80E // 2062
+ SYS___SHUTDOWN_REGISTRATION = 0x80F // 2063
+ SYS___ERFL_B = 0x810 // 2064
+ SYS___ERFCL_B = 0x811 // 2065
+ SYS___LGAMMAL_B = 0x812 // 2066
+ SYS___SETHOOKEVENTS = 0x813 // 2067
+ SYS_IF_NAMETOINDEX = 0x814 // 2068
+ SYS_IF_INDEXTONAME = 0x815 // 2069
+ SYS_IF_NAMEINDEX = 0x816 // 2070
+ SYS_IF_FREENAMEINDEX = 0x817 // 2071
+ SYS_GETADDRINFO = 0x818 // 2072
+ SYS_GETNAMEINFO = 0x819 // 2073
+ SYS_FREEADDRINFO = 0x81A // 2074
+ SYS_GAI_STRERROR = 0x81B // 2075
+ SYS_REXEC_AF = 0x81C // 2076
+ SYS___POE = 0x81D // 2077
+ SYS___DYNALLOC_A = 0x81F // 2079
+ SYS___DYNFREE_A = 0x820 // 2080
+ SYS___RES_QUERY_A = 0x821 // 2081
+ SYS___RES_SEARCH_A = 0x822 // 2082
+ SYS___RES_QUERYDOMAIN_A = 0x823 // 2083
+ SYS___RES_MKQUERY_A = 0x824 // 2084
+ SYS___RES_SEND_A = 0x825 // 2085
+ SYS___DN_EXPAND_A = 0x826 // 2086
+ SYS___DN_SKIPNAME_A = 0x827 // 2087
+ SYS___DN_COMP_A = 0x828 // 2088
+ SYS___DN_FIND_A = 0x829 // 2089
+ SYS___NLIST_A = 0x82A // 2090
+ SYS_____TCGETCP_A = 0x82B // 2091
+ SYS_____TCSETCP_A = 0x82C // 2092
+ SYS_____W_PIOCTL_A = 0x82E // 2094
+ SYS___INET_ADDR_A = 0x82F // 2095
+ SYS___INET_NTOA_A = 0x830 // 2096
+ SYS___INET_NETWORK_A = 0x831 // 2097
+ SYS___ACCEPT_A = 0x832 // 2098
+ SYS___ACCEPT_AND_RECV_A = 0x833 // 2099
+ SYS___BIND_A = 0x834 // 2100
+ SYS___CONNECT_A = 0x835 // 2101
+ SYS___GETPEERNAME_A = 0x836 // 2102
+ SYS___GETSOCKNAME_A = 0x837 // 2103
+ SYS___RECVFROM_A = 0x838 // 2104
+ SYS___SENDTO_A = 0x839 // 2105
+ SYS___SENDMSG_A = 0x83A // 2106
+ SYS___RECVMSG_A = 0x83B // 2107
+ SYS_____LCHATTR_A = 0x83C // 2108
+ SYS___CABEND = 0x83D // 2109
+ SYS___LE_CIB_GET = 0x83E // 2110
+ SYS___SET_LAA_FOR_JIT = 0x83F // 2111
+ SYS___LCHATTR = 0x840 // 2112
+ SYS___WRITEDOWN = 0x841 // 2113
+ SYS_PTHREAD_MUTEX_INIT2 = 0x842 // 2114
+ SYS___ACOSHF_B = 0x843 // 2115
+ SYS___ACOSHL_B = 0x844 // 2116
+ SYS___ASINHF_B = 0x845 // 2117
+ SYS___ASINHL_B = 0x846 // 2118
+ SYS___ATANHF_B = 0x847 // 2119
+ SYS___ATANHL_B = 0x848 // 2120
+ SYS___CBRTF_B = 0x849 // 2121
+ SYS___CBRTL_B = 0x84A // 2122
+ SYS___COPYSIGNF_B = 0x84B // 2123
+ SYS___COPYSIGNL_B = 0x84C // 2124
+ SYS___COTANF_B = 0x84D // 2125
+ SYS___COTAN_B = 0x84E // 2126
+ SYS___COTANL_B = 0x84F // 2127
+ SYS___EXP2F_B = 0x850 // 2128
+ SYS___EXP2L_B = 0x851 // 2129
+ SYS___EXPM1F_B = 0x852 // 2130
+ SYS___EXPM1L_B = 0x853 // 2131
+ SYS___FDIMF_B = 0x854 // 2132
+ SYS___FDIM_B = 0x855 // 2133
+ SYS___FDIML_B = 0x856 // 2134
+ SYS___HYPOTF_B = 0x857 // 2135
+ SYS___HYPOTL_B = 0x858 // 2136
+ SYS___LOG1PF_B = 0x859 // 2137
+ SYS___LOG1PL_B = 0x85A // 2138
+ SYS___LOG2F_B = 0x85B // 2139
+ SYS___LOG2_B = 0x85C // 2140
+ SYS___LOG2L_B = 0x85D // 2141
+ SYS___REMAINDERF_B = 0x85E // 2142
+ SYS___REMAINDERL_B = 0x85F // 2143
+ SYS___REMQUOF_B = 0x860 // 2144
+ SYS___REMQUO_B = 0x861 // 2145
+ SYS___REMQUOL_B = 0x862 // 2146
+ SYS___TGAMMAF_B = 0x863 // 2147
+ SYS___TGAMMA_B = 0x864 // 2148
+ SYS___TGAMMAL_B = 0x865 // 2149
+ SYS___TRUNCF_B = 0x866 // 2150
+ SYS___TRUNC_B = 0x867 // 2151
+ SYS___TRUNCL_B = 0x868 // 2152
+ SYS___LGAMMAF_B = 0x869 // 2153
+ SYS___LROUNDF_B = 0x86A // 2154
+ SYS___LROUND_B = 0x86B // 2155
+ SYS___ERFF_B = 0x86C // 2156
+ SYS___ERFCF_B = 0x86D // 2157
+ SYS_ACOSHF = 0x86E // 2158
+ SYS_ACOSHL = 0x86F // 2159
+ SYS_ASINHF = 0x870 // 2160
+ SYS_ASINHL = 0x871 // 2161
+ SYS_ATANHF = 0x872 // 2162
+ SYS_ATANHL = 0x873 // 2163
+ SYS_CBRTF = 0x874 // 2164
+ SYS_CBRTL = 0x875 // 2165
+ SYS_COPYSIGNF = 0x876 // 2166
+ SYS_CPYSIGNF = 0x876 // 2166
+ SYS_COPYSIGNL = 0x877 // 2167
+ SYS_CPYSIGNL = 0x877 // 2167
+ SYS_COTANF = 0x878 // 2168
+ SYS___COTANF = 0x878 // 2168
+ SYS_COTAN = 0x879 // 2169
+ SYS___COTAN = 0x879 // 2169
+ SYS_COTANL = 0x87A // 2170
+ SYS___COTANL = 0x87A // 2170
+ SYS_EXP2F = 0x87B // 2171
+ SYS_EXP2L = 0x87C // 2172
+ SYS_EXPM1F = 0x87D // 2173
+ SYS_EXPM1L = 0x87E // 2174
+ SYS_FDIMF = 0x87F // 2175
+ SYS_FDIM = 0x881 // 2177
+ SYS_FDIML = 0x882 // 2178
+ SYS_HYPOTF = 0x883 // 2179
+ SYS_HYPOTL = 0x884 // 2180
+ SYS_LOG1PF = 0x885 // 2181
+ SYS_LOG1PL = 0x886 // 2182
+ SYS_LOG2F = 0x887 // 2183
+ SYS_LOG2 = 0x888 // 2184
+ SYS_LOG2L = 0x889 // 2185
+ SYS_REMAINDERF = 0x88A // 2186
+ SYS_REMAINDF = 0x88A // 2186
+ SYS_REMAINDERL = 0x88B // 2187
+ SYS_REMAINDL = 0x88B // 2187
+ SYS_REMQUOF = 0x88C // 2188
+ SYS_REMQUO = 0x88D // 2189
+ SYS_REMQUOL = 0x88E // 2190
+ SYS_TGAMMAF = 0x88F // 2191
+ SYS_TGAMMA = 0x890 // 2192
+ SYS_TGAMMAL = 0x891 // 2193
+ SYS_TRUNCF = 0x892 // 2194
+ SYS_TRUNC = 0x893 // 2195
+ SYS_TRUNCL = 0x894 // 2196
+ SYS_LGAMMAF = 0x895 // 2197
+ SYS_LGAMMAL = 0x896 // 2198
+ SYS_LROUNDF = 0x897 // 2199
+ SYS_LROUND = 0x898 // 2200
+ SYS_ERFF = 0x899 // 2201
+ SYS_ERFL = 0x89A // 2202
+ SYS_ERFCF = 0x89B // 2203
+ SYS_ERFCL = 0x89C // 2204
+ SYS___EXP2_B = 0x89D // 2205
+ SYS_EXP2 = 0x89E // 2206
+ SYS___FAR_JUMP = 0x89F // 2207
+ SYS___TCGETATTR_A = 0x8A1 // 2209
+ SYS___TCSETATTR_A = 0x8A2 // 2210
+ SYS___SUPERKILL = 0x8A4 // 2212
+ SYS___LE_CONDITION_TOKEN_BUILD = 0x8A5 // 2213
+ SYS___LE_MSG_ADD_INSERT = 0x8A6 // 2214
+ SYS___LE_MSG_GET = 0x8A7 // 2215
+ SYS___LE_MSG_GET_AND_WRITE = 0x8A8 // 2216
+ SYS___LE_MSG_WRITE = 0x8A9 // 2217
+ SYS___ITOA = 0x8AA // 2218
+ SYS___UTOA = 0x8AB // 2219
+ SYS___LTOA = 0x8AC // 2220
+ SYS___ULTOA = 0x8AD // 2221
+ SYS___LLTOA = 0x8AE // 2222
+ SYS___ULLTOA = 0x8AF // 2223
+ SYS___ITOA_A = 0x8B0 // 2224
+ SYS___UTOA_A = 0x8B1 // 2225
+ SYS___LTOA_A = 0x8B2 // 2226
+ SYS___ULTOA_A = 0x8B3 // 2227
+ SYS___LLTOA_A = 0x8B4 // 2228
+ SYS___ULLTOA_A = 0x8B5 // 2229
+ SYS_____GETENV_A = 0x8C3 // 2243
+ SYS___REXEC_A = 0x8C4 // 2244
+ SYS___REXEC_AF_A = 0x8C5 // 2245
+ SYS___GETUTXENT_A = 0x8C6 // 2246
+ SYS___GETUTXID_A = 0x8C7 // 2247
+ SYS___GETUTXLINE_A = 0x8C8 // 2248
+ SYS___PUTUTXLINE_A = 0x8C9 // 2249
+ SYS_____UTMPXNAME_A = 0x8CA // 2250
+ SYS___PUTC_UNLOCKED_A = 0x8CB // 2251
+ SYS___PUTCHAR_UNLOCKED_A = 0x8CC // 2252
+ SYS___SNPRINTF_A = 0x8CD // 2253
+ SYS___VSNPRINTF_A = 0x8CE // 2254
+ SYS___DLOPEN_A = 0x8D0 // 2256
+ SYS___DLSYM_A = 0x8D1 // 2257
+ SYS___DLERROR_A = 0x8D2 // 2258
+ SYS_FLOCKFILE = 0x8D3 // 2259
+ SYS_FTRYLOCKFILE = 0x8D4 // 2260
+ SYS_FUNLOCKFILE = 0x8D5 // 2261
+ SYS_GETC_UNLOCKED = 0x8D6 // 2262
+ SYS_GETCHAR_UNLOCKED = 0x8D7 // 2263
+ SYS_PUTC_UNLOCKED = 0x8D8 // 2264
+ SYS_PUTCHAR_UNLOCKED = 0x8D9 // 2265
+ SYS_SNPRINTF = 0x8DA // 2266
+ SYS_VSNPRINTF = 0x8DB // 2267
+ SYS_DLOPEN = 0x8DD // 2269
+ SYS_DLSYM = 0x8DE // 2270
+ SYS_DLCLOSE = 0x8DF // 2271
+ SYS_DLERROR = 0x8E0 // 2272
+ SYS___SET_EXCEPTION_HANDLER = 0x8E2 // 2274
+ SYS___RESET_EXCEPTION_HANDLER = 0x8E3 // 2275
+ SYS___VHM_EVENT = 0x8E4 // 2276
+ SYS___ABS_H = 0x8E6 // 2278
+ SYS___ABSF_H = 0x8E7 // 2279
+ SYS___ABSL_H = 0x8E8 // 2280
+ SYS___ACOS_H = 0x8E9 // 2281
+ SYS___ACOSF_H = 0x8EA // 2282
+ SYS___ACOSL_H = 0x8EB // 2283
+ SYS___ACOSH_H = 0x8EC // 2284
+ SYS___ASIN_H = 0x8ED // 2285
+ SYS___ASINF_H = 0x8EE // 2286
+ SYS___ASINL_H = 0x8EF // 2287
+ SYS___ASINH_H = 0x8F0 // 2288
+ SYS___ATAN_H = 0x8F1 // 2289
+ SYS___ATANF_H = 0x8F2 // 2290
+ SYS___ATANL_H = 0x8F3 // 2291
+ SYS___ATANH_H = 0x8F4 // 2292
+ SYS___ATANHF_H = 0x8F5 // 2293
+ SYS___ATANHL_H = 0x8F6 // 2294
+ SYS___ATAN2_H = 0x8F7 // 2295
+ SYS___ATAN2F_H = 0x8F8 // 2296
+ SYS___ATAN2L_H = 0x8F9 // 2297
+ SYS___CBRT_H = 0x8FA // 2298
+ SYS___COPYSIGNF_H = 0x8FB // 2299
+ SYS___COPYSIGNL_H = 0x8FC // 2300
+ SYS___COS_H = 0x8FD // 2301
+ SYS___COSF_H = 0x8FE // 2302
+ SYS___COSL_H = 0x8FF // 2303
+ SYS___COSHF_H = 0x900 // 2304
+ SYS___COSHL_H = 0x901 // 2305
+ SYS___COTAN_H = 0x902 // 2306
+ SYS___COTANF_H = 0x903 // 2307
+ SYS___COTANL_H = 0x904 // 2308
+ SYS___ERF_H = 0x905 // 2309
+ SYS___ERFF_H = 0x906 // 2310
+ SYS___ERFL_H = 0x907 // 2311
+ SYS___ERFC_H = 0x908 // 2312
+ SYS___ERFCF_H = 0x909 // 2313
+ SYS___ERFCL_H = 0x90A // 2314
+ SYS___EXP_H = 0x90B // 2315
+ SYS___EXPF_H = 0x90C // 2316
+ SYS___EXPL_H = 0x90D // 2317
+ SYS___EXPM1_H = 0x90E // 2318
+ SYS___FDIM_H = 0x90F // 2319
+ SYS___FDIMF_H = 0x910 // 2320
+ SYS___FDIML_H = 0x911 // 2321
+ SYS___FMOD_H = 0x912 // 2322
+ SYS___FMODF_H = 0x913 // 2323
+ SYS___FMODL_H = 0x914 // 2324
+ SYS___GAMMA_H = 0x915 // 2325
+ SYS___HYPOT_H = 0x916 // 2326
+ SYS___ILOGB_H = 0x917 // 2327
+ SYS___LGAMMA_H = 0x918 // 2328
+ SYS___LGAMMAF_H = 0x919 // 2329
+ SYS___LOG_H = 0x91A // 2330
+ SYS___LOGF_H = 0x91B // 2331
+ SYS___LOGL_H = 0x91C // 2332
+ SYS___LOGB_H = 0x91D // 2333
+ SYS___LOG2_H = 0x91E // 2334
+ SYS___LOG2F_H = 0x91F // 2335
+ SYS___LOG2L_H = 0x920 // 2336
+ SYS___LOG1P_H = 0x921 // 2337
+ SYS___LOG10_H = 0x922 // 2338
+ SYS___LOG10F_H = 0x923 // 2339
+ SYS___LOG10L_H = 0x924 // 2340
+ SYS___LROUND_H = 0x925 // 2341
+ SYS___LROUNDF_H = 0x926 // 2342
+ SYS___NEXTAFTER_H = 0x927 // 2343
+ SYS___POW_H = 0x928 // 2344
+ SYS___POWF_H = 0x929 // 2345
+ SYS___POWL_H = 0x92A // 2346
+ SYS___REMAINDER_H = 0x92B // 2347
+ SYS___RINT_H = 0x92C // 2348
+ SYS___SCALB_H = 0x92D // 2349
+ SYS___SIN_H = 0x92E // 2350
+ SYS___SINF_H = 0x92F // 2351
+ SYS___SINL_H = 0x930 // 2352
+ SYS___SINH_H = 0x931 // 2353
+ SYS___SINHF_H = 0x932 // 2354
+ SYS___SINHL_H = 0x933 // 2355
+ SYS___SQRT_H = 0x934 // 2356
+ SYS___SQRTF_H = 0x935 // 2357
+ SYS___SQRTL_H = 0x936 // 2358
+ SYS___TAN_H = 0x937 // 2359
+ SYS___TANF_H = 0x938 // 2360
+ SYS___TANL_H = 0x939 // 2361
+ SYS___TANH_H = 0x93A // 2362
+ SYS___TANHF_H = 0x93B // 2363
+ SYS___TANHL_H = 0x93C // 2364
+ SYS___TGAMMA_H = 0x93D // 2365
+ SYS___TGAMMAF_H = 0x93E // 2366
+ SYS___TRUNC_H = 0x93F // 2367
+ SYS___TRUNCF_H = 0x940 // 2368
+ SYS___TRUNCL_H = 0x941 // 2369
+ SYS___COSH_H = 0x942 // 2370
+ SYS___LE_DEBUG_SET_RESUME_MCH = 0x943 // 2371
+ SYS_VFSCANF = 0x944 // 2372
+ SYS_VSCANF = 0x946 // 2374
+ SYS_VSSCANF = 0x948 // 2376
+ SYS_VFWSCANF = 0x94A // 2378
+ SYS_VWSCANF = 0x94C // 2380
+ SYS_VSWSCANF = 0x94E // 2382
+ SYS_IMAXABS = 0x950 // 2384
+ SYS_IMAXDIV = 0x951 // 2385
+ SYS_STRTOIMAX = 0x952 // 2386
+ SYS_STRTOUMAX = 0x953 // 2387
+ SYS_WCSTOIMAX = 0x954 // 2388
+ SYS_WCSTOUMAX = 0x955 // 2389
+ SYS_ATOLL = 0x956 // 2390
+ SYS_STRTOF = 0x957 // 2391
+ SYS_STRTOLD = 0x958 // 2392
+ SYS_WCSTOF = 0x959 // 2393
+ SYS_WCSTOLD = 0x95A // 2394
+ SYS_INET6_RTH_SPACE = 0x95B // 2395
+ SYS_INET6_RTH_INIT = 0x95C // 2396
+ SYS_INET6_RTH_ADD = 0x95D // 2397
+ SYS_INET6_RTH_REVERSE = 0x95E // 2398
+ SYS_INET6_RTH_SEGMENTS = 0x95F // 2399
+ SYS_INET6_RTH_GETADDR = 0x960 // 2400
+ SYS_INET6_OPT_INIT = 0x961 // 2401
+ SYS_INET6_OPT_APPEND = 0x962 // 2402
+ SYS_INET6_OPT_FINISH = 0x963 // 2403
+ SYS_INET6_OPT_SET_VAL = 0x964 // 2404
+ SYS_INET6_OPT_NEXT = 0x965 // 2405
+ SYS_INET6_OPT_FIND = 0x966 // 2406
+ SYS_INET6_OPT_GET_VAL = 0x967 // 2407
+ SYS___POW_I = 0x987 // 2439
+ SYS___POW_I_B = 0x988 // 2440
+ SYS___POW_I_H = 0x989 // 2441
+ SYS___POW_II = 0x98A // 2442
+ SYS___POW_II_B = 0x98B // 2443
+ SYS___POW_II_H = 0x98C // 2444
+ SYS_CABS = 0x98E // 2446
+ SYS___CABS_B = 0x98F // 2447
+ SYS___CABS_H = 0x990 // 2448
+ SYS_CABSF = 0x991 // 2449
+ SYS___CABSF_B = 0x992 // 2450
+ SYS___CABSF_H = 0x993 // 2451
+ SYS_CABSL = 0x994 // 2452
+ SYS___CABSL_B = 0x995 // 2453
+ SYS___CABSL_H = 0x996 // 2454
+ SYS_CACOS = 0x997 // 2455
+ SYS___CACOS_B = 0x998 // 2456
+ SYS___CACOS_H = 0x999 // 2457
+ SYS_CACOSF = 0x99A // 2458
+ SYS___CACOSF_B = 0x99B // 2459
+ SYS___CACOSF_H = 0x99C // 2460
+ SYS_CACOSL = 0x99D // 2461
+ SYS___CACOSL_B = 0x99E // 2462
+ SYS___CACOSL_H = 0x99F // 2463
+ SYS_CACOSH = 0x9A0 // 2464
+ SYS___CACOSH_B = 0x9A1 // 2465
+ SYS___CACOSH_H = 0x9A2 // 2466
+ SYS_CACOSHF = 0x9A3 // 2467
+ SYS___CACOSHF_B = 0x9A4 // 2468
+ SYS___CACOSHF_H = 0x9A5 // 2469
+ SYS_CACOSHL = 0x9A6 // 2470
+ SYS___CACOSHL_B = 0x9A7 // 2471
+ SYS___CACOSHL_H = 0x9A8 // 2472
+ SYS_CARG = 0x9A9 // 2473
+ SYS___CARG_B = 0x9AA // 2474
+ SYS___CARG_H = 0x9AB // 2475
+ SYS_CARGF = 0x9AC // 2476
+ SYS___CARGF_B = 0x9AD // 2477
+ SYS___CARGF_H = 0x9AE // 2478
+ SYS_CARGL = 0x9AF // 2479
+ SYS___CARGL_B = 0x9B0 // 2480
+ SYS___CARGL_H = 0x9B1 // 2481
+ SYS_CASIN = 0x9B2 // 2482
+ SYS___CASIN_B = 0x9B3 // 2483
+ SYS___CASIN_H = 0x9B4 // 2484
+ SYS_CASINF = 0x9B5 // 2485
+ SYS___CASINF_B = 0x9B6 // 2486
+ SYS___CASINF_H = 0x9B7 // 2487
+ SYS_CASINL = 0x9B8 // 2488
+ SYS___CASINL_B = 0x9B9 // 2489
+ SYS___CASINL_H = 0x9BA // 2490
+ SYS_CASINH = 0x9BB // 2491
+ SYS___CASINH_B = 0x9BC // 2492
+ SYS___CASINH_H = 0x9BD // 2493
+ SYS_CASINHF = 0x9BE // 2494
+ SYS___CASINHF_B = 0x9BF // 2495
+ SYS___CASINHF_H = 0x9C0 // 2496
+ SYS_CASINHL = 0x9C1 // 2497
+ SYS___CASINHL_B = 0x9C2 // 2498
+ SYS___CASINHL_H = 0x9C3 // 2499
+ SYS_CATAN = 0x9C4 // 2500
+ SYS___CATAN_B = 0x9C5 // 2501
+ SYS___CATAN_H = 0x9C6 // 2502
+ SYS_CATANF = 0x9C7 // 2503
+ SYS___CATANF_B = 0x9C8 // 2504
+ SYS___CATANF_H = 0x9C9 // 2505
+ SYS_CATANL = 0x9CA // 2506
+ SYS___CATANL_B = 0x9CB // 2507
+ SYS___CATANL_H = 0x9CC // 2508
+ SYS_CATANH = 0x9CD // 2509
+ SYS___CATANH_B = 0x9CE // 2510
+ SYS___CATANH_H = 0x9CF // 2511
+ SYS_CATANHF = 0x9D0 // 2512
+ SYS___CATANHF_B = 0x9D1 // 2513
+ SYS___CATANHF_H = 0x9D2 // 2514
+ SYS_CATANHL = 0x9D3 // 2515
+ SYS___CATANHL_B = 0x9D4 // 2516
+ SYS___CATANHL_H = 0x9D5 // 2517
+ SYS_CCOS = 0x9D6 // 2518
+ SYS___CCOS_B = 0x9D7 // 2519
+ SYS___CCOS_H = 0x9D8 // 2520
+ SYS_CCOSF = 0x9D9 // 2521
+ SYS___CCOSF_B = 0x9DA // 2522
+ SYS___CCOSF_H = 0x9DB // 2523
+ SYS_CCOSL = 0x9DC // 2524
+ SYS___CCOSL_B = 0x9DD // 2525
+ SYS___CCOSL_H = 0x9DE // 2526
+ SYS_CCOSH = 0x9DF // 2527
+ SYS___CCOSH_B = 0x9E0 // 2528
+ SYS___CCOSH_H = 0x9E1 // 2529
+ SYS_CCOSHF = 0x9E2 // 2530
+ SYS___CCOSHF_B = 0x9E3 // 2531
+ SYS___CCOSHF_H = 0x9E4 // 2532
+ SYS_CCOSHL = 0x9E5 // 2533
+ SYS___CCOSHL_B = 0x9E6 // 2534
+ SYS___CCOSHL_H = 0x9E7 // 2535
+ SYS_CEXP = 0x9E8 // 2536
+ SYS___CEXP_B = 0x9E9 // 2537
+ SYS___CEXP_H = 0x9EA // 2538
+ SYS_CEXPF = 0x9EB // 2539
+ SYS___CEXPF_B = 0x9EC // 2540
+ SYS___CEXPF_H = 0x9ED // 2541
+ SYS_CEXPL = 0x9EE // 2542
+ SYS___CEXPL_B = 0x9EF // 2543
+ SYS___CEXPL_H = 0x9F0 // 2544
+ SYS_CIMAG = 0x9F1 // 2545
+ SYS___CIMAG_B = 0x9F2 // 2546
+ SYS___CIMAG_H = 0x9F3 // 2547
+ SYS_CIMAGF = 0x9F4 // 2548
+ SYS___CIMAGF_B = 0x9F5 // 2549
+ SYS___CIMAGF_H = 0x9F6 // 2550
+ SYS_CIMAGL = 0x9F7 // 2551
+ SYS___CIMAGL_B = 0x9F8 // 2552
+ SYS___CIMAGL_H = 0x9F9 // 2553
+ SYS___CLOG = 0x9FA // 2554
+ SYS___CLOG_B = 0x9FB // 2555
+ SYS___CLOG_H = 0x9FC // 2556
+ SYS_CLOGF = 0x9FD // 2557
+ SYS___CLOGF_B = 0x9FE // 2558
+ SYS___CLOGF_H = 0x9FF // 2559
+ SYS_CLOGL = 0xA00 // 2560
+ SYS___CLOGL_B = 0xA01 // 2561
+ SYS___CLOGL_H = 0xA02 // 2562
+ SYS_CONJ = 0xA03 // 2563
+ SYS___CONJ_B = 0xA04 // 2564
+ SYS___CONJ_H = 0xA05 // 2565
+ SYS_CONJF = 0xA06 // 2566
+ SYS___CONJF_B = 0xA07 // 2567
+ SYS___CONJF_H = 0xA08 // 2568
+ SYS_CONJL = 0xA09 // 2569
+ SYS___CONJL_B = 0xA0A // 2570
+ SYS___CONJL_H = 0xA0B // 2571
+ SYS_CPOW = 0xA0C // 2572
+ SYS___CPOW_B = 0xA0D // 2573
+ SYS___CPOW_H = 0xA0E // 2574
+ SYS_CPOWF = 0xA0F // 2575
+ SYS___CPOWF_B = 0xA10 // 2576
+ SYS___CPOWF_H = 0xA11 // 2577
+ SYS_CPOWL = 0xA12 // 2578
+ SYS___CPOWL_B = 0xA13 // 2579
+ SYS___CPOWL_H = 0xA14 // 2580
+ SYS_CPROJ = 0xA15 // 2581
+ SYS___CPROJ_B = 0xA16 // 2582
+ SYS___CPROJ_H = 0xA17 // 2583
+ SYS_CPROJF = 0xA18 // 2584
+ SYS___CPROJF_B = 0xA19 // 2585
+ SYS___CPROJF_H = 0xA1A // 2586
+ SYS_CPROJL = 0xA1B // 2587
+ SYS___CPROJL_B = 0xA1C // 2588
+ SYS___CPROJL_H = 0xA1D // 2589
+ SYS_CREAL = 0xA1E // 2590
+ SYS___CREAL_B = 0xA1F // 2591
+ SYS___CREAL_H = 0xA20 // 2592
+ SYS_CREALF = 0xA21 // 2593
+ SYS___CREALF_B = 0xA22 // 2594
+ SYS___CREALF_H = 0xA23 // 2595
+ SYS_CREALL = 0xA24 // 2596
+ SYS___CREALL_B = 0xA25 // 2597
+ SYS___CREALL_H = 0xA26 // 2598
+ SYS_CSIN = 0xA27 // 2599
+ SYS___CSIN_B = 0xA28 // 2600
+ SYS___CSIN_H = 0xA29 // 2601
+ SYS_CSINF = 0xA2A // 2602
+ SYS___CSINF_B = 0xA2B // 2603
+ SYS___CSINF_H = 0xA2C // 2604
+ SYS_CSINL = 0xA2D // 2605
+ SYS___CSINL_B = 0xA2E // 2606
+ SYS___CSINL_H = 0xA2F // 2607
+ SYS_CSINH = 0xA30 // 2608
+ SYS___CSINH_B = 0xA31 // 2609
+ SYS___CSINH_H = 0xA32 // 2610
+ SYS_CSINHF = 0xA33 // 2611
+ SYS___CSINHF_B = 0xA34 // 2612
+ SYS___CSINHF_H = 0xA35 // 2613
+ SYS_CSINHL = 0xA36 // 2614
+ SYS___CSINHL_B = 0xA37 // 2615
+ SYS___CSINHL_H = 0xA38 // 2616
+ SYS_CSQRT = 0xA39 // 2617
+ SYS___CSQRT_B = 0xA3A // 2618
+ SYS___CSQRT_H = 0xA3B // 2619
+ SYS_CSQRTF = 0xA3C // 2620
+ SYS___CSQRTF_B = 0xA3D // 2621
+ SYS___CSQRTF_H = 0xA3E // 2622
+ SYS_CSQRTL = 0xA3F // 2623
+ SYS___CSQRTL_B = 0xA40 // 2624
+ SYS___CSQRTL_H = 0xA41 // 2625
+ SYS_CTAN = 0xA42 // 2626
+ SYS___CTAN_B = 0xA43 // 2627
+ SYS___CTAN_H = 0xA44 // 2628
+ SYS_CTANF = 0xA45 // 2629
+ SYS___CTANF_B = 0xA46 // 2630
+ SYS___CTANF_H = 0xA47 // 2631
+ SYS_CTANL = 0xA48 // 2632
+ SYS___CTANL_B = 0xA49 // 2633
+ SYS___CTANL_H = 0xA4A // 2634
+ SYS_CTANH = 0xA4B // 2635
+ SYS___CTANH_B = 0xA4C // 2636
+ SYS___CTANH_H = 0xA4D // 2637
+ SYS_CTANHF = 0xA4E // 2638
+ SYS___CTANHF_B = 0xA4F // 2639
+ SYS___CTANHF_H = 0xA50 // 2640
+ SYS_CTANHL = 0xA51 // 2641
+ SYS___CTANHL_B = 0xA52 // 2642
+ SYS___CTANHL_H = 0xA53 // 2643
+ SYS___ACOSHF_H = 0xA54 // 2644
+ SYS___ACOSHL_H = 0xA55 // 2645
+ SYS___ASINHF_H = 0xA56 // 2646
+ SYS___ASINHL_H = 0xA57 // 2647
+ SYS___CBRTF_H = 0xA58 // 2648
+ SYS___CBRTL_H = 0xA59 // 2649
+ SYS___COPYSIGN_B = 0xA5A // 2650
+ SYS___EXPM1F_H = 0xA5B // 2651
+ SYS___EXPM1L_H = 0xA5C // 2652
+ SYS___EXP2_H = 0xA5D // 2653
+ SYS___EXP2F_H = 0xA5E // 2654
+ SYS___EXP2L_H = 0xA5F // 2655
+ SYS___LOG1PF_H = 0xA60 // 2656
+ SYS___LOG1PL_H = 0xA61 // 2657
+ SYS___LGAMMAL_H = 0xA62 // 2658
+ SYS_FMA = 0xA63 // 2659
+ SYS___FMA_B = 0xA64 // 2660
+ SYS___FMA_H = 0xA65 // 2661
+ SYS_FMAF = 0xA66 // 2662
+ SYS___FMAF_B = 0xA67 // 2663
+ SYS___FMAF_H = 0xA68 // 2664
+ SYS_FMAL = 0xA69 // 2665
+ SYS___FMAL_B = 0xA6A // 2666
+ SYS___FMAL_H = 0xA6B // 2667
+ SYS_FMAX = 0xA6C // 2668
+ SYS___FMAX_B = 0xA6D // 2669
+ SYS___FMAX_H = 0xA6E // 2670
+ SYS_FMAXF = 0xA6F // 2671
+ SYS___FMAXF_B = 0xA70 // 2672
+ SYS___FMAXF_H = 0xA71 // 2673
+ SYS_FMAXL = 0xA72 // 2674
+ SYS___FMAXL_B = 0xA73 // 2675
+ SYS___FMAXL_H = 0xA74 // 2676
+ SYS_FMIN = 0xA75 // 2677
+ SYS___FMIN_B = 0xA76 // 2678
+ SYS___FMIN_H = 0xA77 // 2679
+ SYS_FMINF = 0xA78 // 2680
+ SYS___FMINF_B = 0xA79 // 2681
+ SYS___FMINF_H = 0xA7A // 2682
+ SYS_FMINL = 0xA7B // 2683
+ SYS___FMINL_B = 0xA7C // 2684
+ SYS___FMINL_H = 0xA7D // 2685
+ SYS_ILOGBF = 0xA7E // 2686
+ SYS___ILOGBF_B = 0xA7F // 2687
+ SYS___ILOGBF_H = 0xA80 // 2688
+ SYS_ILOGBL = 0xA81 // 2689
+ SYS___ILOGBL_B = 0xA82 // 2690
+ SYS___ILOGBL_H = 0xA83 // 2691
+ SYS_LLRINT = 0xA84 // 2692
+ SYS___LLRINT_B = 0xA85 // 2693
+ SYS___LLRINT_H = 0xA86 // 2694
+ SYS_LLRINTF = 0xA87 // 2695
+ SYS___LLRINTF_B = 0xA88 // 2696
+ SYS___LLRINTF_H = 0xA89 // 2697
+ SYS_LLRINTL = 0xA8A // 2698
+ SYS___LLRINTL_B = 0xA8B // 2699
+ SYS___LLRINTL_H = 0xA8C // 2700
+ SYS_LLROUND = 0xA8D // 2701
+ SYS___LLROUND_B = 0xA8E // 2702
+ SYS___LLROUND_H = 0xA8F // 2703
+ SYS_LLROUNDF = 0xA90 // 2704
+ SYS___LLROUNDF_B = 0xA91 // 2705
+ SYS___LLROUNDF_H = 0xA92 // 2706
+ SYS_LLROUNDL = 0xA93 // 2707
+ SYS___LLROUNDL_B = 0xA94 // 2708
+ SYS___LLROUNDL_H = 0xA95 // 2709
+ SYS_LOGBF = 0xA96 // 2710
+ SYS___LOGBF_B = 0xA97 // 2711
+ SYS___LOGBF_H = 0xA98 // 2712
+ SYS_LOGBL = 0xA99 // 2713
+ SYS___LOGBL_B = 0xA9A // 2714
+ SYS___LOGBL_H = 0xA9B // 2715
+ SYS_LRINT = 0xA9C // 2716
+ SYS___LRINT_B = 0xA9D // 2717
+ SYS___LRINT_H = 0xA9E // 2718
+ SYS_LRINTF = 0xA9F // 2719
+ SYS___LRINTF_B = 0xAA0 // 2720
+ SYS___LRINTF_H = 0xAA1 // 2721
+ SYS_LRINTL = 0xAA2 // 2722
+ SYS___LRINTL_B = 0xAA3 // 2723
+ SYS___LRINTL_H = 0xAA4 // 2724
+ SYS_LROUNDL = 0xAA5 // 2725
+ SYS___LROUNDL_B = 0xAA6 // 2726
+ SYS___LROUNDL_H = 0xAA7 // 2727
+ SYS_NAN = 0xAA8 // 2728
+ SYS___NAN_B = 0xAA9 // 2729
+ SYS_NANF = 0xAAA // 2730
+ SYS___NANF_B = 0xAAB // 2731
+ SYS_NANL = 0xAAC // 2732
+ SYS___NANL_B = 0xAAD // 2733
+ SYS_NEARBYINT = 0xAAE // 2734
+ SYS___NEARBYINT_B = 0xAAF // 2735
+ SYS___NEARBYINT_H = 0xAB0 // 2736
+ SYS_NEARBYINTF = 0xAB1 // 2737
+ SYS___NEARBYINTF_B = 0xAB2 // 2738
+ SYS___NEARBYINTF_H = 0xAB3 // 2739
+ SYS_NEARBYINTL = 0xAB4 // 2740
+ SYS___NEARBYINTL_B = 0xAB5 // 2741
+ SYS___NEARBYINTL_H = 0xAB6 // 2742
+ SYS_NEXTAFTERF = 0xAB7 // 2743
+ SYS___NEXTAFTERF_B = 0xAB8 // 2744
+ SYS___NEXTAFTERF_H = 0xAB9 // 2745
+ SYS_NEXTAFTERL = 0xABA // 2746
+ SYS___NEXTAFTERL_B = 0xABB // 2747
+ SYS___NEXTAFTERL_H = 0xABC // 2748
+ SYS_NEXTTOWARD = 0xABD // 2749
+ SYS___NEXTTOWARD_B = 0xABE // 2750
+ SYS___NEXTTOWARD_H = 0xABF // 2751
+ SYS_NEXTTOWARDF = 0xAC0 // 2752
+ SYS___NEXTTOWARDF_B = 0xAC1 // 2753
+ SYS___NEXTTOWARDF_H = 0xAC2 // 2754
+ SYS_NEXTTOWARDL = 0xAC3 // 2755
+ SYS___NEXTTOWARDL_B = 0xAC4 // 2756
+ SYS___NEXTTOWARDL_H = 0xAC5 // 2757
+ SYS___REMAINDERF_H = 0xAC6 // 2758
+ SYS___REMAINDERL_H = 0xAC7 // 2759
+ SYS___REMQUO_H = 0xAC8 // 2760
+ SYS___REMQUOF_H = 0xAC9 // 2761
+ SYS___REMQUOL_H = 0xACA // 2762
+ SYS_RINTF = 0xACB // 2763
+ SYS___RINTF_B = 0xACC // 2764
+ SYS_RINTL = 0xACD // 2765
+ SYS___RINTL_B = 0xACE // 2766
+ SYS_ROUND = 0xACF // 2767
+ SYS___ROUND_B = 0xAD0 // 2768
+ SYS___ROUND_H = 0xAD1 // 2769
+ SYS_ROUNDF = 0xAD2 // 2770
+ SYS___ROUNDF_B = 0xAD3 // 2771
+ SYS___ROUNDF_H = 0xAD4 // 2772
+ SYS_ROUNDL = 0xAD5 // 2773
+ SYS___ROUNDL_B = 0xAD6 // 2774
+ SYS___ROUNDL_H = 0xAD7 // 2775
+ SYS_SCALBLN = 0xAD8 // 2776
+ SYS___SCALBLN_B = 0xAD9 // 2777
+ SYS___SCALBLN_H = 0xADA // 2778
+ SYS_SCALBLNF = 0xADB // 2779
+ SYS___SCALBLNF_B = 0xADC // 2780
+ SYS___SCALBLNF_H = 0xADD // 2781
+ SYS_SCALBLNL = 0xADE // 2782
+ SYS___SCALBLNL_B = 0xADF // 2783
+ SYS___SCALBLNL_H = 0xAE0 // 2784
+ SYS___SCALBN_B = 0xAE1 // 2785
+ SYS___SCALBN_H = 0xAE2 // 2786
+ SYS_SCALBNF = 0xAE3 // 2787
+ SYS___SCALBNF_B = 0xAE4 // 2788
+ SYS___SCALBNF_H = 0xAE5 // 2789
+ SYS_SCALBNL = 0xAE6 // 2790
+ SYS___SCALBNL_B = 0xAE7 // 2791
+ SYS___SCALBNL_H = 0xAE8 // 2792
+ SYS___TGAMMAL_H = 0xAE9 // 2793
+ SYS_FECLEAREXCEPT = 0xAEA // 2794
+ SYS_FEGETENV = 0xAEB // 2795
+ SYS_FEGETEXCEPTFLAG = 0xAEC // 2796
+ SYS_FEGETROUND = 0xAED // 2797
+ SYS_FEHOLDEXCEPT = 0xAEE // 2798
+ SYS_FERAISEEXCEPT = 0xAEF // 2799
+ SYS_FESETENV = 0xAF0 // 2800
+ SYS_FESETEXCEPTFLAG = 0xAF1 // 2801
+ SYS_FESETROUND = 0xAF2 // 2802
+ SYS_FETESTEXCEPT = 0xAF3 // 2803
+ SYS_FEUPDATEENV = 0xAF4 // 2804
+ SYS___COPYSIGN_H = 0xAF5 // 2805
+ SYS___HYPOTF_H = 0xAF6 // 2806
+ SYS___HYPOTL_H = 0xAF7 // 2807
+ SYS___CLASS = 0xAFA // 2810
+ SYS___CLASS_B = 0xAFB // 2811
+ SYS___CLASS_H = 0xAFC // 2812
+ SYS___ISBLANK_A = 0xB2E // 2862
+ SYS___ISWBLANK_A = 0xB2F // 2863
+ SYS___LROUND_FIXUP = 0xB30 // 2864
+ SYS___LROUNDF_FIXUP = 0xB31 // 2865
+ SYS_SCHED_YIELD = 0xB32 // 2866
+ SYS_STRERROR_R = 0xB33 // 2867
+ SYS_UNSETENV = 0xB34 // 2868
+ SYS___LGAMMA_H_C99 = 0xB38 // 2872
+ SYS___LGAMMA_B_C99 = 0xB39 // 2873
+ SYS___LGAMMA_R_C99 = 0xB3A // 2874
+ SYS___FTELL2 = 0xB3B // 2875
+ SYS___FSEEK2 = 0xB3C // 2876
+ SYS___STATIC_REINIT = 0xB3D // 2877
+ SYS_PTHREAD_ATTR_GETSTACK = 0xB3E // 2878
+ SYS_PTHREAD_ATTR_SETSTACK = 0xB3F // 2879
+ SYS___TGAMMA_H_C99 = 0xB78 // 2936
+ SYS___TGAMMAF_H_C99 = 0xB79 // 2937
+ SYS___LE_TRACEBACK = 0xB7A // 2938
+ SYS___MUST_STAY_CLEAN = 0xB7C // 2940
+ SYS___O_ENV = 0xB7D // 2941
+ SYS_ACOSD32 = 0xB7E // 2942
+ SYS_ACOSD64 = 0xB7F // 2943
+ SYS_ACOSD128 = 0xB80 // 2944
+ SYS_ACOSHD32 = 0xB81 // 2945
+ SYS_ACOSHD64 = 0xB82 // 2946
+ SYS_ACOSHD128 = 0xB83 // 2947
+ SYS_ASIND32 = 0xB84 // 2948
+ SYS_ASIND64 = 0xB85 // 2949
+ SYS_ASIND128 = 0xB86 // 2950
+ SYS_ASINHD32 = 0xB87 // 2951
+ SYS_ASINHD64 = 0xB88 // 2952
+ SYS_ASINHD128 = 0xB89 // 2953
+ SYS_ATAND32 = 0xB8A // 2954
+ SYS_ATAND64 = 0xB8B // 2955
+ SYS_ATAND128 = 0xB8C // 2956
+ SYS_ATAN2D32 = 0xB8D // 2957
+ SYS_ATAN2D64 = 0xB8E // 2958
+ SYS_ATAN2D128 = 0xB8F // 2959
+ SYS_ATANHD32 = 0xB90 // 2960
+ SYS_ATANHD64 = 0xB91 // 2961
+ SYS_ATANHD128 = 0xB92 // 2962
+ SYS_CBRTD32 = 0xB93 // 2963
+ SYS_CBRTD64 = 0xB94 // 2964
+ SYS_CBRTD128 = 0xB95 // 2965
+ SYS_CEILD32 = 0xB96 // 2966
+ SYS_CEILD64 = 0xB97 // 2967
+ SYS_CEILD128 = 0xB98 // 2968
+ SYS___CLASS2 = 0xB99 // 2969
+ SYS___CLASS2_B = 0xB9A // 2970
+ SYS___CLASS2_H = 0xB9B // 2971
+ SYS_COPYSIGND32 = 0xB9C // 2972
+ SYS_COPYSIGND64 = 0xB9D // 2973
+ SYS_COPYSIGND128 = 0xB9E // 2974
+ SYS_COSD32 = 0xB9F // 2975
+ SYS_COSD64 = 0xBA0 // 2976
+ SYS_COSD128 = 0xBA1 // 2977
+ SYS_COSHD32 = 0xBA2 // 2978
+ SYS_COSHD64 = 0xBA3 // 2979
+ SYS_COSHD128 = 0xBA4 // 2980
+ SYS_ERFD32 = 0xBA5 // 2981
+ SYS_ERFD64 = 0xBA6 // 2982
+ SYS_ERFD128 = 0xBA7 // 2983
+ SYS_ERFCD32 = 0xBA8 // 2984
+ SYS_ERFCD64 = 0xBA9 // 2985
+ SYS_ERFCD128 = 0xBAA // 2986
+ SYS_EXPD32 = 0xBAB // 2987
+ SYS_EXPD64 = 0xBAC // 2988
+ SYS_EXPD128 = 0xBAD // 2989
+ SYS_EXP2D32 = 0xBAE // 2990
+ SYS_EXP2D64 = 0xBAF // 2991
+ SYS_EXP2D128 = 0xBB0 // 2992
+ SYS_EXPM1D32 = 0xBB1 // 2993
+ SYS_EXPM1D64 = 0xBB2 // 2994
+ SYS_EXPM1D128 = 0xBB3 // 2995
+ SYS_FABSD32 = 0xBB4 // 2996
+ SYS_FABSD64 = 0xBB5 // 2997
+ SYS_FABSD128 = 0xBB6 // 2998
+ SYS_FDIMD32 = 0xBB7 // 2999
+ SYS_FDIMD64 = 0xBB8 // 3000
+ SYS_FDIMD128 = 0xBB9 // 3001
+ SYS_FE_DEC_GETROUND = 0xBBA // 3002
+ SYS_FE_DEC_SETROUND = 0xBBB // 3003
+ SYS_FLOORD32 = 0xBBC // 3004
+ SYS_FLOORD64 = 0xBBD // 3005
+ SYS_FLOORD128 = 0xBBE // 3006
+ SYS_FMAD32 = 0xBBF // 3007
+ SYS_FMAD64 = 0xBC0 // 3008
+ SYS_FMAD128 = 0xBC1 // 3009
+ SYS_FMAXD32 = 0xBC2 // 3010
+ SYS_FMAXD64 = 0xBC3 // 3011
+ SYS_FMAXD128 = 0xBC4 // 3012
+ SYS_FMIND32 = 0xBC5 // 3013
+ SYS_FMIND64 = 0xBC6 // 3014
+ SYS_FMIND128 = 0xBC7 // 3015
+ SYS_FMODD32 = 0xBC8 // 3016
+ SYS_FMODD64 = 0xBC9 // 3017
+ SYS_FMODD128 = 0xBCA // 3018
+ SYS___FP_CAST_D = 0xBCB // 3019
+ SYS_FREXPD32 = 0xBCC // 3020
+ SYS_FREXPD64 = 0xBCD // 3021
+ SYS_FREXPD128 = 0xBCE // 3022
+ SYS_HYPOTD32 = 0xBCF // 3023
+ SYS_HYPOTD64 = 0xBD0 // 3024
+ SYS_HYPOTD128 = 0xBD1 // 3025
+ SYS_ILOGBD32 = 0xBD2 // 3026
+ SYS_ILOGBD64 = 0xBD3 // 3027
+ SYS_ILOGBD128 = 0xBD4 // 3028
+ SYS_LDEXPD32 = 0xBD5 // 3029
+ SYS_LDEXPD64 = 0xBD6 // 3030
+ SYS_LDEXPD128 = 0xBD7 // 3031
+ SYS_LGAMMAD32 = 0xBD8 // 3032
+ SYS_LGAMMAD64 = 0xBD9 // 3033
+ SYS_LGAMMAD128 = 0xBDA // 3034
+ SYS_LLRINTD32 = 0xBDB // 3035
+ SYS_LLRINTD64 = 0xBDC // 3036
+ SYS_LLRINTD128 = 0xBDD // 3037
+ SYS_LLROUNDD32 = 0xBDE // 3038
+ SYS_LLROUNDD64 = 0xBDF // 3039
+ SYS_LLROUNDD128 = 0xBE0 // 3040
+ SYS_LOGD32 = 0xBE1 // 3041
+ SYS_LOGD64 = 0xBE2 // 3042
+ SYS_LOGD128 = 0xBE3 // 3043
+ SYS_LOG10D32 = 0xBE4 // 3044
+ SYS_LOG10D64 = 0xBE5 // 3045
+ SYS_LOG10D128 = 0xBE6 // 3046
+ SYS_LOG1PD32 = 0xBE7 // 3047
+ SYS_LOG1PD64 = 0xBE8 // 3048
+ SYS_LOG1PD128 = 0xBE9 // 3049
+ SYS_LOG2D32 = 0xBEA // 3050
+ SYS_LOG2D64 = 0xBEB // 3051
+ SYS_LOG2D128 = 0xBEC // 3052
+ SYS_LOGBD32 = 0xBED // 3053
+ SYS_LOGBD64 = 0xBEE // 3054
+ SYS_LOGBD128 = 0xBEF // 3055
+ SYS_LRINTD32 = 0xBF0 // 3056
+ SYS_LRINTD64 = 0xBF1 // 3057
+ SYS_LRINTD128 = 0xBF2 // 3058
+ SYS_LROUNDD32 = 0xBF3 // 3059
+ SYS_LROUNDD64 = 0xBF4 // 3060
+ SYS_LROUNDD128 = 0xBF5 // 3061
+ SYS_MODFD32 = 0xBF6 // 3062
+ SYS_MODFD64 = 0xBF7 // 3063
+ SYS_MODFD128 = 0xBF8 // 3064
+ SYS_NAND32 = 0xBF9 // 3065
+ SYS_NAND64 = 0xBFA // 3066
+ SYS_NAND128 = 0xBFB // 3067
+ SYS_NEARBYINTD32 = 0xBFC // 3068
+ SYS_NEARBYINTD64 = 0xBFD // 3069
+ SYS_NEARBYINTD128 = 0xBFE // 3070
+ SYS_NEXTAFTERD32 = 0xBFF // 3071
+ SYS_NEXTAFTERD64 = 0xC00 // 3072
+ SYS_NEXTAFTERD128 = 0xC01 // 3073
+ SYS_NEXTTOWARDD32 = 0xC02 // 3074
+ SYS_NEXTTOWARDD64 = 0xC03 // 3075
+ SYS_NEXTTOWARDD128 = 0xC04 // 3076
+ SYS_POWD32 = 0xC05 // 3077
+ SYS_POWD64 = 0xC06 // 3078
+ SYS_POWD128 = 0xC07 // 3079
+ SYS_QUANTIZED32 = 0xC08 // 3080
+ SYS_QUANTIZED64 = 0xC09 // 3081
+ SYS_QUANTIZED128 = 0xC0A // 3082
+ SYS_REMAINDERD32 = 0xC0B // 3083
+ SYS_REMAINDERD64 = 0xC0C // 3084
+ SYS_REMAINDERD128 = 0xC0D // 3085
+ SYS___REMQUOD32 = 0xC0E // 3086
+ SYS___REMQUOD64 = 0xC0F // 3087
+ SYS___REMQUOD128 = 0xC10 // 3088
+ SYS_RINTD32 = 0xC11 // 3089
+ SYS_RINTD64 = 0xC12 // 3090
+ SYS_RINTD128 = 0xC13 // 3091
+ SYS_ROUNDD32 = 0xC14 // 3092
+ SYS_ROUNDD64 = 0xC15 // 3093
+ SYS_ROUNDD128 = 0xC16 // 3094
+ SYS_SAMEQUANTUMD32 = 0xC17 // 3095
+ SYS_SAMEQUANTUMD64 = 0xC18 // 3096
+ SYS_SAMEQUANTUMD128 = 0xC19 // 3097
+ SYS_SCALBLND32 = 0xC1A // 3098
+ SYS_SCALBLND64 = 0xC1B // 3099
+ SYS_SCALBLND128 = 0xC1C // 3100
+ SYS_SCALBND32 = 0xC1D // 3101
+ SYS_SCALBND64 = 0xC1E // 3102
+ SYS_SCALBND128 = 0xC1F // 3103
+ SYS_SIND32 = 0xC20 // 3104
+ SYS_SIND64 = 0xC21 // 3105
+ SYS_SIND128 = 0xC22 // 3106
+ SYS_SINHD32 = 0xC23 // 3107
+ SYS_SINHD64 = 0xC24 // 3108
+ SYS_SINHD128 = 0xC25 // 3109
+ SYS_SQRTD32 = 0xC26 // 3110
+ SYS_SQRTD64 = 0xC27 // 3111
+ SYS_SQRTD128 = 0xC28 // 3112
+ SYS_STRTOD32 = 0xC29 // 3113
+ SYS_STRTOD64 = 0xC2A // 3114
+ SYS_STRTOD128 = 0xC2B // 3115
+ SYS_TAND32 = 0xC2C // 3116
+ SYS_TAND64 = 0xC2D // 3117
+ SYS_TAND128 = 0xC2E // 3118
+ SYS_TANHD32 = 0xC2F // 3119
+ SYS_TANHD64 = 0xC30 // 3120
+ SYS_TANHD128 = 0xC31 // 3121
+ SYS_TGAMMAD32 = 0xC32 // 3122
+ SYS_TGAMMAD64 = 0xC33 // 3123
+ SYS_TGAMMAD128 = 0xC34 // 3124
+ SYS_TRUNCD32 = 0xC3E // 3134
+ SYS_TRUNCD64 = 0xC3F // 3135
+ SYS_TRUNCD128 = 0xC40 // 3136
+ SYS_WCSTOD32 = 0xC41 // 3137
+ SYS_WCSTOD64 = 0xC42 // 3138
+ SYS_WCSTOD128 = 0xC43 // 3139
+ SYS___CODEPAGE_INFO = 0xC64 // 3172
+ SYS_POSIX_OPENPT = 0xC66 // 3174
+ SYS_PSELECT = 0xC67 // 3175
+ SYS_SOCKATMARK = 0xC68 // 3176
+ SYS_AIO_FSYNC = 0xC69 // 3177
+ SYS_LIO_LISTIO = 0xC6A // 3178
+ SYS___ATANPID32 = 0xC6B // 3179
+ SYS___ATANPID64 = 0xC6C // 3180
+ SYS___ATANPID128 = 0xC6D // 3181
+ SYS___COSPID32 = 0xC6E // 3182
+ SYS___COSPID64 = 0xC6F // 3183
+ SYS___COSPID128 = 0xC70 // 3184
+ SYS___SINPID32 = 0xC71 // 3185
+ SYS___SINPID64 = 0xC72 // 3186
+ SYS___SINPID128 = 0xC73 // 3187
+ SYS_SETIPV4SOURCEFILTER = 0xC76 // 3190
+ SYS_GETIPV4SOURCEFILTER = 0xC77 // 3191
+ SYS_SETSOURCEFILTER = 0xC78 // 3192
+ SYS_GETSOURCEFILTER = 0xC79 // 3193
+ SYS_FWRITE_UNLOCKED = 0xC7A // 3194
+ SYS_FREAD_UNLOCKED = 0xC7B // 3195
+ SYS_FGETS_UNLOCKED = 0xC7C // 3196
+ SYS_GETS_UNLOCKED = 0xC7D // 3197
+ SYS_FPUTS_UNLOCKED = 0xC7E // 3198
+ SYS_PUTS_UNLOCKED = 0xC7F // 3199
+ SYS_FGETC_UNLOCKED = 0xC80 // 3200
+ SYS_FPUTC_UNLOCKED = 0xC81 // 3201
+ SYS_DLADDR = 0xC82 // 3202
+ SYS_SHM_OPEN = 0xC8C // 3212
+ SYS_SHM_UNLINK = 0xC8D // 3213
+ SYS___CLASS2F = 0xC91 // 3217
+ SYS___CLASS2L = 0xC92 // 3218
+ SYS___CLASS2F_B = 0xC93 // 3219
+ SYS___CLASS2F_H = 0xC94 // 3220
+ SYS___CLASS2L_B = 0xC95 // 3221
+ SYS___CLASS2L_H = 0xC96 // 3222
+ SYS___CLASS2D32 = 0xC97 // 3223
+ SYS___CLASS2D64 = 0xC98 // 3224
+ SYS___CLASS2D128 = 0xC99 // 3225
+ SYS___TOCSNAME2 = 0xC9A // 3226
+ SYS___D1TOP = 0xC9B // 3227
+ SYS___D2TOP = 0xC9C // 3228
+ SYS___D4TOP = 0xC9D // 3229
+ SYS___PTOD1 = 0xC9E // 3230
+ SYS___PTOD2 = 0xC9F // 3231
+ SYS___PTOD4 = 0xCA0 // 3232
+ SYS_CLEARERR_UNLOCKED = 0xCA1 // 3233
+ SYS_FDELREC_UNLOCKED = 0xCA2 // 3234
+ SYS_FEOF_UNLOCKED = 0xCA3 // 3235
+ SYS_FERROR_UNLOCKED = 0xCA4 // 3236
+ SYS_FFLUSH_UNLOCKED = 0xCA5 // 3237
+ SYS_FGETPOS_UNLOCKED = 0xCA6 // 3238
+ SYS_FGETWC_UNLOCKED = 0xCA7 // 3239
+ SYS_FGETWS_UNLOCKED = 0xCA8 // 3240
+ SYS_FILENO_UNLOCKED = 0xCA9 // 3241
+ SYS_FLDATA_UNLOCKED = 0xCAA // 3242
+ SYS_FLOCATE_UNLOCKED = 0xCAB // 3243
+ SYS_FPRINTF_UNLOCKED = 0xCAC // 3244
+ SYS_FPUTWC_UNLOCKED = 0xCAD // 3245
+ SYS_FPUTWS_UNLOCKED = 0xCAE // 3246
+ SYS_FSCANF_UNLOCKED = 0xCAF // 3247
+ SYS_FSEEK_UNLOCKED = 0xCB0 // 3248
+ SYS_FSEEKO_UNLOCKED = 0xCB1 // 3249
+ SYS_FSETPOS_UNLOCKED = 0xCB3 // 3251
+ SYS_FTELL_UNLOCKED = 0xCB4 // 3252
+ SYS_FTELLO_UNLOCKED = 0xCB5 // 3253
+ SYS_FUPDATE_UNLOCKED = 0xCB7 // 3255
+ SYS_FWIDE_UNLOCKED = 0xCB8 // 3256
+ SYS_FWPRINTF_UNLOCKED = 0xCB9 // 3257
+ SYS_FWSCANF_UNLOCKED = 0xCBA // 3258
+ SYS_GETWC_UNLOCKED = 0xCBB // 3259
+ SYS_GETWCHAR_UNLOCKED = 0xCBC // 3260
+ SYS_PERROR_UNLOCKED = 0xCBD // 3261
+ SYS_PRINTF_UNLOCKED = 0xCBE // 3262
+ SYS_PUTWC_UNLOCKED = 0xCBF // 3263
+ SYS_PUTWCHAR_UNLOCKED = 0xCC0 // 3264
+ SYS_REWIND_UNLOCKED = 0xCC1 // 3265
+ SYS_SCANF_UNLOCKED = 0xCC2 // 3266
+ SYS_UNGETC_UNLOCKED = 0xCC3 // 3267
+ SYS_UNGETWC_UNLOCKED = 0xCC4 // 3268
+ SYS_VFPRINTF_UNLOCKED = 0xCC5 // 3269
+ SYS_VFSCANF_UNLOCKED = 0xCC7 // 3271
+ SYS_VFWPRINTF_UNLOCKED = 0xCC9 // 3273
+ SYS_VFWSCANF_UNLOCKED = 0xCCB // 3275
+ SYS_VPRINTF_UNLOCKED = 0xCCD // 3277
+ SYS_VSCANF_UNLOCKED = 0xCCF // 3279
+ SYS_VWPRINTF_UNLOCKED = 0xCD1 // 3281
+ SYS_VWSCANF_UNLOCKED = 0xCD3 // 3283
+ SYS_WPRINTF_UNLOCKED = 0xCD5 // 3285
+ SYS_WSCANF_UNLOCKED = 0xCD6 // 3286
+ SYS_ASCTIME64 = 0xCD7 // 3287
+ SYS_ASCTIME64_R = 0xCD8 // 3288
+ SYS_CTIME64 = 0xCD9 // 3289
+ SYS_CTIME64_R = 0xCDA // 3290
+ SYS_DIFFTIME64 = 0xCDB // 3291
+ SYS_GMTIME64 = 0xCDC // 3292
+ SYS_GMTIME64_R = 0xCDD // 3293
+ SYS_LOCALTIME64 = 0xCDE // 3294
+ SYS_LOCALTIME64_R = 0xCDF // 3295
+ SYS_MKTIME64 = 0xCE0 // 3296
+ SYS_TIME64 = 0xCE1 // 3297
+ SYS___LOGIN_APPLID = 0xCE2 // 3298
+ SYS___PASSWD_APPLID = 0xCE3 // 3299
+ SYS_PTHREAD_SECURITY_APPLID_NP = 0xCE4 // 3300
+ SYS___GETTHENT = 0xCE5 // 3301
+ SYS_FREEIFADDRS = 0xCE6 // 3302
+ SYS_GETIFADDRS = 0xCE7 // 3303
+ SYS_POSIX_FALLOCATE = 0xCE8 // 3304
+ SYS_POSIX_MEMALIGN = 0xCE9 // 3305
+ SYS_SIZEOF_ALLOC = 0xCEA // 3306
+ SYS_RESIZE_ALLOC = 0xCEB // 3307
+ SYS_FREAD_NOUPDATE = 0xCEC // 3308
+ SYS_FREAD_NOUPDATE_UNLOCKED = 0xCED // 3309
+ SYS_FGETPOS64 = 0xCEE // 3310
+ SYS_FSEEK64 = 0xCEF // 3311
+ SYS_FSEEKO64 = 0xCF0 // 3312
+ SYS_FSETPOS64 = 0xCF1 // 3313
+ SYS_FTELL64 = 0xCF2 // 3314
+ SYS_FTELLO64 = 0xCF3 // 3315
+ SYS_FGETPOS64_UNLOCKED = 0xCF4 // 3316
+ SYS_FSEEK64_UNLOCKED = 0xCF5 // 3317
+ SYS_FSEEKO64_UNLOCKED = 0xCF6 // 3318
+ SYS_FSETPOS64_UNLOCKED = 0xCF7 // 3319
+ SYS_FTELL64_UNLOCKED = 0xCF8 // 3320
+ SYS_FTELLO64_UNLOCKED = 0xCF9 // 3321
+ SYS_FOPEN_UNLOCKED = 0xCFA // 3322
+ SYS_FREOPEN_UNLOCKED = 0xCFB // 3323
+ SYS_FDOPEN_UNLOCKED = 0xCFC // 3324
+ SYS_TMPFILE_UNLOCKED = 0xCFD // 3325
+ SYS___MOSERVICES = 0xD3D // 3389
+ SYS___GETTOD = 0xD3E // 3390
+ SYS_C16RTOMB = 0xD40 // 3392
+ SYS_C32RTOMB = 0xD41 // 3393
+ SYS_MBRTOC16 = 0xD42 // 3394
+ SYS_MBRTOC32 = 0xD43 // 3395
+ SYS_QUANTEXPD32 = 0xD44 // 3396
+ SYS_QUANTEXPD64 = 0xD45 // 3397
+ SYS_QUANTEXPD128 = 0xD46 // 3398
+ SYS___LOCALE_CTL = 0xD47 // 3399
+ SYS___SMF_RECORD2 = 0xD48 // 3400
+ SYS_FOPEN64 = 0xD49 // 3401
+ SYS_FOPEN64_UNLOCKED = 0xD4A // 3402
+ SYS_FREOPEN64 = 0xD4B // 3403
+ SYS_FREOPEN64_UNLOCKED = 0xD4C // 3404
+ SYS_TMPFILE64 = 0xD4D // 3405
+ SYS_TMPFILE64_UNLOCKED = 0xD4E // 3406
+ SYS_GETDATE64 = 0xD4F // 3407
+ SYS_GETTIMEOFDAY64 = 0xD50 // 3408
+ SYS_BIND2ADDRSEL = 0xD59 // 3417
+ SYS_INET6_IS_SRCADDR = 0xD5A // 3418
+ SYS___GETGRGID1 = 0xD5B // 3419
+ SYS___GETGRNAM1 = 0xD5C // 3420
+ SYS___FBUFSIZE = 0xD60 // 3424
+ SYS___FPENDING = 0xD61 // 3425
+ SYS___FLBF = 0xD62 // 3426
+ SYS___FREADABLE = 0xD63 // 3427
+ SYS___FWRITABLE = 0xD64 // 3428
+ SYS___FREADING = 0xD65 // 3429
+ SYS___FWRITING = 0xD66 // 3430
+ SYS___FSETLOCKING = 0xD67 // 3431
+ SYS__FLUSHLBF = 0xD68 // 3432
+ SYS___FPURGE = 0xD69 // 3433
+ SYS___FREADAHEAD = 0xD6A // 3434
+ SYS___FSETERR = 0xD6B // 3435
+ SYS___FPENDING_UNLOCKED = 0xD6C // 3436
+ SYS___FREADING_UNLOCKED = 0xD6D // 3437
+ SYS___FWRITING_UNLOCKED = 0xD6E // 3438
+ SYS__FLUSHLBF_UNLOCKED = 0xD6F // 3439
+ SYS___FPURGE_UNLOCKED = 0xD70 // 3440
+ SYS___FREADAHEAD_UNLOCKED = 0xD71 // 3441
+ SYS___LE_CEEGTJS = 0xD72 // 3442
+ SYS___LE_RECORD_DUMP = 0xD73 // 3443
+ SYS_FSTAT64 = 0xD74 // 3444
+ SYS_LSTAT64 = 0xD75 // 3445
+ SYS_STAT64 = 0xD76 // 3446
+ SYS___READDIR2_64 = 0xD77 // 3447
+ SYS___OPEN_STAT64 = 0xD78 // 3448
+ SYS_FTW64 = 0xD79 // 3449
+ SYS_NFTW64 = 0xD7A // 3450
+ SYS_UTIME64 = 0xD7B // 3451
+ SYS_UTIMES64 = 0xD7C // 3452
+ SYS___GETIPC64 = 0xD7D // 3453
+ SYS_MSGCTL64 = 0xD7E // 3454
+ SYS_SEMCTL64 = 0xD7F // 3455
+ SYS_SHMCTL64 = 0xD80 // 3456
+ SYS_MSGXRCV64 = 0xD81 // 3457
+ SYS___MGXR64 = 0xD81 // 3457
+ SYS_W_GETPSENT64 = 0xD82 // 3458
+ SYS_PTHREAD_COND_TIMEDWAIT64 = 0xD83 // 3459
+ SYS_FTIME64 = 0xD85 // 3461
+ SYS_GETUTXENT64 = 0xD86 // 3462
+ SYS_GETUTXID64 = 0xD87 // 3463
+ SYS_GETUTXLINE64 = 0xD88 // 3464
+ SYS_PUTUTXLINE64 = 0xD89 // 3465
+ SYS_NEWLOCALE = 0xD8A // 3466
+ SYS_FREELOCALE = 0xD8B // 3467
+ SYS_USELOCALE = 0xD8C // 3468
+ SYS_DUPLOCALE = 0xD8D // 3469
+ SYS___CHATTR64 = 0xD9C // 3484
+ SYS___LCHATTR64 = 0xD9D // 3485
+ SYS___FCHATTR64 = 0xD9E // 3486
+ SYS_____CHATTR64_A = 0xD9F // 3487
+ SYS_____LCHATTR64_A = 0xDA0 // 3488
+ SYS___LE_CEEUSGD = 0xDA1 // 3489
+ SYS___LE_IFAM_CON = 0xDA2 // 3490
+ SYS___LE_IFAM_DSC = 0xDA3 // 3491
+ SYS___LE_IFAM_GET = 0xDA4 // 3492
+ SYS___LE_IFAM_QRY = 0xDA5 // 3493
+ SYS_ALIGNED_ALLOC = 0xDA6 // 3494
+ SYS_ACCEPT4 = 0xDA7 // 3495
+ SYS___ACCEPT4_A = 0xDA8 // 3496
+ SYS_COPYFILERANGE = 0xDA9 // 3497
+ SYS_GETLINE = 0xDAA // 3498
+ SYS___GETLINE_A = 0xDAB // 3499
+ SYS_DIRFD = 0xDAC // 3500
+ SYS_CLOCK_GETTIME = 0xDAD // 3501
+ SYS_DUP3 = 0xDAE // 3502
+ SYS_EPOLL_CREATE = 0xDAF // 3503
+ SYS_EPOLL_CREATE1 = 0xDB0 // 3504
+ SYS_EPOLL_CTL = 0xDB1 // 3505
+ SYS_EPOLL_WAIT = 0xDB2 // 3506
+ SYS_EPOLL_PWAIT = 0xDB3 // 3507
+ SYS_EVENTFD = 0xDB4 // 3508
+ SYS_STATFS = 0xDB5 // 3509
+ SYS___STATFS_A = 0xDB6 // 3510
+ SYS_FSTATFS = 0xDB7 // 3511
+ SYS_INOTIFY_INIT = 0xDB8 // 3512
+ SYS_INOTIFY_INIT1 = 0xDB9 // 3513
+ SYS_INOTIFY_ADD_WATCH = 0xDBA // 3514
+ SYS___INOTIFY_ADD_WATCH_A = 0xDBB // 3515
+ SYS_INOTIFY_RM_WATCH = 0xDBC // 3516
+ SYS_PIPE2 = 0xDBD // 3517
+ SYS_PIVOT_ROOT = 0xDBE // 3518
+ SYS___PIVOT_ROOT_A = 0xDBF // 3519
+ SYS_PRCTL = 0xDC0 // 3520
+ SYS_PRLIMIT = 0xDC1 // 3521
+ SYS_SETHOSTNAME = 0xDC2 // 3522
+ SYS___SETHOSTNAME_A = 0xDC3 // 3523
+ SYS_SETRESUID = 0xDC4 // 3524
+ SYS_SETRESGID = 0xDC5 // 3525
+ SYS_PTHREAD_CONDATTR_GETCLOCK = 0xDC6 // 3526
+ SYS_FLOCK = 0xDC7 // 3527
+ SYS_FGETXATTR = 0xDC8 // 3528
+ SYS___FGETXATTR_A = 0xDC9 // 3529
+ SYS_FLISTXATTR = 0xDCA // 3530
+ SYS___FLISTXATTR_A = 0xDCB // 3531
+ SYS_FREMOVEXATTR = 0xDCC // 3532
+ SYS___FREMOVEXATTR_A = 0xDCD // 3533
+ SYS_FSETXATTR = 0xDCE // 3534
+ SYS___FSETXATTR_A = 0xDCF // 3535
+ SYS_GETXATTR = 0xDD0 // 3536
+ SYS___GETXATTR_A = 0xDD1 // 3537
+ SYS_LGETXATTR = 0xDD2 // 3538
+ SYS___LGETXATTR_A = 0xDD3 // 3539
+ SYS_LISTXATTR = 0xDD4 // 3540
+ SYS___LISTXATTR_A = 0xDD5 // 3541
+ SYS_LLISTXATTR = 0xDD6 // 3542
+ SYS___LLISTXATTR_A = 0xDD7 // 3543
+ SYS_LREMOVEXATTR = 0xDD8 // 3544
+ SYS___LREMOVEXATTR_A = 0xDD9 // 3545
+ SYS_LSETXATTR = 0xDDA // 3546
+ SYS___LSETXATTR_A = 0xDDB // 3547
+ SYS_REMOVEXATTR = 0xDDC // 3548
+ SYS___REMOVEXATTR_A = 0xDDD // 3549
+ SYS_SETXATTR = 0xDDE // 3550
+ SYS___SETXATTR_A = 0xDDF // 3551
+ SYS_FDATASYNC = 0xDE0 // 3552
+ SYS_SYNCFS = 0xDE1 // 3553
+ SYS_FUTIMES = 0xDE2 // 3554
+ SYS_FUTIMESAT = 0xDE3 // 3555
+ SYS___FUTIMESAT_A = 0xDE4 // 3556
+ SYS_LUTIMES = 0xDE5 // 3557
+ SYS___LUTIMES_A = 0xDE6 // 3558
+ SYS_INET_ATON = 0xDE7 // 3559
+ SYS_GETRANDOM = 0xDE8 // 3560
+ SYS_GETTID = 0xDE9 // 3561
+ SYS_MEMFD_CREATE = 0xDEA // 3562
+ SYS___MEMFD_CREATE_A = 0xDEB // 3563
+ SYS_FACCESSAT = 0xDEC // 3564
+ SYS___FACCESSAT_A = 0xDED // 3565
+ SYS_FCHMODAT = 0xDEE // 3566
+ SYS___FCHMODAT_A = 0xDEF // 3567
+ SYS_FCHOWNAT = 0xDF0 // 3568
+ SYS___FCHOWNAT_A = 0xDF1 // 3569
+ SYS_FSTATAT = 0xDF2 // 3570
+ SYS___FSTATAT_A = 0xDF3 // 3571
+ SYS_LINKAT = 0xDF4 // 3572
+ SYS___LINKAT_A = 0xDF5 // 3573
+ SYS_MKDIRAT = 0xDF6 // 3574
+ SYS___MKDIRAT_A = 0xDF7 // 3575
+ SYS_MKFIFOAT = 0xDF8 // 3576
+ SYS___MKFIFOAT_A = 0xDF9 // 3577
+ SYS_MKNODAT = 0xDFA // 3578
+ SYS___MKNODAT_A = 0xDFB // 3579
+ SYS_OPENAT = 0xDFC // 3580
+ SYS___OPENAT_A = 0xDFD // 3581
+ SYS_READLINKAT = 0xDFE // 3582
+ SYS___READLINKAT_A = 0xDFF // 3583
+ SYS_RENAMEAT = 0xE00 // 3584
+ SYS___RENAMEAT_A = 0xE01 // 3585
+ SYS_RENAMEAT2 = 0xE02 // 3586
+ SYS___RENAMEAT2_A = 0xE03 // 3587
+ SYS_SYMLINKAT = 0xE04 // 3588
+ SYS___SYMLINKAT_A = 0xE05 // 3589
+ SYS_UNLINKAT = 0xE06 // 3590
+ SYS___UNLINKAT_A = 0xE07 // 3591
+ SYS_SYSINFO = 0xE08 // 3592
+ SYS_WAIT4 = 0xE0A // 3594
+ SYS_CLONE = 0xE0B // 3595
+ SYS_UNSHARE = 0xE0C // 3596
+ SYS_SETNS = 0xE0D // 3597
+ SYS_CAPGET = 0xE0E // 3598
+ SYS_CAPSET = 0xE0F // 3599
+ SYS_STRCHRNUL = 0xE10 // 3600
+ SYS_PTHREAD_CONDATTR_SETCLOCK = 0xE12 // 3602
+ SYS_OPEN_BY_HANDLE_AT = 0xE13 // 3603
+ SYS___OPEN_BY_HANDLE_AT_A = 0xE14 // 3604
+ SYS___INET_ATON_A = 0xE15 // 3605
+ SYS_MOUNT1 = 0xE16 // 3606
+ SYS___MOUNT1_A = 0xE17 // 3607
+ SYS_UMOUNT1 = 0xE18 // 3608
+ SYS___UMOUNT1_A = 0xE19 // 3609
+ SYS_UMOUNT2 = 0xE1A // 3610
+ SYS___UMOUNT2_A = 0xE1B // 3611
+ SYS___PRCTL_A = 0xE1C // 3612
+ SYS_LOCALTIME_R2 = 0xE1D // 3613
+ SYS___LOCALTIME_R2_A = 0xE1E // 3614
+ SYS_OPENAT2 = 0xE1F // 3615
+ SYS___OPENAT2_A = 0xE20 // 3616
+ SYS___LE_CEEMICT = 0xE21 // 3617
+ SYS_GETENTROPY = 0xE22 // 3618
+ SYS_NANOSLEEP = 0xE23 // 3619
+ SYS_UTIMENSAT = 0xE24 // 3620
+ SYS___UTIMENSAT_A = 0xE25 // 3621
+ SYS_ASPRINTF = 0xE26 // 3622
+ SYS___ASPRINTF_A = 0xE27 // 3623
+ SYS_VASPRINTF = 0xE28 // 3624
+ SYS___VASPRINTF_A = 0xE29 // 3625
+ SYS_DPRINTF = 0xE2A // 3626
+ SYS___DPRINTF_A = 0xE2B // 3627
+ SYS_GETOPT_LONG = 0xE2C // 3628
+ SYS___GETOPT_LONG_A = 0xE2D // 3629
+ SYS_PSIGNAL = 0xE2E // 3630
+ SYS___PSIGNAL_A = 0xE2F // 3631
+ SYS_PSIGNAL_UNLOCKED = 0xE30 // 3632
+ SYS___PSIGNAL_UNLOCKED_A = 0xE31 // 3633
+ SYS_FSTATAT_O = 0xE32 // 3634
+ SYS___FSTATAT_O_A = 0xE33 // 3635
+ SYS_FSTATAT64 = 0xE34 // 3636
+ SYS___FSTATAT64_A = 0xE35 // 3637
+ SYS___CHATTRAT = 0xE36 // 3638
+ SYS_____CHATTRAT_A = 0xE37 // 3639
+ SYS___CHATTRAT64 = 0xE38 // 3640
+ SYS_____CHATTRAT64_A = 0xE39 // 3641
+ SYS_MADVISE = 0xE3A // 3642
+ SYS___AUTHENTICATE = 0xE3B // 3643
+
)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
index 091d107f3a5c98255250449074b23e36885b256d..17c53bd9b3315aaec65571964e73bb93e6c85175 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
@@ -306,6 +306,19 @@ type XVSockPgen struct {
type _Socklen uint32
+type SaeAssocID uint32
+
+type SaeConnID uint32
+
+type SaEndpoints struct {
+ Srcif uint32
+ Srcaddr *RawSockaddr
+ Srcaddrlen uint32
+ Dstaddr *RawSockaddr
+ Dstaddrlen uint32
+ _ [4]byte
+}
+
type Xucred struct {
Version uint32
Uid uint32
@@ -449,11 +462,14 @@ type FdSet struct {
const (
SizeofIfMsghdr = 0x70
+ SizeofIfMsghdr2 = 0xa0
SizeofIfData = 0x60
+ SizeofIfData64 = 0x80
SizeofIfaMsghdr = 0x14
SizeofIfmaMsghdr = 0x10
SizeofIfmaMsghdr2 = 0x14
SizeofRtMsghdr = 0x5c
+ SizeofRtMsghdr2 = 0x5c
SizeofRtMetrics = 0x38
)
@@ -467,6 +483,20 @@ type IfMsghdr struct {
Data IfData
}
+type IfMsghdr2 struct {
+ Msglen uint16
+ Version uint8
+ Type uint8
+ Addrs int32
+ Flags int32
+ Index uint16
+ Snd_len int32
+ Snd_maxlen int32
+ Snd_drops int32
+ Timer int32
+ Data IfData64
+}
+
type IfData struct {
Type uint8
Typelen uint8
@@ -499,6 +529,34 @@ type IfData struct {
Reserved2 uint32
}
+type IfData64 struct {
+ Type uint8
+ Typelen uint8
+ Physical uint8
+ Addrlen uint8
+ Hdrlen uint8
+ Recvquota uint8
+ Xmitquota uint8
+ Unused1 uint8
+ Mtu uint32
+ Metric uint32
+ Baudrate uint64
+ Ipackets uint64
+ Ierrors uint64
+ Opackets uint64
+ Oerrors uint64
+ Collisions uint64
+ Ibytes uint64
+ Obytes uint64
+ Imcasts uint64
+ Omcasts uint64
+ Iqdrops uint64
+ Noproto uint64
+ Recvtiming uint32
+ Xmittiming uint32
+ Lastchange Timeval32
+}
+
type IfaMsghdr struct {
Msglen uint16
Version uint8
@@ -544,6 +602,21 @@ type RtMsghdr struct {
Rmx RtMetrics
}
+type RtMsghdr2 struct {
+ Msglen uint16
+ Version uint8
+ Type uint8
+ Index uint16
+ Flags int32
+ Addrs int32
+ Refcnt int32
+ Parentflags int32
+ Reserved int32
+ Use int32
+ Inits uint32
+ Rmx RtMetrics
+}
+
type RtMetrics struct {
Locks uint32
Mtu uint32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
index 28ff4ef74d0d3e2769e75b79c0b757fc3837a13e..2392226a743eb3e19c581773191ddbe86eecad53 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
@@ -306,6 +306,19 @@ type XVSockPgen struct {
type _Socklen uint32
+type SaeAssocID uint32
+
+type SaeConnID uint32
+
+type SaEndpoints struct {
+ Srcif uint32
+ Srcaddr *RawSockaddr
+ Srcaddrlen uint32
+ Dstaddr *RawSockaddr
+ Dstaddrlen uint32
+ _ [4]byte
+}
+
type Xucred struct {
Version uint32
Uid uint32
@@ -449,11 +462,14 @@ type FdSet struct {
const (
SizeofIfMsghdr = 0x70
+ SizeofIfMsghdr2 = 0xa0
SizeofIfData = 0x60
+ SizeofIfData64 = 0x80
SizeofIfaMsghdr = 0x14
SizeofIfmaMsghdr = 0x10
SizeofIfmaMsghdr2 = 0x14
SizeofRtMsghdr = 0x5c
+ SizeofRtMsghdr2 = 0x5c
SizeofRtMetrics = 0x38
)
@@ -467,6 +483,20 @@ type IfMsghdr struct {
Data IfData
}
+type IfMsghdr2 struct {
+ Msglen uint16
+ Version uint8
+ Type uint8
+ Addrs int32
+ Flags int32
+ Index uint16
+ Snd_len int32
+ Snd_maxlen int32
+ Snd_drops int32
+ Timer int32
+ Data IfData64
+}
+
type IfData struct {
Type uint8
Typelen uint8
@@ -499,6 +529,34 @@ type IfData struct {
Reserved2 uint32
}
+type IfData64 struct {
+ Type uint8
+ Typelen uint8
+ Physical uint8
+ Addrlen uint8
+ Hdrlen uint8
+ Recvquota uint8
+ Xmitquota uint8
+ Unused1 uint8
+ Mtu uint32
+ Metric uint32
+ Baudrate uint64
+ Ipackets uint64
+ Ierrors uint64
+ Opackets uint64
+ Oerrors uint64
+ Collisions uint64
+ Ibytes uint64
+ Obytes uint64
+ Imcasts uint64
+ Omcasts uint64
+ Iqdrops uint64
+ Noproto uint64
+ Recvtiming uint32
+ Xmittiming uint32
+ Lastchange Timeval32
+}
+
type IfaMsghdr struct {
Msglen uint16
Version uint8
@@ -544,6 +602,21 @@ type RtMsghdr struct {
Rmx RtMetrics
}
+type RtMsghdr2 struct {
+ Msglen uint16
+ Version uint8
+ Type uint8
+ Index uint16
+ Flags int32
+ Addrs int32
+ Refcnt int32
+ Parentflags int32
+ Reserved int32
+ Use int32
+ Inits uint32
+ Rmx RtMetrics
+}
+
type RtMetrics struct {
Locks uint32
Mtu uint32
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
index 6cbd094a3aa19eaf6dfdbddac0d63276bd7ffa79..51e13eb055fc5b6b11c1c6ec83bce47610faffa3 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
@@ -625,6 +625,7 @@ const (
POLLRDNORM = 0x40
POLLWRBAND = 0x100
POLLWRNORM = 0x4
+ POLLRDHUP = 0x4000
)
type CapRights struct {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
index 7c03b6ee77fa0839d25c0d67debf11a4555b703c..d002d8ef3cc2d79cef3f0afee8d25c22632d994f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
@@ -630,6 +630,7 @@ const (
POLLRDNORM = 0x40
POLLWRBAND = 0x100
POLLWRNORM = 0x4
+ POLLRDHUP = 0x4000
)
type CapRights struct {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
index 422107ee8b1331d85b7ab4b18a1b8846d1dcc793..3f863d898dd8520433d3201e92b4b318e0a0337a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
@@ -616,6 +616,7 @@ const (
POLLRDNORM = 0x40
POLLWRBAND = 0x100
POLLWRNORM = 0x4
+ POLLRDHUP = 0x4000
)
type CapRights struct {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
index 505a12acfd9d2951064f4d98572f7f3313109ee9..61c7293106616f197b93c1f86f3fb9d599a25f14 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
@@ -610,6 +610,7 @@ const (
POLLRDNORM = 0x40
POLLWRBAND = 0x100
POLLWRNORM = 0x4
+ POLLRDHUP = 0x4000
)
type CapRights struct {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
index cc986c7900660055f809096adc8112e208acca37..b5d17414f039f90f084edaf771bfb3b3c96c15b0 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
@@ -612,6 +612,7 @@ const (
POLLRDNORM = 0x40
POLLWRBAND = 0x100
POLLWRNORM = 0x4
+ POLLRDHUP = 0x4000
)
type CapRights struct {
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go
index 997bcd55ae9f2167ce91fb1e4bf5e136ae58dbc0..5537148dcbb3dee0a8d5c8c85f5566895decc8db 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go
@@ -87,30 +87,35 @@ type StatxTimestamp struct {
}
type Statx_t struct {
- Mask uint32
- Blksize uint32
- Attributes uint64
- Nlink uint32
- Uid uint32
- Gid uint32
- Mode uint16
- _ [1]uint16
- Ino uint64
- Size uint64
- Blocks uint64
- Attributes_mask uint64
- Atime StatxTimestamp
- Btime StatxTimestamp
- Ctime StatxTimestamp
- Mtime StatxTimestamp
- Rdev_major uint32
- Rdev_minor uint32
- Dev_major uint32
- Dev_minor uint32
- Mnt_id uint64
- Dio_mem_align uint32
- Dio_offset_align uint32
- _ [12]uint64
+ Mask uint32
+ Blksize uint32
+ Attributes uint64
+ Nlink uint32
+ Uid uint32
+ Gid uint32
+ Mode uint16
+ _ [1]uint16
+ Ino uint64
+ Size uint64
+ Blocks uint64
+ Attributes_mask uint64
+ Atime StatxTimestamp
+ Btime StatxTimestamp
+ Ctime StatxTimestamp
+ Mtime StatxTimestamp
+ Rdev_major uint32
+ Rdev_minor uint32
+ Dev_major uint32
+ Dev_minor uint32
+ Mnt_id uint64
+ Dio_mem_align uint32
+ Dio_offset_align uint32
+ Subvol uint64
+ Atomic_write_unit_min uint32
+ Atomic_write_unit_max uint32
+ Atomic_write_segments_max uint32
+ _ [1]uint32
+ _ [9]uint64
}
type Fsid struct {
@@ -174,7 +179,8 @@ type FscryptPolicyV2 struct {
Contents_encryption_mode uint8
Filenames_encryption_mode uint8
Flags uint8
- _ [4]uint8
+ Log2_data_unit_size uint8
+ _ [3]uint8
Master_key_identifier [16]uint8
}
@@ -455,60 +461,86 @@ type Ucred struct {
}
type TCPInfo struct {
- State uint8
- Ca_state uint8
- Retransmits uint8
- Probes uint8
- Backoff uint8
- Options uint8
- Rto uint32
- Ato uint32
- Snd_mss uint32
- Rcv_mss uint32
- Unacked uint32
- Sacked uint32
- Lost uint32
- Retrans uint32
- Fackets uint32
- Last_data_sent uint32
- Last_ack_sent uint32
- Last_data_recv uint32
- Last_ack_recv uint32
- Pmtu uint32
- Rcv_ssthresh uint32
- Rtt uint32
- Rttvar uint32
- Snd_ssthresh uint32
- Snd_cwnd uint32
- Advmss uint32
- Reordering uint32
- Rcv_rtt uint32
- Rcv_space uint32
- Total_retrans uint32
- Pacing_rate uint64
- Max_pacing_rate uint64
- Bytes_acked uint64
- Bytes_received uint64
- Segs_out uint32
- Segs_in uint32
- Notsent_bytes uint32
- Min_rtt uint32
- Data_segs_in uint32
- Data_segs_out uint32
- Delivery_rate uint64
- Busy_time uint64
- Rwnd_limited uint64
- Sndbuf_limited uint64
- Delivered uint32
- Delivered_ce uint32
- Bytes_sent uint64
- Bytes_retrans uint64
- Dsack_dups uint32
- Reord_seen uint32
- Rcv_ooopack uint32
- Snd_wnd uint32
- Rcv_wnd uint32
- Rehash uint32
+ State uint8
+ Ca_state uint8
+ Retransmits uint8
+ Probes uint8
+ Backoff uint8
+ Options uint8
+ Rto uint32
+ Ato uint32
+ Snd_mss uint32
+ Rcv_mss uint32
+ Unacked uint32
+ Sacked uint32
+ Lost uint32
+ Retrans uint32
+ Fackets uint32
+ Last_data_sent uint32
+ Last_ack_sent uint32
+ Last_data_recv uint32
+ Last_ack_recv uint32
+ Pmtu uint32
+ Rcv_ssthresh uint32
+ Rtt uint32
+ Rttvar uint32
+ Snd_ssthresh uint32
+ Snd_cwnd uint32
+ Advmss uint32
+ Reordering uint32
+ Rcv_rtt uint32
+ Rcv_space uint32
+ Total_retrans uint32
+ Pacing_rate uint64
+ Max_pacing_rate uint64
+ Bytes_acked uint64
+ Bytes_received uint64
+ Segs_out uint32
+ Segs_in uint32
+ Notsent_bytes uint32
+ Min_rtt uint32
+ Data_segs_in uint32
+ Data_segs_out uint32
+ Delivery_rate uint64
+ Busy_time uint64
+ Rwnd_limited uint64
+ Sndbuf_limited uint64
+ Delivered uint32
+ Delivered_ce uint32
+ Bytes_sent uint64
+ Bytes_retrans uint64
+ Dsack_dups uint32
+ Reord_seen uint32
+ Rcv_ooopack uint32
+ Snd_wnd uint32
+ Rcv_wnd uint32
+ Rehash uint32
+ Total_rto uint16
+ Total_rto_recoveries uint16
+ Total_rto_time uint32
+}
+
+type TCPVegasInfo struct {
+ Enabled uint32
+ Rttcnt uint32
+ Rtt uint32
+ Minrtt uint32
+}
+
+type TCPDCTCPInfo struct {
+ Enabled uint16
+ Ce_state uint16
+ Alpha uint32
+ Ab_ecn uint32
+ Ab_tot uint32
+}
+
+type TCPBBRInfo struct {
+ Bw_lo uint32
+ Bw_hi uint32
+ Min_rtt uint32
+ Pacing_gain uint32
+ Cwnd_gain uint32
}
type CanFilter struct {
@@ -551,7 +583,8 @@ const (
SizeofIPv6MTUInfo = 0x20
SizeofICMPv6Filter = 0x20
SizeofUcred = 0xc
- SizeofTCPInfo = 0xf0
+ SizeofTCPInfo = 0xf8
+ SizeofTCPCCInfo = 0x14
SizeofCanFilter = 0x8
SizeofTCPRepairOpt = 0x8
)
@@ -832,6 +865,15 @@ const (
FSPICK_EMPTY_PATH = 0x8
FSMOUNT_CLOEXEC = 0x1
+
+ FSCONFIG_SET_FLAG = 0x0
+ FSCONFIG_SET_STRING = 0x1
+ FSCONFIG_SET_BINARY = 0x2
+ FSCONFIG_SET_PATH = 0x3
+ FSCONFIG_SET_PATH_EMPTY = 0x4
+ FSCONFIG_SET_FD = 0x5
+ FSCONFIG_CMD_CREATE = 0x6
+ FSCONFIG_CMD_RECONFIGURE = 0x7
)
type OpenHow struct {
@@ -1165,7 +1207,8 @@ const (
PERF_SAMPLE_BRANCH_TYPE_SAVE_SHIFT = 0x10
PERF_SAMPLE_BRANCH_HW_INDEX_SHIFT = 0x11
PERF_SAMPLE_BRANCH_PRIV_SAVE_SHIFT = 0x12
- PERF_SAMPLE_BRANCH_MAX_SHIFT = 0x13
+ PERF_SAMPLE_BRANCH_COUNTERS = 0x80000
+ PERF_SAMPLE_BRANCH_MAX_SHIFT = 0x14
PERF_SAMPLE_BRANCH_USER = 0x1
PERF_SAMPLE_BRANCH_KERNEL = 0x2
PERF_SAMPLE_BRANCH_HV = 0x4
@@ -1185,7 +1228,7 @@ const (
PERF_SAMPLE_BRANCH_TYPE_SAVE = 0x10000
PERF_SAMPLE_BRANCH_HW_INDEX = 0x20000
PERF_SAMPLE_BRANCH_PRIV_SAVE = 0x40000
- PERF_SAMPLE_BRANCH_MAX = 0x80000
+ PERF_SAMPLE_BRANCH_MAX = 0x100000
PERF_BR_UNKNOWN = 0x0
PERF_BR_COND = 0x1
PERF_BR_UNCOND = 0x2
@@ -1546,6 +1589,7 @@ const (
IFLA_DEVLINK_PORT = 0x3e
IFLA_GSO_IPV4_MAX_SIZE = 0x3f
IFLA_GRO_IPV4_MAX_SIZE = 0x40
+ IFLA_DPLL_PIN = 0x41
IFLA_PROTO_DOWN_REASON_UNSPEC = 0x0
IFLA_PROTO_DOWN_REASON_MASK = 0x1
IFLA_PROTO_DOWN_REASON_VALUE = 0x2
@@ -1561,6 +1605,7 @@ const (
IFLA_INET6_ICMP6STATS = 0x6
IFLA_INET6_TOKEN = 0x7
IFLA_INET6_ADDR_GEN_MODE = 0x8
+ IFLA_INET6_RA_MTU = 0x9
IFLA_BR_UNSPEC = 0x0
IFLA_BR_FORWARD_DELAY = 0x1
IFLA_BR_HELLO_TIME = 0x2
@@ -1608,6 +1653,9 @@ const (
IFLA_BR_MCAST_MLD_VERSION = 0x2c
IFLA_BR_VLAN_STATS_PER_PORT = 0x2d
IFLA_BR_MULTI_BOOLOPT = 0x2e
+ IFLA_BR_MCAST_QUERIER_STATE = 0x2f
+ IFLA_BR_FDB_N_LEARNED = 0x30
+ IFLA_BR_FDB_MAX_LEARNED = 0x31
IFLA_BRPORT_UNSPEC = 0x0
IFLA_BRPORT_STATE = 0x1
IFLA_BRPORT_PRIORITY = 0x2
@@ -1645,6 +1693,14 @@ const (
IFLA_BRPORT_BACKUP_PORT = 0x22
IFLA_BRPORT_MRP_RING_OPEN = 0x23
IFLA_BRPORT_MRP_IN_OPEN = 0x24
+ IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT = 0x25
+ IFLA_BRPORT_MCAST_EHT_HOSTS_CNT = 0x26
+ IFLA_BRPORT_LOCKED = 0x27
+ IFLA_BRPORT_MAB = 0x28
+ IFLA_BRPORT_MCAST_N_GROUPS = 0x29
+ IFLA_BRPORT_MCAST_MAX_GROUPS = 0x2a
+ IFLA_BRPORT_NEIGH_VLAN_SUPPRESS = 0x2b
+ IFLA_BRPORT_BACKUP_NHID = 0x2c
IFLA_INFO_UNSPEC = 0x0
IFLA_INFO_KIND = 0x1
IFLA_INFO_DATA = 0x2
@@ -1666,6 +1722,9 @@ const (
IFLA_MACVLAN_MACADDR = 0x4
IFLA_MACVLAN_MACADDR_DATA = 0x5
IFLA_MACVLAN_MACADDR_COUNT = 0x6
+ IFLA_MACVLAN_BC_QUEUE_LEN = 0x7
+ IFLA_MACVLAN_BC_QUEUE_LEN_USED = 0x8
+ IFLA_MACVLAN_BC_CUTOFF = 0x9
IFLA_VRF_UNSPEC = 0x0
IFLA_VRF_TABLE = 0x1
IFLA_VRF_PORT_UNSPEC = 0x0
@@ -1689,9 +1748,16 @@ const (
IFLA_XFRM_UNSPEC = 0x0
IFLA_XFRM_LINK = 0x1
IFLA_XFRM_IF_ID = 0x2
+ IFLA_XFRM_COLLECT_METADATA = 0x3
IFLA_IPVLAN_UNSPEC = 0x0
IFLA_IPVLAN_MODE = 0x1
IFLA_IPVLAN_FLAGS = 0x2
+ IFLA_NETKIT_UNSPEC = 0x0
+ IFLA_NETKIT_PEER_INFO = 0x1
+ IFLA_NETKIT_PRIMARY = 0x2
+ IFLA_NETKIT_POLICY = 0x3
+ IFLA_NETKIT_PEER_POLICY = 0x4
+ IFLA_NETKIT_MODE = 0x5
IFLA_VXLAN_UNSPEC = 0x0
IFLA_VXLAN_ID = 0x1
IFLA_VXLAN_GROUP = 0x2
@@ -1722,6 +1788,9 @@ const (
IFLA_VXLAN_GPE = 0x1b
IFLA_VXLAN_TTL_INHERIT = 0x1c
IFLA_VXLAN_DF = 0x1d
+ IFLA_VXLAN_VNIFILTER = 0x1e
+ IFLA_VXLAN_LOCALBYPASS = 0x1f
+ IFLA_VXLAN_LABEL_POLICY = 0x20
IFLA_GENEVE_UNSPEC = 0x0
IFLA_GENEVE_ID = 0x1
IFLA_GENEVE_REMOTE = 0x2
@@ -1736,6 +1805,7 @@ const (
IFLA_GENEVE_LABEL = 0xb
IFLA_GENEVE_TTL_INHERIT = 0xc
IFLA_GENEVE_DF = 0xd
+ IFLA_GENEVE_INNER_PROTO_INHERIT = 0xe
IFLA_BAREUDP_UNSPEC = 0x0
IFLA_BAREUDP_PORT = 0x1
IFLA_BAREUDP_ETHERTYPE = 0x2
@@ -1748,6 +1818,10 @@ const (
IFLA_GTP_FD1 = 0x2
IFLA_GTP_PDP_HASHSIZE = 0x3
IFLA_GTP_ROLE = 0x4
+ IFLA_GTP_CREATE_SOCKETS = 0x5
+ IFLA_GTP_RESTART_COUNT = 0x6
+ IFLA_GTP_LOCAL = 0x7
+ IFLA_GTP_LOCAL6 = 0x8
IFLA_BOND_UNSPEC = 0x0
IFLA_BOND_MODE = 0x1
IFLA_BOND_ACTIVE_SLAVE = 0x2
@@ -1777,6 +1851,10 @@ const (
IFLA_BOND_AD_ACTOR_SYSTEM = 0x1a
IFLA_BOND_TLB_DYNAMIC_LB = 0x1b
IFLA_BOND_PEER_NOTIF_DELAY = 0x1c
+ IFLA_BOND_AD_LACP_ACTIVE = 0x1d
+ IFLA_BOND_MISSED_MAX = 0x1e
+ IFLA_BOND_NS_IP6_TARGET = 0x1f
+ IFLA_BOND_COUPLED_CONTROL = 0x20
IFLA_BOND_AD_INFO_UNSPEC = 0x0
IFLA_BOND_AD_INFO_AGGREGATOR = 0x1
IFLA_BOND_AD_INFO_NUM_PORTS = 0x2
@@ -1792,6 +1870,7 @@ const (
IFLA_BOND_SLAVE_AD_AGGREGATOR_ID = 0x6
IFLA_BOND_SLAVE_AD_ACTOR_OPER_PORT_STATE = 0x7
IFLA_BOND_SLAVE_AD_PARTNER_OPER_PORT_STATE = 0x8
+ IFLA_BOND_SLAVE_PRIO = 0x9
IFLA_VF_INFO_UNSPEC = 0x0
IFLA_VF_INFO = 0x1
IFLA_VF_UNSPEC = 0x0
@@ -1844,14 +1923,23 @@ const (
IFLA_HSR_SEQ_NR = 0x5
IFLA_HSR_VERSION = 0x6
IFLA_HSR_PROTOCOL = 0x7
+ IFLA_HSR_INTERLINK = 0x8
IFLA_STATS_UNSPEC = 0x0
IFLA_STATS_LINK_64 = 0x1
IFLA_STATS_LINK_XSTATS = 0x2
IFLA_STATS_LINK_XSTATS_SLAVE = 0x3
IFLA_STATS_LINK_OFFLOAD_XSTATS = 0x4
IFLA_STATS_AF_SPEC = 0x5
+ IFLA_STATS_GETSET_UNSPEC = 0x0
+ IFLA_STATS_GET_FILTERS = 0x1
+ IFLA_STATS_SET_OFFLOAD_XSTATS_L3_STATS = 0x2
IFLA_OFFLOAD_XSTATS_UNSPEC = 0x0
IFLA_OFFLOAD_XSTATS_CPU_HIT = 0x1
+ IFLA_OFFLOAD_XSTATS_HW_S_INFO = 0x2
+ IFLA_OFFLOAD_XSTATS_L3_STATS = 0x3
+ IFLA_OFFLOAD_XSTATS_HW_S_INFO_UNSPEC = 0x0
+ IFLA_OFFLOAD_XSTATS_HW_S_INFO_REQUEST = 0x1
+ IFLA_OFFLOAD_XSTATS_HW_S_INFO_USED = 0x2
IFLA_XDP_UNSPEC = 0x0
IFLA_XDP_FD = 0x1
IFLA_XDP_ATTACHED = 0x2
@@ -1881,6 +1969,20 @@ const (
IFLA_RMNET_UNSPEC = 0x0
IFLA_RMNET_MUX_ID = 0x1
IFLA_RMNET_FLAGS = 0x2
+ IFLA_MCTP_UNSPEC = 0x0
+ IFLA_MCTP_NET = 0x1
+ IFLA_DSA_UNSPEC = 0x0
+ IFLA_DSA_CONDUIT = 0x1
+ IFLA_DSA_MASTER = 0x1
+)
+
+const (
+ NETKIT_NEXT = -0x1
+ NETKIT_PASS = 0x0
+ NETKIT_DROP = 0x2
+ NETKIT_REDIRECT = 0x7
+ NETKIT_L2 = 0x0
+ NETKIT_L3 = 0x1
)
const (
@@ -2417,6 +2519,15 @@ type XDPMmapOffsets struct {
Cr XDPRingOffset
}
+type XDPUmemReg struct {
+ Addr uint64
+ Len uint64
+ Size uint32
+ Headroom uint32
+ Flags uint32
+ Tx_metadata_len uint32
+}
+
type XDPStatistics struct {
Rx_dropped uint64
Rx_invalid_descs uint64
@@ -2483,8 +2594,8 @@ const (
SOF_TIMESTAMPING_BIND_PHC = 0x8000
SOF_TIMESTAMPING_OPT_ID_TCP = 0x10000
- SOF_TIMESTAMPING_LAST = 0x10000
- SOF_TIMESTAMPING_MASK = 0x1ffff
+ SOF_TIMESTAMPING_LAST = 0x20000
+ SOF_TIMESTAMPING_MASK = 0x3ffff
SCM_TSTAMP_SND = 0x0
SCM_TSTAMP_SCHED = 0x1
@@ -2671,6 +2782,7 @@ const (
BPF_PROG_TYPE_LSM = 0x1d
BPF_PROG_TYPE_SK_LOOKUP = 0x1e
BPF_PROG_TYPE_SYSCALL = 0x1f
+ BPF_PROG_TYPE_NETFILTER = 0x20
BPF_CGROUP_INET_INGRESS = 0x0
BPF_CGROUP_INET_EGRESS = 0x1
BPF_CGROUP_INET_SOCK_CREATE = 0x2
@@ -2715,6 +2827,11 @@ const (
BPF_PERF_EVENT = 0x29
BPF_TRACE_KPROBE_MULTI = 0x2a
BPF_LSM_CGROUP = 0x2b
+ BPF_STRUCT_OPS = 0x2c
+ BPF_NETFILTER = 0x2d
+ BPF_TCX_INGRESS = 0x2e
+ BPF_TCX_EGRESS = 0x2f
+ BPF_TRACE_UPROBE_MULTI = 0x30
BPF_LINK_TYPE_UNSPEC = 0x0
BPF_LINK_TYPE_RAW_TRACEPOINT = 0x1
BPF_LINK_TYPE_TRACING = 0x2
@@ -2725,6 +2842,18 @@ const (
BPF_LINK_TYPE_PERF_EVENT = 0x7
BPF_LINK_TYPE_KPROBE_MULTI = 0x8
BPF_LINK_TYPE_STRUCT_OPS = 0x9
+ BPF_LINK_TYPE_NETFILTER = 0xa
+ BPF_LINK_TYPE_TCX = 0xb
+ BPF_LINK_TYPE_UPROBE_MULTI = 0xc
+ BPF_PERF_EVENT_UNSPEC = 0x0
+ BPF_PERF_EVENT_UPROBE = 0x1
+ BPF_PERF_EVENT_URETPROBE = 0x2
+ BPF_PERF_EVENT_KPROBE = 0x3
+ BPF_PERF_EVENT_KRETPROBE = 0x4
+ BPF_PERF_EVENT_TRACEPOINT = 0x5
+ BPF_PERF_EVENT_EVENT = 0x6
+ BPF_F_KPROBE_MULTI_RETURN = 0x1
+ BPF_F_UPROBE_MULTI_RETURN = 0x1
BPF_ANY = 0x0
BPF_NOEXIST = 0x1
BPF_EXIST = 0x2
@@ -2742,6 +2871,8 @@ const (
BPF_F_MMAPABLE = 0x400
BPF_F_PRESERVE_ELEMS = 0x800
BPF_F_INNER_MAP = 0x1000
+ BPF_F_LINK = 0x2000
+ BPF_F_PATH_FD = 0x4000
BPF_STATS_RUN_TIME = 0x0
BPF_STACK_BUILD_ID_EMPTY = 0x0
BPF_STACK_BUILD_ID_VALID = 0x1
@@ -2762,6 +2893,7 @@ const (
BPF_F_ZERO_CSUM_TX = 0x2
BPF_F_DONT_FRAGMENT = 0x4
BPF_F_SEQ_NUMBER = 0x8
+ BPF_F_NO_TUNNEL_KEY = 0x10
BPF_F_TUNINFO_FLAGS = 0x10
BPF_F_INDEX_MASK = 0xffffffff
BPF_F_CURRENT_CPU = 0xffffffff
@@ -2778,6 +2910,8 @@ const (
BPF_F_ADJ_ROOM_ENCAP_L4_UDP = 0x10
BPF_F_ADJ_ROOM_NO_CSUM_RESET = 0x20
BPF_F_ADJ_ROOM_ENCAP_L2_ETH = 0x40
+ BPF_F_ADJ_ROOM_DECAP_L3_IPV4 = 0x80
+ BPF_F_ADJ_ROOM_DECAP_L3_IPV6 = 0x100
BPF_ADJ_ROOM_ENCAP_L2_MASK = 0xff
BPF_ADJ_ROOM_ENCAP_L2_SHIFT = 0x38
BPF_F_SYSCTL_BASE_NAME = 0x1
@@ -2848,7 +2982,7 @@ const (
BPF_TCP_LISTEN = 0xa
BPF_TCP_CLOSING = 0xb
BPF_TCP_NEW_SYN_RECV = 0xc
- BPF_TCP_MAX_STATES = 0xd
+ BPF_TCP_MAX_STATES = 0xe
TCP_BPF_IW = 0x3e9
TCP_BPF_SNDCWND_CLAMP = 0x3ea
TCP_BPF_DELACK_MAX = 0x3eb
@@ -2866,6 +3000,8 @@ const (
BPF_DEVCG_DEV_CHAR = 0x2
BPF_FIB_LOOKUP_DIRECT = 0x1
BPF_FIB_LOOKUP_OUTPUT = 0x2
+ BPF_FIB_LOOKUP_SKIP_NEIGH = 0x4
+ BPF_FIB_LOOKUP_TBID = 0x8
BPF_FIB_LKUP_RET_SUCCESS = 0x0
BPF_FIB_LKUP_RET_BLACKHOLE = 0x1
BPF_FIB_LKUP_RET_UNREACHABLE = 0x2
@@ -2901,6 +3037,7 @@ const (
BPF_CORE_ENUMVAL_EXISTS = 0xa
BPF_CORE_ENUMVAL_VALUE = 0xb
BPF_CORE_TYPE_MATCHES = 0xc
+ BPF_F_TIMER_ABS = 0x1
)
const (
@@ -2979,6 +3116,12 @@ type LoopInfo64 struct {
Encrypt_key [32]uint8
Init [2]uint64
}
+type LoopConfig struct {
+ Fd uint32
+ Size uint32
+ Info LoopInfo64
+ _ [8]uint64
+}
type TIPCSocketAddr struct {
Ref uint32
@@ -3115,7 +3258,7 @@ const (
DEVLINK_CMD_LINECARD_NEW = 0x50
DEVLINK_CMD_LINECARD_DEL = 0x51
DEVLINK_CMD_SELFTESTS_GET = 0x52
- DEVLINK_CMD_MAX = 0x53
+ DEVLINK_CMD_MAX = 0x54
DEVLINK_PORT_TYPE_NOTSET = 0x0
DEVLINK_PORT_TYPE_AUTO = 0x1
DEVLINK_PORT_TYPE_ETH = 0x2
@@ -3367,7 +3510,7 @@ const (
DEVLINK_PORT_FN_ATTR_STATE = 0x2
DEVLINK_PORT_FN_ATTR_OPSTATE = 0x3
DEVLINK_PORT_FN_ATTR_CAPS = 0x4
- DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x4
+ DEVLINK_PORT_FUNCTION_ATTR_MAX = 0x6
)
type FsverityDigest struct {
@@ -3398,7 +3541,7 @@ type Nhmsg struct {
type NexthopGrp struct {
Id uint32
Weight uint8
- Resvd1 uint8
+ High uint8
Resvd2 uint16
}
@@ -3659,7 +3802,7 @@ const (
ETHTOOL_MSG_PSE_GET = 0x24
ETHTOOL_MSG_PSE_SET = 0x25
ETHTOOL_MSG_RSS_GET = 0x26
- ETHTOOL_MSG_USER_MAX = 0x2b
+ ETHTOOL_MSG_USER_MAX = 0x2d
ETHTOOL_MSG_KERNEL_NONE = 0x0
ETHTOOL_MSG_STRSET_GET_REPLY = 0x1
ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2
@@ -3699,12 +3842,15 @@ const (
ETHTOOL_MSG_MODULE_NTF = 0x24
ETHTOOL_MSG_PSE_GET_REPLY = 0x25
ETHTOOL_MSG_RSS_GET_REPLY = 0x26
- ETHTOOL_MSG_KERNEL_MAX = 0x2b
+ ETHTOOL_MSG_KERNEL_MAX = 0x2e
+ ETHTOOL_FLAG_COMPACT_BITSETS = 0x1
+ ETHTOOL_FLAG_OMIT_REPLY = 0x2
+ ETHTOOL_FLAG_STATS = 0x4
ETHTOOL_A_HEADER_UNSPEC = 0x0
ETHTOOL_A_HEADER_DEV_INDEX = 0x1
ETHTOOL_A_HEADER_DEV_NAME = 0x2
ETHTOOL_A_HEADER_FLAGS = 0x3
- ETHTOOL_A_HEADER_MAX = 0x3
+ ETHTOOL_A_HEADER_MAX = 0x4
ETHTOOL_A_BITSET_BIT_UNSPEC = 0x0
ETHTOOL_A_BITSET_BIT_INDEX = 0x1
ETHTOOL_A_BITSET_BIT_NAME = 0x2
@@ -3841,7 +3987,7 @@ const (
ETHTOOL_A_COALESCE_RATE_SAMPLE_INTERVAL = 0x17
ETHTOOL_A_COALESCE_USE_CQE_MODE_TX = 0x18
ETHTOOL_A_COALESCE_USE_CQE_MODE_RX = 0x19
- ETHTOOL_A_COALESCE_MAX = 0x1c
+ ETHTOOL_A_COALESCE_MAX = 0x1e
ETHTOOL_A_PAUSE_UNSPEC = 0x0
ETHTOOL_A_PAUSE_HEADER = 0x1
ETHTOOL_A_PAUSE_AUTONEG = 0x2
@@ -3869,7 +4015,7 @@ const (
ETHTOOL_A_TSINFO_TX_TYPES = 0x3
ETHTOOL_A_TSINFO_RX_FILTERS = 0x4
ETHTOOL_A_TSINFO_PHC_INDEX = 0x5
- ETHTOOL_A_TSINFO_MAX = 0x5
+ ETHTOOL_A_TSINFO_MAX = 0x6
ETHTOOL_A_CABLE_TEST_UNSPEC = 0x0
ETHTOOL_A_CABLE_TEST_HEADER = 0x1
ETHTOOL_A_CABLE_TEST_MAX = 0x1
@@ -3885,11 +4031,11 @@ const (
ETHTOOL_A_CABLE_RESULT_UNSPEC = 0x0
ETHTOOL_A_CABLE_RESULT_PAIR = 0x1
ETHTOOL_A_CABLE_RESULT_CODE = 0x2
- ETHTOOL_A_CABLE_RESULT_MAX = 0x2
+ ETHTOOL_A_CABLE_RESULT_MAX = 0x3
ETHTOOL_A_CABLE_FAULT_LENGTH_UNSPEC = 0x0
ETHTOOL_A_CABLE_FAULT_LENGTH_PAIR = 0x1
ETHTOOL_A_CABLE_FAULT_LENGTH_CM = 0x2
- ETHTOOL_A_CABLE_FAULT_LENGTH_MAX = 0x2
+ ETHTOOL_A_CABLE_FAULT_LENGTH_MAX = 0x3
ETHTOOL_A_CABLE_TEST_NTF_STATUS_UNSPEC = 0x0
ETHTOOL_A_CABLE_TEST_NTF_STATUS_STARTED = 0x1
ETHTOOL_A_CABLE_TEST_NTF_STATUS_COMPLETED = 0x2
@@ -3972,6 +4118,107 @@ type EthtoolDrvinfo struct {
Regdump_len uint32
}
+type EthtoolTsInfo struct {
+ Cmd uint32
+ So_timestamping uint32
+ Phc_index int32
+ Tx_types uint32
+ Tx_reserved [3]uint32
+ Rx_filters uint32
+ Rx_reserved [3]uint32
+}
+
+type HwTstampConfig struct {
+ Flags int32
+ Tx_type int32
+ Rx_filter int32
+}
+
+const (
+ HWTSTAMP_FILTER_NONE = 0x0
+ HWTSTAMP_FILTER_ALL = 0x1
+ HWTSTAMP_FILTER_SOME = 0x2
+ HWTSTAMP_FILTER_PTP_V1_L4_EVENT = 0x3
+ HWTSTAMP_FILTER_PTP_V2_L4_EVENT = 0x6
+ HWTSTAMP_FILTER_PTP_V2_L2_EVENT = 0x9
+ HWTSTAMP_FILTER_PTP_V2_EVENT = 0xc
+)
+
+const (
+ HWTSTAMP_TX_OFF = 0x0
+ HWTSTAMP_TX_ON = 0x1
+ HWTSTAMP_TX_ONESTEP_SYNC = 0x2
+)
+
+type (
+ PtpClockCaps struct {
+ Max_adj int32
+ N_alarm int32
+ N_ext_ts int32
+ N_per_out int32
+ Pps int32
+ N_pins int32
+ Cross_timestamping int32
+ Adjust_phase int32
+ Max_phase_adj int32
+ Rsv [11]int32
+ }
+ PtpClockTime struct {
+ Sec int64
+ Nsec uint32
+ Reserved uint32
+ }
+ PtpExttsEvent struct {
+ T PtpClockTime
+ Index uint32
+ Flags uint32
+ Rsv [2]uint32
+ }
+ PtpExttsRequest struct {
+ Index uint32
+ Flags uint32
+ Rsv [2]uint32
+ }
+ PtpPeroutRequest struct {
+ StartOrPhase PtpClockTime
+ Period PtpClockTime
+ Index uint32
+ Flags uint32
+ On PtpClockTime
+ }
+ PtpPinDesc struct {
+ Name [64]byte
+ Index uint32
+ Func uint32
+ Chan uint32
+ Rsv [5]uint32
+ }
+ PtpSysOffset struct {
+ Samples uint32
+ Rsv [3]uint32
+ Ts [51]PtpClockTime
+ }
+ PtpSysOffsetExtended struct {
+ Samples uint32
+ Clockid int32
+ Rsv [2]uint32
+ Ts [25][3]PtpClockTime
+ }
+ PtpSysOffsetPrecise struct {
+ Device PtpClockTime
+ Realtime PtpClockTime
+ Monoraw PtpClockTime
+ Rsv [4]uint32
+ }
+)
+
+const (
+ PTP_PF_NONE = 0x0
+ PTP_PF_EXTTS = 0x1
+ PTP_PF_PEROUT = 0x2
+ PTP_PF_PHYSYNC = 0x3
+)
+
type (
HIDRawReportDescriptor struct {
Size uint32
@@ -4151,7 +4398,9 @@ const (
)
type LandlockRulesetAttr struct {
- Access_fs uint64
+ Access_fs uint64
+ Access_net uint64
+ Scoped uint64
}
type LandlockPathBeneathAttr struct {
@@ -4498,7 +4747,7 @@ const (
NL80211_ATTR_MAC_HINT = 0xc8
NL80211_ATTR_MAC_MASK = 0xd7
NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca
- NL80211_ATTR_MAX = 0x146
+ NL80211_ATTR_MAX = 0x14c
NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4
NL80211_ATTR_MAX_CSA_COUNTERS = 0xce
NL80211_ATTR_MAX_MATCH_SETS = 0x85
@@ -4764,7 +5013,7 @@ const (
NL80211_BSS_FREQUENCY_OFFSET = 0x14
NL80211_BSS_INFORMATION_ELEMENTS = 0x6
NL80211_BSS_LAST_SEEN_BOOTTIME = 0xf
- NL80211_BSS_MAX = 0x16
+ NL80211_BSS_MAX = 0x18
NL80211_BSS_MLD_ADDR = 0x16
NL80211_BSS_MLO_LINK_ID = 0x15
NL80211_BSS_PAD = 0x10
@@ -4868,7 +5117,7 @@ const (
NL80211_CMD_LEAVE_IBSS = 0x2c
NL80211_CMD_LEAVE_MESH = 0x45
NL80211_CMD_LEAVE_OCB = 0x6d
- NL80211_CMD_MAX = 0x9a
+ NL80211_CMD_MAX = 0x9b
NL80211_CMD_MICHAEL_MIC_FAILURE = 0x29
NL80211_CMD_MODIFY_LINK_STA = 0x97
NL80211_CMD_NAN_MATCH = 0x78
@@ -5102,7 +5351,7 @@ const (
NL80211_FREQUENCY_ATTR_GO_CONCURRENT = 0xf
NL80211_FREQUENCY_ATTR_INDOOR_ONLY = 0xe
NL80211_FREQUENCY_ATTR_IR_CONCURRENT = 0xf
- NL80211_FREQUENCY_ATTR_MAX = 0x1b
+ NL80211_FREQUENCY_ATTR_MAX = 0x21
NL80211_FREQUENCY_ATTR_MAX_TX_POWER = 0x6
NL80211_FREQUENCY_ATTR_NO_10MHZ = 0x11
NL80211_FREQUENCY_ATTR_NO_160MHZ = 0xc
@@ -5515,7 +5764,7 @@ const (
NL80211_REGDOM_TYPE_CUSTOM_WORLD = 0x2
NL80211_REGDOM_TYPE_INTERSECTION = 0x3
NL80211_REGDOM_TYPE_WORLD = 0x1
- NL80211_REG_RULE_ATTR_MAX = 0x7
+ NL80211_REG_RULE_ATTR_MAX = 0x8
NL80211_REKEY_DATA_AKM = 0x4
NL80211_REKEY_DATA_KCK = 0x2
NL80211_REKEY_DATA_KEK = 0x1
@@ -5596,7 +5845,7 @@ const (
NL80211_STA_FLAG_ASSOCIATED = 0x7
NL80211_STA_FLAG_AUTHENTICATED = 0x5
NL80211_STA_FLAG_AUTHORIZED = 0x1
- NL80211_STA_FLAG_MAX = 0x7
+ NL80211_STA_FLAG_MAX = 0x8
NL80211_STA_FLAG_MAX_OLD_API = 0x6
NL80211_STA_FLAG_MFP = 0x4
NL80211_STA_FLAG_SHORT_PREAMBLE = 0x2
@@ -5894,3 +6143,34 @@ type CachestatRange struct {
Off uint64
Len uint64
}
+
+const (
+ SK_MEMINFO_RMEM_ALLOC = 0x0
+ SK_MEMINFO_RCVBUF = 0x1
+ SK_MEMINFO_WMEM_ALLOC = 0x2
+ SK_MEMINFO_SNDBUF = 0x3
+ SK_MEMINFO_FWD_ALLOC = 0x4
+ SK_MEMINFO_WMEM_QUEUED = 0x5
+ SK_MEMINFO_OPTMEM = 0x6
+ SK_MEMINFO_BACKLOG = 0x7
+ SK_MEMINFO_DROPS = 0x8
+ SK_MEMINFO_VARS = 0x9
+ SKNLGRP_NONE = 0x0
+ SKNLGRP_INET_TCP_DESTROY = 0x1
+ SKNLGRP_INET_UDP_DESTROY = 0x2
+ SKNLGRP_INET6_TCP_DESTROY = 0x3
+ SKNLGRP_INET6_UDP_DESTROY = 0x4
+ SK_DIAG_BPF_STORAGE_REQ_NONE = 0x0
+ SK_DIAG_BPF_STORAGE_REQ_MAP_FD = 0x1
+ SK_DIAG_BPF_STORAGE_REP_NONE = 0x0
+ SK_DIAG_BPF_STORAGE = 0x1
+ SK_DIAG_BPF_STORAGE_NONE = 0x0
+ SK_DIAG_BPF_STORAGE_PAD = 0x1
+ SK_DIAG_BPF_STORAGE_MAP_ID = 0x2
+ SK_DIAG_BPF_STORAGE_MAP_VALUE = 0x3
+)
+
+type SockDiagReq struct {
+ Family uint8
+ Protocol uint8
+}
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
index 438a30affadcb25dd0c763832d080d9844a174d0..fd402da43fce18a993f6ec554d7936594abbeedf 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
@@ -477,14 +477,6 @@ const (
BLKPG = 0x1269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
-}
-
type CryptoUserAlg struct {
Name [64]int8
Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
index adceca3553b6ed1d5586339b4392adfd8ca463f6..eb7a5e1864adae057314f1a4007adcabe376a202 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
@@ -492,15 +492,6 @@ const (
BLKPG = 0x1269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
- _ [4]byte
-}
-
type CryptoUserAlg struct {
Name [64]int8
Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
index eeaa00a37d69f7e739be7e645ed300915979974b..d78ac108b6c263fa7466ced80303c7838745d75a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
@@ -470,15 +470,6 @@ const (
BLKPG = 0x1269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
- _ [4]byte
-}
-
type CryptoUserAlg struct {
Name [64]uint8
Driver_name [64]uint8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
index 6739aa91d4e27c67f72323955a0f16fe0e7261ef..cd06d47f1f7c76e70ca481f25b17aa5b3c0b0c02 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
@@ -471,15 +471,6 @@ const (
BLKPG = 0x1269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
- _ [4]byte
-}
-
type CryptoUserAlg struct {
Name [64]int8
Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
index 9920ef6317d03dec6f26632f258cf5ff76c5eea6..2f28fe26c1a533d7d5b988c6615163e0c26d3c15 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
@@ -472,15 +472,6 @@ const (
BLKPG = 0x1269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
- _ [4]byte
-}
-
type CryptoUserAlg struct {
Name [64]int8
Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
index 2923b799a48c9385c8123223ea0783689e2bcae5..71d6cac2f1aabdb4c4d01c529cb81cd1a23d8cf6 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
@@ -476,15 +476,6 @@ const (
BLKPG = 0x20001269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
- _ [4]byte
-}
-
type CryptoUserAlg struct {
Name [64]int8
Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
index ce2750ee415d37bd64eec58634c23c2160a3be78..8596d45356387339625784fe527ce211010f5177 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
@@ -474,15 +474,6 @@ const (
BLKPG = 0x20001269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
- _ [4]byte
-}
-
type CryptoUserAlg struct {
Name [64]int8
Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
index 3038811d70bb947ccda2f9568fd60c54808079ec..cd60ea18662bfc9389fc47b21247438f8ae066b4 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
@@ -474,15 +474,6 @@ const (
BLKPG = 0x20001269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
- _ [4]byte
-}
-
type CryptoUserAlg struct {
Name [64]int8
Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
index efc6fed18c1fac6037be6bc6729ab07afe053255..b0ae420c489d6bbd779af1654ce3c8de9456a03f 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
@@ -476,15 +476,6 @@ const (
BLKPG = 0x20001269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
- _ [4]byte
-}
-
type CryptoUserAlg struct {
Name [64]int8
Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
index 9a654b75a90fd137ae46629944c9c98c67ea0f81..8359728759bcfd3056781eea34bda15f2baad939 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
@@ -482,15 +482,6 @@ const (
BLKPG = 0x20001269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
- _ [4]byte
-}
-
type CryptoUserAlg struct {
Name [64]uint8
Driver_name [64]uint8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
index 40d358e33e31557010b7db45fd81c9ba5eeac367..69eb6a5c6892f527b6bdac2424915de142d6125c 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
@@ -481,15 +481,6 @@ const (
BLKPG = 0x20001269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
- _ [4]byte
-}
-
type CryptoUserAlg struct {
Name [64]uint8
Driver_name [64]uint8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
index 148c6ceb869c0eb698fc916420f30f75e33d568f..5f583cb62bf304c9d82386aad07e8c481df6183b 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
@@ -481,15 +481,6 @@ const (
BLKPG = 0x20001269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
- _ [4]byte
-}
-
type CryptoUserAlg struct {
Name [64]uint8
Driver_name [64]uint8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
index 72ba81543ef725a07943823fe96cab672ddbdfdb..ad05b51a60364994ecb52341160202a800f98ddc 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
@@ -499,15 +499,6 @@ const (
BLKPG = 0x1269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
- _ [4]byte
-}
-
type CryptoUserAlg struct {
Name [64]uint8
Driver_name [64]uint8
@@ -736,6 +727,37 @@ const (
RISCV_HWPROBE_EXT_ZBA = 0x8
RISCV_HWPROBE_EXT_ZBB = 0x10
RISCV_HWPROBE_EXT_ZBS = 0x20
+ RISCV_HWPROBE_EXT_ZICBOZ = 0x40
+ RISCV_HWPROBE_EXT_ZBC = 0x80
+ RISCV_HWPROBE_EXT_ZBKB = 0x100
+ RISCV_HWPROBE_EXT_ZBKC = 0x200
+ RISCV_HWPROBE_EXT_ZBKX = 0x400
+ RISCV_HWPROBE_EXT_ZKND = 0x800
+ RISCV_HWPROBE_EXT_ZKNE = 0x1000
+ RISCV_HWPROBE_EXT_ZKNH = 0x2000
+ RISCV_HWPROBE_EXT_ZKSED = 0x4000
+ RISCV_HWPROBE_EXT_ZKSH = 0x8000
+ RISCV_HWPROBE_EXT_ZKT = 0x10000
+ RISCV_HWPROBE_EXT_ZVBB = 0x20000
+ RISCV_HWPROBE_EXT_ZVBC = 0x40000
+ RISCV_HWPROBE_EXT_ZVKB = 0x80000
+ RISCV_HWPROBE_EXT_ZVKG = 0x100000
+ RISCV_HWPROBE_EXT_ZVKNED = 0x200000
+ RISCV_HWPROBE_EXT_ZVKNHA = 0x400000
+ RISCV_HWPROBE_EXT_ZVKNHB = 0x800000
+ RISCV_HWPROBE_EXT_ZVKSED = 0x1000000
+ RISCV_HWPROBE_EXT_ZVKSH = 0x2000000
+ RISCV_HWPROBE_EXT_ZVKT = 0x4000000
+ RISCV_HWPROBE_EXT_ZFH = 0x8000000
+ RISCV_HWPROBE_EXT_ZFHMIN = 0x10000000
+ RISCV_HWPROBE_EXT_ZIHINTNTL = 0x20000000
+ RISCV_HWPROBE_EXT_ZVFH = 0x40000000
+ RISCV_HWPROBE_EXT_ZVFHMIN = 0x80000000
+ RISCV_HWPROBE_EXT_ZFA = 0x100000000
+ RISCV_HWPROBE_EXT_ZTSO = 0x200000000
+ RISCV_HWPROBE_EXT_ZACAS = 0x400000000
+ RISCV_HWPROBE_EXT_ZICOND = 0x800000000
+ RISCV_HWPROBE_EXT_ZIHINTPAUSE = 0x1000000000
RISCV_HWPROBE_KEY_CPUPERF_0 = 0x5
RISCV_HWPROBE_MISALIGNED_UNKNOWN = 0x0
RISCV_HWPROBE_MISALIGNED_EMULATED = 0x1
@@ -743,4 +765,6 @@ const (
RISCV_HWPROBE_MISALIGNED_FAST = 0x3
RISCV_HWPROBE_MISALIGNED_UNSUPPORTED = 0x4
RISCV_HWPROBE_MISALIGNED_MASK = 0x7
+ RISCV_HWPROBE_KEY_ZICBOZ_BLOCK_SIZE = 0x6
+ RISCV_HWPROBE_WHICH_CPUS = 0x1
)
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
index 71e765508e26c231af6e3c5173643201f53e1620..cf3ce90037704d303eadbfebdb87edb0de4c3d6a 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
@@ -495,15 +495,6 @@ const (
BLKPG = 0x1269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
- _ [4]byte
-}
-
type CryptoUserAlg struct {
Name [64]int8
Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
index 4abbdb9de93286151834017227c5a59588acc01f..590b56739c5b3356de134089d3c26e64f8f5dd95 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
@@ -476,15 +476,6 @@ const (
BLKPG = 0x20001269
)
-type XDPUmemReg struct {
- Addr uint64
- Len uint64
- Size uint32
- Headroom uint32
- Flags uint32
- _ [4]byte
-}
-
type CryptoUserAlg struct {
Name [64]int8
Driver_name [64]int8
diff --git a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
index 54f31be6373720e01725ca06b357104c482a46c3..2e5d5a44357a2e2ae04c8a406d8b89f0042968a9 100644
--- a/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
+++ b/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
@@ -25,10 +25,13 @@ const (
SizeofIPv6Mreq = 20
SizeofICMPv6Filter = 32
SizeofIPv6MTUInfo = 32
+ SizeofInet4Pktinfo = 8
+ SizeofInet6Pktinfo = 20
SizeofLinger = 8
SizeofSockaddrInet4 = 16
SizeofSockaddrInet6 = 28
SizeofTCPInfo = 0x68
+ SizeofUcred = 12
)
type (
@@ -69,12 +72,17 @@ type Utimbuf struct {
}
type Utsname struct {
- Sysname [65]byte
- Nodename [65]byte
- Release [65]byte
- Version [65]byte
- Machine [65]byte
- Domainname [65]byte
+ Sysname [16]byte
+ Nodename [32]byte
+ Release [8]byte
+ Version [8]byte
+ Machine [16]byte
+}
+
+type Ucred struct {
+ Pid int32
+ Uid uint32
+ Gid uint32
}
type RawSockaddrInet4 struct {
@@ -325,7 +333,7 @@ type Statvfs_t struct {
}
type Statfs_t struct {
- Type uint32
+ Type uint64
Bsize uint64
Blocks uint64
Bfree uint64
@@ -336,6 +344,7 @@ type Statfs_t struct {
Namelen uint64
Frsize uint64
Flags uint64
+ _ [4]uint64
}
type direntLE struct {
@@ -368,6 +377,12 @@ type Flock_t struct {
Pid int32
}
+type F_cnvrt struct {
+ Cvtcmd int32
+ Pccsid int16
+ Fccsid int16
+}
+
type Termios struct {
Cflag uint32
Iflag uint32
@@ -412,3 +427,126 @@ type W_Mntent struct {
Quiesceowner [8]byte
_ [38]byte
}
+
+type EpollEvent struct {
+ Events uint32
+ _ int32
+ Fd int32
+ Pad int32
+}
+
+type InotifyEvent struct {
+ Wd int32
+ Mask uint32
+ Cookie uint32
+ Len uint32
+ Name string
+}
+
+const (
+ SizeofInotifyEvent = 0x10
+)
+
+type ConsMsg2 struct {
+ Cm2Format uint16
+ Cm2R1 uint16
+ Cm2Msglength uint32
+ Cm2Msg *byte
+ Cm2R2 [4]byte
+ Cm2R3 [4]byte
+ Cm2Routcde *uint32
+ Cm2Descr *uint32
+ Cm2Msgflag uint32
+ Cm2Token uint32
+ Cm2Msgid *uint32
+ Cm2R4 [4]byte
+ Cm2DomToken uint32
+ Cm2DomMsgid *uint32
+ Cm2ModCartptr *byte
+ Cm2ModConsidptr *byte
+ Cm2MsgCart [8]byte
+ Cm2MsgConsid [4]byte
+ Cm2R5 [12]byte
+}
+
+const (
+ CC_modify = 1
+ CC_stop = 2
+ CONSOLE_FORMAT_2 = 2
+ CONSOLE_FORMAT_3 = 3
+ CONSOLE_HRDCPY = 0x80000000
+)
+
+type OpenHow struct {
+ Flags uint64
+ Mode uint64
+ Resolve uint64
+}
+
+const SizeofOpenHow = 0x18
+
+const (
+ RESOLVE_CACHED = 0x20
+ RESOLVE_BENEATH = 0x8
+ RESOLVE_IN_ROOT = 0x10
+ RESOLVE_NO_MAGICLINKS = 0x2
+ RESOLVE_NO_SYMLINKS = 0x4
+ RESOLVE_NO_XDEV = 0x1
+)
+
+type Siginfo struct {
+ Signo int32
+ Errno int32
+ Code int32
+ Pid int32
+ Uid uint32
+ _ [44]byte
+}
+
+type SysvIpcPerm struct {
+ Uid uint32
+ Gid uint32
+ Cuid uint32
+ Cgid uint32
+ Mode int32
+}
+
+type SysvShmDesc struct {
+ Perm SysvIpcPerm
+ _ [4]byte
+ Lpid int32
+ Cpid int32
+ Nattch uint32
+ _ [4]byte
+ _ [4]byte
+ _ [4]byte
+ _ int32
+ _ uint8
+ _ uint8
+ _ uint16
+ _ *byte
+ Segsz uint64
+ Atime Time_t
+ Dtime Time_t
+ Ctime Time_t
+}
+
+type SysvShmDesc64 struct {
+ Perm SysvIpcPerm
+ _ [4]byte
+ Lpid int32
+ Cpid int32
+ Nattch uint32
+ _ [4]byte
+ _ [4]byte
+ _ [4]byte
+ _ int32
+ _ byte
+ _ uint8
+ _ uint16
+ _ *byte
+ Segsz uint64
+ Atime int64
+ Dtime int64
+ Ctime int64
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index d0e3f1946d3e67abb8da33123138ea1c954cc795..6cca0932f9c0a8a3d4b7acd25b96fa80c7be0cb8 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -1,3 +1,42 @@
+# github.com/ProtonMail/go-crypto v1.1.5
+## explicit; go 1.17
+github.com/ProtonMail/go-crypto/bitcurves
+github.com/ProtonMail/go-crypto/brainpool
+github.com/ProtonMail/go-crypto/eax
+github.com/ProtonMail/go-crypto/internal/byteutil
+github.com/ProtonMail/go-crypto/ocb
+github.com/ProtonMail/go-crypto/openpgp
+github.com/ProtonMail/go-crypto/openpgp/aes/keywrap
+github.com/ProtonMail/go-crypto/openpgp/armor
+github.com/ProtonMail/go-crypto/openpgp/clearsign
+github.com/ProtonMail/go-crypto/openpgp/ecdh
+github.com/ProtonMail/go-crypto/openpgp/ecdsa
+github.com/ProtonMail/go-crypto/openpgp/ed25519
+github.com/ProtonMail/go-crypto/openpgp/ed448
+github.com/ProtonMail/go-crypto/openpgp/eddsa
+github.com/ProtonMail/go-crypto/openpgp/elgamal
+github.com/ProtonMail/go-crypto/openpgp/errors
+github.com/ProtonMail/go-crypto/openpgp/internal/algorithm
+github.com/ProtonMail/go-crypto/openpgp/internal/ecc
+github.com/ProtonMail/go-crypto/openpgp/internal/encoding
+github.com/ProtonMail/go-crypto/openpgp/packet
+github.com/ProtonMail/go-crypto/openpgp/s2k
+github.com/ProtonMail/go-crypto/openpgp/x25519
+github.com/ProtonMail/go-crypto/openpgp/x448
+# github.com/cloudflare/circl v1.3.7
+## explicit; go 1.19
+github.com/cloudflare/circl/dh/x25519
+github.com/cloudflare/circl/dh/x448
+github.com/cloudflare/circl/ecc/goldilocks
+github.com/cloudflare/circl/internal/conv
+github.com/cloudflare/circl/internal/sha3
+github.com/cloudflare/circl/math
+github.com/cloudflare/circl/math/fp25519
+github.com/cloudflare/circl/math/fp448
+github.com/cloudflare/circl/math/mlsbset
+github.com/cloudflare/circl/sign
+github.com/cloudflare/circl/sign/ed25519
+github.com/cloudflare/circl/sign/ed448
# github.com/gofrs/flock v0.8.1
## explicit
github.com/gofrs/flock
@@ -16,9 +55,12 @@ github.com/klauspost/compress/zstd/internal/xxhash
# github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8
## explicit
github.com/xi2/xz
-# golang.org/x/crypto v0.15.0
-## explicit; go 1.18
+# golang.org/x/crypto v0.32.0
+## explicit; go 1.20
+golang.org/x/crypto/argon2
+golang.org/x/crypto/blake2b
golang.org/x/crypto/cast5
+golang.org/x/crypto/hkdf
golang.org/x/crypto/openpgp
golang.org/x/crypto/openpgp/armor
golang.org/x/crypto/openpgp/clearsign
@@ -26,8 +68,10 @@ golang.org/x/crypto/openpgp/elgamal
golang.org/x/crypto/openpgp/errors
golang.org/x/crypto/openpgp/packet
golang.org/x/crypto/openpgp/s2k
-# golang.org/x/sys v0.14.0
+golang.org/x/crypto/sha3
+# golang.org/x/sys v0.29.0
## explicit; go 1.18
+golang.org/x/sys/cpu
golang.org/x/sys/unix
# gopkg.in/yaml.v3 v3.0.1
## explicit